If the past couple of years have taught us anything, it is to expect the unexpected. For financial services firms, it has shown the critical importance of business continuity planning as a means to respond effectively to rapid change.
Global market infrastructures, such as clearing systems and exchanges, were hit hard by unprecedented volatility, with historic levels of transactions, shifts in margin requirements, and fluctuating prices, serving to remind us of the importance of resilient architecture and agile strategies in dealing with significant events.
Pre-pandemic, cloud transformation programs were already underway in most major financial institutions, but the pandemic-induced disruption motivated a faster transition. The benefits of such initiatives are undeniable: firms are migrating to the cloud seeking to remain agile in rapidly changing circumstances, all the while taking advantage of faster processing, greater accessibility, and the rich potential for automation.
However, along with benefits, cloud transformation brings challenges, too. The technology platforms supporting the financial services industry are innately complex and prone to failures, and when they are migrated to the cloud, the problem of their operational resilience does not go away – it just requires new approaches to address it within cloud environments.
Why System Test?
For most adopters of cloud technology, the choice has been dictated by the promise of increased resilience associated with it. While this is true for the cloud-native architecture per se, the resilience of the end product created on top of it is not guaranteed. To uncover the strengths and weaknesses of their technology deployed in a cloud environment, firms need extensive end-to-end testing. A deliberate software testing strategy is the only way to provide a strong foundation for business continuity plans.
Furthermore, in light of the rapid uptake of cloud technologies, regulators globally are increasing their focus on the systemic risk repercussions of a potential concentration in the cloud services providers’ market. In 2019, the European Banking Authority (EBA) published its revised guidelines on outsourcing, including recommendation on outsourcing to cloud service providers.
In February 2020, the European Insurance and Occupational Pensions Authority (EIOPA) published final Guidelines on outsourcing to cloud service providers for insurance and reinsurance undertakings.
Most recently in the UK, the Wholesale Markets Review consultation paper published by the Government in March this year noted the risk around the existing ambiguity regarding the role of market operators and participants in the event of market outages.
Other national regulators in European jurisdictions such as Germany and France also clarified their positions on cloud outsourcing recently.
The regulatory focus on the operational resiliency of cloud systems is expected to only increase in the coming years, and firms will need to consider the most effective ways to ensure they operate robust technology systems.
As a result, regulatory-grade system testing is expected to rise up the agenda for financial firms. A hugely technical undertaking, it requires firms to have an extensive knowledge of the systems they manage via experimentation, observation, and testing, but will typically result in significant benefits, including regulatory compliance.
Testing the Cloud
When planning for business continuity, rigorous testing is a must. This is by no means simple, and firms need to have the necessary expertise in place when it comes to managing and testing cloud systems. Though, technical talent is just part of the solution.
It is important to understand that what is considered to be standard behaviour for your system on-prem might not be the same in the cloud. In cloud environments, it is impossible to know for sure where and how exactly the code is executed, which creates serious obstacles for testing. When you test for resilience, you aim to make sure that your system stays operational under different scenarios.
However, most of these scenarios cannot be controllably reproduced in the cloud. To enable firms with full-scale testing capability, it is imperative that cloud providers allow their clients to trigger the needed environment states and artificially create conditions that are required to check system robustness.
To add to the list of challenges, the lack of control over the cloud during testing is compounded by the costs associated with full-scale high volume automated testing in the cloud. Large volumes of transactions required for continuous end-to-end testing generate massive amounts of traffic, which is expensive and is billed to the end firm rather than the cloud provider.
To overcome this challenge, there needs to be a significant mindset shift of both cloud providers and regulators: to ensure operational resilience of systemically important software deployed in the cloud, the industry needs to create an opportunity for firms to run tests without having to pay millions for transactions that are part of this crucial process of system testing.
Scaling the Testing Effort across Multi-Cloud
Within cloud adoption, firms are using numerous models in their transition to this new technology. To mitigate vendor-dependency risks, some firms are opting for a multi-cloud approach. While this approach diversifies the environments hosting software and data, it also creates additional risks from a testing perspective.
First of all, the specifics of multiple cloud ecosystems adds to the complexity of distributed system resources and, hence, the complexity of testing. Different data formats create additional challenges around data reconciliation tasks, and different encryption standards used in different cloud environments create new customization requirements for test automation software. And, finally, testing the same system in different cloud environments generates additional transaction data volumes and, therefore, excessive costs.
Market events over the past few years and increasing regulatory scrutiny are clear indications that operational resilience will continue to be a focus for the financial services industry as well as global policymakers for the years to come. The onus however is on firms to make sure they have the correct procedures in place to keep up with a dynamic environment.
In a nutshell, cloud adoption is a fundamental transformation of software architecture within an organisation. This can be accomplished only if you can control the whole process and can receive comprehensive information about system behaviour in key possible scenarios. These can only be achieved through software testing.
By Alexey Zverev, Co-CEO and Co-Founder of Exactpro Systems.
The firm is focused on functional and non-functional testing of exchanges, clearing houses, depositories and other market infrastructures, thus providing software testing services for technology that underpins global financial markets. Exactpro is headquartered in the UK with operations in the US, Canada, Georgia, Armenia, Lithuania and Sri Lanka.
Image by rawpixel.com.