Daria Spizheva
FinTech Engineering Writer at INSART
4 June 2019

How Can the Cloud be Useful for FinTech Solutions?

Cloud-based solution architecture makes it possible to work in a mobile environment anywhere in the world. This is crucial in modern realities wherein an increasing number of qualified professionals prefer to work remotely and demand the accessibility to do so. Cloud architecture enables companies to meet these demands by organizing distributed teams.

One of the crucial advantages of a distributed cloud architecture is conveyed in this quote from Ryan Brucker, CTO at Portfolio Pathway, a wealth management automation solution:

“A distributed methodology allows systems to scale horizontally as its clients grow.” –Ryan Brucker

But basic concerns come into the picture, too. Ensuring security, moving clients to the renovated solution, and choosing the right technology are the grey zones of cloud architectures.

According to Mark Worsey, EVP at MyVest, the biggest challenge for his company nowadays is making customers comfortable with legacy platform replacement as they future-proof their technology and business. When it comes to technology, MyVest’s biggest challenge is getting clients comfortable with deploying the application in their production instances in the cloud.

“Sometimes, there is an emotional or irrational security fear of running a financial application in the cloud.” –Mark Worsey

Likewise, Worsey thinks that running everything in the cloud is a huge advantage because it enables horizontally scaling in real-time, making the deployment process so much easier and more cost-effective than capital-intense methods of building data centers and acquiring hardware.

In this article, we strive to help you find the answers to such questions as:

  • Do you or don’t you need a cloud?
  • How do FinTech companies arrange cloud-based projects?
  • How do you make cloud solutions secure and compliant with regulations?
  • And more! Check out a bonus at the end of the article.

Why migrate to the cloud?

An increasing number of companies are considering using the cloud or changing their cloud app platform. Vadym Shvydkyi, Project Manager at INSART, a FinTech engineering company, says that all the projects they run use cloud services one way or another.

“Partnerships often dictate which cloud storages to choose. At one of our projects, CabinetSafe was used until the next following integration. The partner set a range of requirements, which included using two-factor authentication and a higher level of encrypting, so we had to move from CabinetSafe to box.com.”  –Vadym Shvydkyi

At the moment, Vadym says, AWS S3 is the most desirable choice for most clients because its outstanding security complies with most standards that exist in the market.

Sergey Matikainen, CTO at INSART, explains that using the cloud enables choosing optimum platforms for specific needs. Moreover, projects with microservices architecture can employ the cloud only with the services that require it and choose different platforms for different services to match the task best. Thus, a balance between price, flexibility, and performance can be achieved.

“We had migrated from Heroku to Amazon at one of the projects. The client’s company growth induced Heroku to become inefficient, as with high loads it proved to be less flexible and more expensive.” –Sergey Matikainen

Cloud solution done right

As we discussed in previous publications, many startups prefer using cloud technologies such as AWS instead of building their own data centers, which tend to be more complicated and subject to tough regulations and security standards. Also, many startups think that AWS can provide safer data storage than traditional methods can and implement the most modern and exclusive security standards. Many startups use it collectively so that they can afford much more advanced security technologies than they could alone.

Matthew Rennie, a CTO at Jemstep, an integrated digital platform that enhances advisor engagement with clients, uses Amazon AWS for cloud solutions. Rennie explains that Jemstep runs on the public cloud, deploying exclusively to Amazon AWS for the elasticity benefits and convenience that the Amazon platform provides.

For their technology stack, they chose Scala, the advantage of which is Scala API for Amazon Spark. Jemstep uses Spark for analytics and ETL because it makes it easy to integrate solutions with custodians and market data providers. Each individual Spark job runs on Amazon’s data pipelines, which then runs on a batch basis within Amazon EMR. This combination of technology envisages Jemstep’s stable growth within a distributed development framework.

How to ensure cloud security

There are some obvious but sometimes overlooked elements a FinTech product needs to have to ensure security. One of those elements is compliance requirements. Why is it crucial? Let’s discuss Laserfiche as an example.

Laserfiche, an enterprise content-management and business-process automation platform, is the only business in the wealth-management space that has a records-management module that can be used in compliance of the Department of Defense, DoD 5015.2, for the long-term archiving and retention of digital records, according to Greg Eisenberg, CTO. This level of compliance is the international gold standard in protecting the integrity and security of digital records. According to Eisenberg, Laserfiche’s on-premises product can also be used in compliance with SEC Rule SEC17a-4.

Eisenberg says that it is a two-way street when it comes to on-premises security implementation. The Laserfiche platform contains all the tools and functionalities to secure data, but it’s up to the customer to make sure these controls are in place.

“We’ve also created a lot of documentation and [have been] working with our solution providers to train them on best practices, and there’s a phenomenal community of solution providers who use our answers platform to ask good questions and get answers on how to do certain things.” –Greg Eisenberg

Since moving to the cloud, Laserfiche has gained a SOC 2 compliance certification, which ensures that they follow strict information-security policies and procedures. This ensures the security, availability, processing, integrity, and confidentiality of customer data. Laserfiche also uses a third-party security firm to analyze their code base, identify potential vulnerabilities, and perform penetration testing on the Laserfiche cloud.

Eisenberg says that Laserfiche applies the same security means to their on-premises offerings. These run on the Windows Server and were written in multiple languages, from C++ to C#. Eisenberg explained that they need to identify the smartest technology to handle problems the best they can.

“[Although] there is a shift toward cloud technologies including running C# and .Net code on both Windows and Linux, our client applications will run on Mac OS and Android and Windows machines just the same.” –Greg Eisenberg

When is cloud not an option?

The are some occasions when you just can’t afford using the cloud no matter how many security measures you put in place. The market is diversified. The next example describes, in color, what makes some FinTechs give up on the cloud.

Evolute, an end-to-end digital wealth-management tool for banks and independent asset managers, operates its own data center located in Switzerland. A large part of their clientele is high-net-worth individuals (HNWIs). Evolute’s CTO, Martin Polasek, says it was a significant investment to build a local data center, but it was necessary; many HNWIs aren’t ready to store data in the cloud even though it would be a more cost-effective approach.

Evolute implemented clear segregation of data levels (e.g., the developers don’t access the production environment with real client data). Evolute’s production environment comprises various security levels—from authorization to authentication, Polasek says. In addition, Evolute has internal firewalls that segregate the database from the application servers and so on.

That said, Evolute has yet to encrypt client data—one aspect that is still a work in progress from a security perspective is that. Such a security measure is hard to implement, especially when running reporting applications and aiming to get most of their data from custodians. This is something Evolute’s architecture plans to deliver in the long run.

Takeaways

Cloud architecture solutions and distributed work usually go hand in hand. Not only does the cloud encourage implementing distributed architecture, but it also dictates some security regulations aimed to ensure clients’ data safety. Meanwhile, the cloud solution brings the benefits of increased scalability to the table.

Do you think FinTechs should use on-premises storages or cloud technology? Have you ever migrated your FinTech capabilities to the cloud? Share your knowledge; let’s build a great FinTech ecosystem of tools together!

Bonus: Cloud services picks for CTOs

Cloud services are known for their outstanding ease of use and integration. Whether you’d consider migrating your own service into the cloud or not, these utilities can be of great use for a CTO’s daily routines. Enjoy reading these picks:

Distributed team management

Status Hero Status Hero is a lightweight tool for tracking daily goals, activity logs from your tools, and status updates from your team all in one place. It’s integrated with JIRA, GitHub, and other widespread tools and allows you to sync your team and cut through the noise. You also can use Status Hero to inform stakeholders and C-level executives about your progress.
iDoneThis This minimalist tool aims to free you from micromanagement. Team members get a daily email reminder to report what they accomplished that day. The next day, you get a digest report of what everyone got done. No hassle, only progress!
TeamSnippets TeamSnippets allows you to automatically collect your team’s status updates via email and compile them into a report that keeps you up-to-date on everyone’s progress.

Testing automation

Screenster Screenster enables test-case automation within five minutes. The app requires neither desktop installations nor browser plugins. All you need is to type a URL to a Screenster server, and the tests run automatically.
Percy This purple hedgehog knows how to do visual testing right. Ensure your UI is free of visual bugs and brand integrity inconsistencies. The tool is a must-have if your product’s UI matters!
Diffy If you need to test visual changes on your website but don’t want to spend time coding, Diffy can help. Just provide a list of URLs to start testing.

Remote collaboration

Google Hangouts Collaborate simply and effectively. Hangouts is a powerful cross-platform tool that enables teams to share multimedia, see who’s online, and message friends and coworkers.
Screenhero A must-have for teams using Slack! This screen-sharing app provides unique experiences within a familiar workspace.
appear.in This app provides customizable room names and simple one-click access to rooms via email, chat, SMS, etc.