Skip to main content

Cloud resilience: How to take a risk-based approach in Azure

by James Fox
Director of Technology Consulting, Protiviti

This article was co-written by James Fox and Andrew Paw.

Operational resilience regulations from the Bank of England’s Prudential Regulation Authority are now in place. Financial firms are focusing on their ability to develop resilient operations and to respond with remediation plans in the event of service failures. James Fox and Andrew Paw from Protiviti UK, explain why embedding resilience in the cloud will require multiple solutions – and how Microsoft can help.

On 31 March 2022, new operational resilience, third party and outsourcing regulations came into force in the UK. After 12 months of discussions across the financial services industry, firms must now demonstrate how they and their suppliers will respond in the event of disruption and work towards developing resilient operations. The move follows plans by the European Union, announced in September 2020, to develop a Digital Operational Resilience Act for financial services.

But as companies have spent time assessing their relationships with third parties in preparation for the new regulations, the concentration of risk among cloud service providers (CSPs) has become a talking point: they are in the spotlight amid concerns they are responsible for a growing amount of the financial sector’s infrastructure and services. In June 2022, the regulators responded again, issuing a discussion paper on critical third parties to the financial services sector.

In this article, we will focus on how firms can develop resilience in the cloud using a risk-based approach. It will build on a previous article on this topic and set out in more detail how this would work using Microsoft Azure.

Developing a risk-based approach

At the moment, regulators are considering enforcing multi-cloud strategies (working with more than one CSP), or portability (moving between providers), as solutions to growing concentration risk. We take the view that it is more optimal to take a risk-based approach to managing the cloud rather than follow prescriptive models.

A risk-based approach allows financial firms to tailor cloud usage to their risk appetite, enabling them to build resilience in multiple layers: they can develop best practice in governance, architecture, operations, and security. CSPs will support these efforts with their tools and platforms that help firms manage risk.

Building resilience in Microsoft Azure

FREE Membership Required to View Full Content:

Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

About James Fox

James is a Director in Protiviti’s Technology Consulting practice, with a focus on Enterprise Cloud Transformation. James has extensive global experience working across Asia Pacific and Europe in IT Advisory Consulting.

Prior to joining Protiviti, James was a Director at Deloitte Consulting supporting clients with strategic adoption of cloud services, Consultant at Amazon Web Services enabling enterprise customers to achieve their most challenging business and organisational goals through well-managed transformation and a Consultant at PwC providing Enterprise Cloud Transformation advice.

More about James Fox