Guide to Cloud Trends in Financial Services

Software As A Service

Talk SaaS
Talk Scope
Preview our SaaS Solution
Get a Demo

Chapter 1


Software as a Service (SaaS) is the best-known example of cloud computing, so ubiquitous that in May 2018, Forbes declared that the name “SaaS” is dead. Much the way that we no longer need to explain that any technology is electric, we should now assume that all software is delivered as a service.[1]

Cloud services are largely replacing local grids or dedicated servers, where data is stored, and computing is done. A familiar personal example of this transition is that rather than backing up your computer on a hard drive or CD, you now store your back-ups on the cloud via a subscription, such as Apple iCloud or Google Cloud Storage or Microsoft OneDrive.

According to a 2016 McKinsey study, financial services are now leading the way through cloud adoption, with the largest footprint of mature cloud capabilities well above the median adoption rate of 19 percent. The broader financial services industry is also the only industry to have institutions recorded at nearly 100 percent cloud adoption[2] (in some form). Collaboration services via cloud grew 43 percent from 2014 to 2015 and represents highest type of cloud adoption in the financial services industry.[3][4]

Across the financial services industry there has been a large boom in the “everything-as-a-service” mentality. Since SaaS services offer contained ways to transition functionality to the cloud, one can mitigate the risks of a “big bang” enterprise-wide transition.

The incentives to make such a transition are large – cloud services adoption can enable savings of 30 to 40 percent[5] versus traditional IT build and support models. Financial services institutions have begun reaping the benefits of cloud flexibility to enable them to adapt quickly in the face of market fluctuations and regulatory requirements. With each new regulation comes additional scrutiny born by data, processes, and infrastructure, demanding more and better-quality data and richer capabilities for analyzing it.

SaaS applications can assist financial institutions in meeting this need to improve data quality and the resulting analytics. Because of the limitless scale and flexibility of the cloud, SaaS can achieve those data objectives for a fraction of the cost of on-premise computation. SaaS platforms are optimized for peak use, but clients only pay for peak use when it is needed, so institutions can conserve resources, while tapping into critical processing power at consequential points in their work. SaaS applications can provide trade data, enhanced data management capabilities, and sophisticated modeling and analytics across front, middle and back offices. Vendors often can provide these sector-specific services as ready-to-use almost immediately at the time of sale.

Chapter 2

Cloud Trends

Bain & Company reported that from 2012 to 2015, cloud demand accounted for 70 percent of related IT market growth and expect it to represent 60 percent of growth through 2020. They calculated that total cloud spending grew 337 percent from $27 billion in 2011 to $91 billion in 2015 and estimated another 81 percent growth to $165 billion in 2018.[6] A RightScale cloud use assessment of nearly 1,000 organizations reported that 18.5 percent of participants planned to double their public cloud spending in 2018, and 66.7 percent of participants will grow their public cloud spending at least 20 percent.[7] By 2020, Gartner analysts say that almost 40 percent of enterprises will use the cloud to support more than half of transactional systems of record.[8] Financial institutions are no exception to this trend with EY Consulting reporting that 62 percent of financial institutions intend to adopt fintech providers by 2020, compared with just 19 percent in 2017.[9]

Broadly defined, cloud computing is data processing or other IT services delivered via a network. The National Institute of Standards and Technology (NIST) defines cloud computing as a model for enabling on-demand, network-accessible, multi-tenant, scalable, and customizable computing resources. Multi-tenancy is an architecture where a single instance of software supports multiple customers, or “tenants,” while data and business processes are isolated – allowing for customization – for each tenant. Because of the ability to scale and customize cloud computing resources, and because of the ongoing IT support that it replaces when compared to a traditional local grid system, cloud computing products are typically priced by size per period, for example simple storage costs in gigabytes per month. For this reason, the difference between cloud and local grid options is often referred to as the “buy versus build” debate to illustrate the responsibility taken on under full ownership as compared to that of an adjustable subscription (aka, “renting”).

Migration to the cloud can be done incrementally, or piecemeal, determined by the urgency and scale of an institution’s needs. Periodic consideration of what and to what extent enterprise systems should migrate allows institutions to examine the unique demands of various aspects of enterprise systems. Considerations include whether their services would be better employed via cloud accessibility, or if the cloud provides essential scale or agility.

Cloud experts agree that it is a best practice to have a “cloud-first” mentality when deciding how to transition business transactions or operations to commercially-available cloud services. IT leadership should take time to rethink how applications could be re-built (expensive) or rented as full-featured solutions (less expensive) to make the best use of the capacity for automation and agility in the cloud.

A third alternative, transitioning an on-premise application directly to the cloud – sometimes referred to as “lift and shift” – can sometimes be done and can be beneficial if there is some urgency pushing an institution to migrate (outdated legacy hardware, legacy security issues, dramatic cost-benefit savings). However, lift and shift can suffer from latency and other performance issues, particularly in resource-heavy applications that feature rich analytics or images. Lift and shift also brings all the limitations and challenges of managing a data center into the cloud.

Components of Cloud Computing – Service Models

The cloud computing universe can be decomposed into three service models, from bottom to top: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). The three service models are tiers of support across the full range of cloud computing that a company may provide. These layers can easily be confused, because the most well-known providers (AWS, Google, Microsoft, IBM) offer options across two or three of the layers to scale up or down their solutions to best meet the consumers’ needs.[10]

IaaS is the base layer – providing storage, networks, or other basic computing resources via the cloud. Examples include IBM Cloud, Rackspace Managed Hosting, Amazon Web Services (AWS) Elastic Compute Service (EC2), DigitalOcean, Microsoft Azure, and Google Compute Engine.

PaaS is the middle layer – allowing the customer to build the application while the PaaS vendor provides the middleware and operating systems to support it (in addition to the services in the infrastructure layer). Examples include Salesforce Platform, AWS Lambda, Heroku, and Google App Engine.

SaaS is the top layer – providing a fully-functional application that is managed and hosted in the service provider’s data center, rather than on the client’s infrastructure. The cloud accessibility means that the software can be accessed anywhere, via an internet-enabled channel such as a web-browser or API. Examples include Salesforce, Slack, Google G Suite, and Adobe Creative Cloud.[11][12]

SaaS can be conflated with Application Service Providers (ASP), since both are software options accessible via a network. However, ASP is a centralized, unique instance of software. A new copy of the ASP must be created for each client, so it typically does not support multi-tenancy and requires significant architecting to customize or scale. This leaves the customer with little benefit over legacy software.

SaaS, on the other hand, is a multi-tenant service and allows for shared resources and infrastructure. SaaS does not exist locally so does not need to be installed or maintained – onboarding and maintenance is done by the vendor selling the service. SaaS is more easily scalable and customizable, a business- or value-delivery architecture, rather than a single instance of software.

The three service models are also sometimes confused because of the common usage of “as a service” as a marketing term. There are many flavors of “X-as-a-Service” inside the Software-as-a-Service layer because there are endless business use cases and applications that benefit from this model (and therefore many vendors). All other “services” should fall into one of the above three cloud computing service models if they are truly cloud services.[13]

Components of Cloud Computing – Deployment Models:

Cloud computing deployment models are generally expressed in opposition to traditional or legacy “on-premise” compute service models. The on-premise computing model generally features servers that are purchased, deployed, and maintained (patched, upgraded, cycled) by corporate IT staff – often on racks in an IT server room or various IT server closets throughout various physical corporate office locations or in a corporate owned data center.

When computing resources are located on-premise, many of the benefits of typical cloud resources are lost because it requires hardware (fixed cost), and accordingly, IT staff maintenance and support (labor). Additionally, in the case of deploying vendor software via on-premise options, because they are inherently single-tenant, it is expensive and complicated to scale, customize, and maintain after installation.[14]

Because of advancements in internet and cloud technologies – the traditional on-premise compute model has become comparatively expensive and less-flexible relative to cloud-based options.

The four cloud-computing deployment models are:

  • Public Cloud. Public cloud infrastructure is open for use by the public and exists in data centers maintained by the cloud provider. It can be customized to provide segmented resources for an organization or individual.
  • Private Cloud. This is sometimes now known as a virtual private cloud. This type of private cloud is a logically isolated section of cloud service infrastructure where the customer has complete control over the virtual networking environment including selection of IP address range, subnets, routing tables and network gateways. It features complete custom control as if the server network was on-premise.
  • Community Cloud. Community cloud infrastructure is built for exclusive use by a specific community of users, allowing for customized builds for shared concerns such as security, for example Google Apps for Government or Amazon’s AWS Secret Region (available for US Intelligence Community users/systems).
  • Hybrid Cloud. Hybrid cloud infrastructure is a composition of two or more distinct infrastructures that remain unique but share technology that allows for data and application accessibility.

Hybrid clouds are booming because of both the incremental approach to cloud service adoption and considerations for privacy and control. Of 997 respondents to a RightScale cloud use assessment, 96 percent are using some form of cloud services, and 71 percent of participants are using a hybrid approach and employing both public and private cloud services. Most organizations reported using more than three clouds across their business.[15]

SaaS Business Case

Given the rapid market shift from local, on-premise computing resources to cloud services, it seems clear to the market that the benefits far outweigh the risks.[16] While there are numerous components that make up this compelling business case, we believe there are three primary arguments that resonate most with IT and business leaders.

Application Offerings and Performance:
Cloud-native computing that is designed and built to support massive parallel-processing compute jobs is increasingly the norm for new analytics-heavy software. Modern, cloud-native architecture is now featuring containerization of the software – which supports ease of configuration, re-use of components/ease of deployment, consistent/reliable security, and most importantly – rapid scalability. There is a SaaS offering in the marketplace for virtually every kind of use case. The cloud-native design of many SaaS solutions makes them an ideal tool in an organization’s transition to the cloud, allowing for as-needed transition of specific compute-heavy business processes/workloads.

The savings that are generally inherent in SaaS solution options resembles that of many IT outsourcing business cases. Migration to the cloud transfers the IT configuration and maintenance resource burdens from the customer to the cloud provider.[17] In this vein, the cost savings also enables companies to better allocate their resources by deploying that IT and business staff time and funding to activities more central to the business strategy.

Most significantly, when companies’ needs fluctuate, for example surging data storage needs or periodically heavy analytics computation needs, SaaS options are much more cost efficient than maintaining the same computing power in-house. On-premises software would comparatively require that a company maintain the data and equipment at peak usage level, regardless of the degree of use, whereas SaaS solutions are typically priced on an adjustable lease, allowing the price to match the degree of utilization.

When institutions consider cost-effective options to solve for keeping up with the changing pace of the market and regulation and the ever-increasing need for better quality data and analytics, SaaS solutions should be at the top of the list. Because SaaS options are exceptionally flexible in terms of scale and customization, their services can adjust to changing customer needs while limiting costs.

Speed of Deployment:
SaaS solutions are an excellent way to begin or continue an institution’s transition to the cloud, allowing for the incremental deployment of use cases and customization across technology delivery channels. Two common and widely accessible channels for this service delivery are easy to configure and deploy almost immediately.

Web Browser. The most popular SaaS solutions (ex. Microsoft Office365) are delivered via a simple front-end web browser that is conveniently already deployed on all corporate enterprise desktops. There is no desktop configuration hurdle with this deployment model.

Application Programming Interface (API). With the rise of modern microservice architectures in the software industry, SaaS solution providers have devoted resources to developing and maintaining APIs that deliver their software. APIs can be used for system-to-system deployments or in system-to-end user deployments to front-end applications.

In 2016, Microsoft’s Excel product released a feature that enables the end user to consume API services (effectively, making Excel an option for a user-interface). So, for example, an Excel power user can now connect Excel over the Internet to any database, model, or analytics services that are exposed via API. Tableau and other popular desktop tools have embraced similar API strategies to solve their customers’ business needs.

Chapter 3

Questions to Ask SaaS Vendors

Information and network security are layered challenges for SaaS vendors. These are most easily understood in the context of the cloud structure described in the service models above. Organizations considering cloud migration or subscription to a SaaS solution should discuss the following with their prospective providers.

At the infrastructure level, multi-tenant cloud service providers host data and processing capacity on the same servers, physically side by side with data from many other companies. Cloud solution providers must structure their architecture in a way that creates clear segregation among tenants.

The physical security and the locality of the servers is another concern for SaaS customers. Buyers need to understand the laws governing the physical location of their data storage. Users should also be aware of the provider’s backup process to protect against disasters and how the backup may be encrypted to bar unauthorized access or alterations, be it malicious or accidental. Providers must also build in protections against attacks and shore up the system against breaches and leakages by implementing security checks and encryption techniques for data and its transmission across the network.

Cloud clients who are concerned with having uninterrupted access to their data should ensure that providers offer alternative access during routine maintenance and upgrades. Additionally, cloud client administrators should have clear recourse for secure access to backup data. In considering aspects of control of that data, it is important to understand how providers limit read and write permissions.

Institutions should inquire how data is normalized and onboarded, including if and how legacy systems will have continued access to that data. The data onboarding process can entail necessary changes to make data functional on the cloud. Clients should understand this process to ensure that no crucial information is lost in the migration.

In all of this, proper planning is the key. Effective planning in conversation with the prospective cloud provider is the most efficient means of mitigating most of the perceived risks associated with the cloud model, as well as way to best leverage the full capacity of the cloud and maximize the potential cost benefits.

Chapter 4

About RiskSpan

RiskSpan is a leading provider of innovative technology solutions and services to the residential mortgage, capital markets, banking, and insurance industries. RiskSpan’s mission is to innovate and leverage new technologies to eliminate the inefficiencies in the loan and structured finance markets and bring investors enhanced analytics produced from reliable data.

Since 2001, RiskSpan has provided strategic services, technology solutions and consulting services to its blue-chip clients. With approximately 125 data scientists, quants, and technologists, RiskSpan solves business problems for clients across the loan value chain including lenders, loan servicers, master servicers, trustees, asset investors and regulators. We solve problems that require industry-leading expertise in technology, data management, analytics and risk management.

RiskSpan is headquartered in Arlington, VA, with satellite offices in Stamford, CT and Charleston, SC.

RiskSpan Edge Platform
The Edge Platform is RiskSpan’s commercially-available SaaS-based data, modeling, and analytics platform for loans, securities and structured products. RiskSpan’s Edge Platform serves as a central hub supporting the data management, modeling and risk management needs of various financial institutions. Our scalable, cloud-native platform enables users to make better decisions based on insights into historical trends and with powerful predictive forecasts run under a range of economic scenarios.

RiskSpan Services
For more than 15 years, RiskSpan’s professional services team has delivered industry-leading expertise in credit, statistics, modeling, model risk management, and data management. RiskSpan’s team of data scientists, quants, and technologists delivers industry-leading analytics expertise and technology solutions. Our consultants are exclusively focused on supporting lending and structured finance for capital markets, banking, insurance and other specialty finance markets.

RiskSpan Innovation
SmartLink Lab, a division of RiskSpan formed in 2016, develops innovative business solutions using blockchain technology, smart contracts, machine learning and automation tools. Building on RiskSpan’s expertise with mortgage and consumer loan data, and applied experience with the intricacies of the structured finance market, our innovation lab was formed to bring business efficiencies to the lending and structured finance markets.

The Lab uniquely brings securitization business expertise, including a comprehensive understanding of the many parties involved, required disclosures, and the complexities inherent in deal modeling. Our SmartLink Lab team is dedicated to developing and leveraging new technology and business case prototypes (on-chain and off-chain) that deliver immediate real value when applied to the industry’s legacy data problems.


  1. John Greathouse, “SaaS is Dead, What’s Next?” Forbes. 1 May 2018.
  2. Nagendra Bommadevara, Andrea Del Miglio, and Steve Jansen. “Cloud Adoption to Accelerate IT Modernization.” McKinsey & Company. April 2018.
  3. Cameron Coles. “Financial Services Firms Increased Their Cloud Usage by 32.1% in 12 Months.” McAfee.  2015.
  4. “Quarterly SaaS Spending Reaches $20 billion as Microsoft Extends its Market Leadership.” Synergy Research Group. 21 August 2018.
  5. Nagendra Bommadevara, Andrea Del Miglio, and Steve Jansen. “Cloud Adoption to Accelerate IT Modernization.” McKinsey & Company. April 2018.
  6. Mark Brinda and Michael Heric. “The Changing Faces of the Cloud.” Bain & Company. 2017.
  7. “State of the Cloud Report: Data to Navigate your Multi-Cloud Strategy.” RightScale. 2018.
  8. Matt VanderZwaag. “The Financial Services Industry Looks to the Cloud.” DataCenter Knowledge. 5 March 2018.
  9. “Global banking outlook 2018.” EY. 2018.
  10. Graphic: Uday Salunkhe, PhD. and Sandeep Kelkar. “A Study on the Scope of Cloud Computing in Management Education.” AIMA Journal of Management & Research. Vol. 10, No. 2/4. (May 2016): 0974-497. 
  11. U.S. Department of Commerce. National Institute of Standards and Technology. September 2011. Special Publication 800-145, The NIST Definition of Cloud Computing. 
  12. Amazon, “Types of Cloud Computing.”
  13. U.S. Department of Commerce. National Institute of Standards and Technology. February 2018. NIST Special Publication 500-322, Evaluation of Cloud Computing Services Based on NIST SP 800-145.
  14. Amazon, “Types of Cloud Computing.”
  15. “State of the Cloud Report: Data to Navigate your Multi-Cloud Strategy.” RightScale. 2018.
  16. David C. Chou and Amy Y. Chou. “Software as a Service (SaaS) as an Outsourcing Model: An Economic Analysis.” ResearchGate. (January 2008). 
  17. “Gartner Says Cloud Computing Will Become the Bulk of New IT Spend by 2016.” Gartner Press Release. 24 October 2013.

Additional References

Get the fully-managed solution

Get a Demo