There’s no turning back. Five years ago, we were at a tipping point in how corporate IT infrastructure functions. Even in the relatively slow moving world of treasury, SaaS and cloud based Treasury Management Systems are taking over from the old Treasury Workstations. With this trend has come a lot of hand waving over “cloud services” and “SaaS models” which has confused both treasurers and IT alike. As such, it is more important than ever that treasurers investing in online systems have an understanding of these technologies, lest they be misled by vendors making blanket declarations that only their cloud is “The Cloud” and ignore where their data is going and how it is being used.
Why do I, as a treasurer, care about “The Cloud” or “SaaS”?
In general you probably don’t, and you shouldn’t have to. What you do care about is how well the technology affects your relationship with the data you work with, and your ability to maintain the security and control over it. However, there’s a lot of huffing and puffing going around about what you should care about, without ever explaining why.
Understanding the architecture that your system sits upon, and how that affects both the transport and the storage of your data is crucial to understanding how your data is treated and who has access to it.
What is Cloud Computing/“The Cloud”?
Nearly every system provider has an almost esoteric definition that paints their specific cloud infrastructure as part of “The (one true) Cloud”, and everyone else’s as an inferior imitation or outright lie.
What is “The Cloud”? This nebulous concept gets tossed around with some frequency and is often confusing. The fact is, there’s no such thing as “The Cloud” at least not in the singular. Cloud computing is as nebulous as the water vapor its name refers to. Roughly defined, cloud computing is: “…using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer” and includes a vast variety of infrastructures and technologies. Most often these technologies are leased through one of three service models, SaaS, PaaS or IaaS. Many treasury management systems (themselves SaaS systems) are from companies leasing either a PaaS cloud service or an IaaS cloud service. In either case, they’re leasing the technology from someone, who in turn is running a collection of servers.
So where is your data?
As we’ve established, saying your data is in “The Cloud” is meaningless. There isn’t one cloud, there are hundreds, thousands of cloud hosting providers out there. Is your data being stored in Amazon EC2? Google Compute Engine? Rackspace Cloud?
If yes, where is that data being stored?
Legislation is vastly different in some countries and being able to control exactly where your data resides should be a key factor in your decision-making process. If your infrastructure is provided by Amazon, it exists in servers from California to Japan. Google is spread across the US and Europe. Rackspace’s datacenters are mainly in the US, with one in London, one in Hong Kong and one in Sydney. When your vendor leases these clouds, do they have any control over where your data resides?
How is your data being stored?
Most SaaS systems use what is called a “multitenancy” model. This means that multiple tenants (in treasury, this would be multiple corporate groups) share the same software. This creates some great cost savings - but for the vendor, not the client.
Multitenancy is when all users of the application (and thus all corporate groups within it) share the same underlying code, and in most cases the same database. This is contrasted by single tenancy where one client (or one corporate group) has their own set of code and individual database. Multitenancy provides some pretty great advantages for vendors but gives little value to customers for whom the end user experience is the same.
In the words of Microsoft:
The number, nature, and needs of the tenants you expect to serve all affect your data architecture decision in different ways. Some of the following questions may bias you toward a more isolated approach, while others may bias you toward a more shared approach.
Frederick Chong, Gianpaolo Carraro, and Roger Wolter, Microsoft Corporation, Multi-Tenant Data Architecture
- How many prospective tenants do you expect to target? […] The larger you expect your tenant base to be, the more likely you will want to consider a more shared approach.
- How much storage space do you expect the average tenant's data to occupy? If you expect some or all tenants to store very large amounts of data, the separate-database approach is probably best.
- How many concurrent end users do you expect the average tenant to support? The larger the number, the more appropriate a more isolated approach will be to meet end-user requirements.
- Do you expect to offer any per-tenant value-added services, such as per-tenant backup and restore capability? Such services are easier to offer through a more isolated approach.
Additionally, multitenant models limit data portability: once it’s in the system, it’s in the system. This often results in treasuries being “locked in” to the system they choose - disastrous if, say, company policy changes and financial data must be kept in house.
How many copies of my data are there, and how up-to-date are they?
Backups are obviously an important part of any SaaS service, but not all backup services are the same. Depending on how you are using your treasury system, you may have vastly different backup requirements from the next customer. For example, if you are signing and releasing multi-million dollar payments on a daily basis, you will want to make sure there is no possibility for data loss. If you have to roll back to yesterday’s data, you are on the hook to reach out to every bank to determine which payments have gone out and which still need to be sent.
The advantages of a vendor designed system
Ask your vendor where your data is being stored - how it’s being stored - and see if they can answer. Unless they’ve designed their own infrastructure, they probably don’t really know, and will simply tell you “the cloud” or name a host, and if you’re lucky it’s “Rackspace cloud” or “Amazon EC2” or “Google Compute Engine”.
The truth is, in the high value, low tenancy world of corporate treasury, custom cloud infrastructure allows greater control over the national influence of your data, allowing your vendor to confine data within certain borders. You can’t assure this with leased hosts, as their cloud infrastructure is usually at least mirrored across state lines, if not directly hosted across multiple national boundaries. For a treasury with concerns about national access to information, this is a must.
Companies, organizations, and governments are often subject to regulatory law that can affect their security and record storage needs. Investigate the regulatory environments that your prospective customers occupy in the markets in which you expect to operate, and determine whether they present any considerations that will affect your decision.Frederick Chong, Gianpaolo Carraro, and Roger Wolter, Microsoft Corporation, Multi-Tenant Data Architecture
Meanwhile, with a single-tenant, vendor designed cloud they can gain complete capability to customize the treasury system, down to a hardware level (not just servers, but firewalls, information transport infrastructure, etc.). They get total transparency over how redundancy, backup, disaster recovery, compliance and performance standards. Additional features can be added as needed. The SLA terms can be whatever the vendor can deliver - with no reliance on the cloud providers SLAs. And should there be any problems, you have a single point of contact responsible for the entire architecture, speeding up troubleshooting and recovery significantly.
“The Cloud” isn’t a thing as much as a collection of infrastructures and service models which can have major implications for your treasury. As such it’s important that treasurers investing in online systems have some understanding the technology lying at the heart of cloud computing so that they are not mislead by those claiming that only their system is “The Cloud”.