Technology experts have raised fresh concerns about the financial sector’s over-reliance on Amazon after it emerged several large asset managers have started using the e-commerce giant’s cloud platform.
Financial News has learnt that the US technology company, which already counts a slew of banks, regulators and fintech firms among its customer base, also works with four of the largest fund managers in the world.
The concern is that a major collapse or hack could wreak havoc, creating a systemic risk.
Those using Amazon Web Services include Legal & General Investment Management, T Rowe Price and Vanguard. According to people familiar with the matter, Fidelity also uses AWS. Combined, the four companies have $9tn of assets under management.
The news has alarmed industry executives given Amazon already provides its cloud services to: Nasdaq; all of the Fortune 50 companies; banks including Citigroup, JPMorgan and HSBC; and regulators such as the UK’s Financial Conduct Authority and the Financial Industry Regulatory Authority in the US.
Javvad Malik, security advocate at software security business AlienVault, said that due to its powerful customer base, Amazon could become a prime target for rogue states or hackers: “If it goes down then you would have several financial services institutions going down too. Imagine if you are a state actor and you knew that if you could bring down a European AWS data centre you could effectively cripple the entire financial economy of a country.
“It is easy and convenient to dump all the data in one place but then you are exposing yourself to a lot more risk if that [place] becomes breached or unavailable.”
Ankur Modi, chief executive of artificial intelligence startup StatusToday and a former software engineer at Microsoft, added that rogues states already “would have been looking into targeting Amazon data centres” and said the possibility of several financial services firms being hit at once has increased.
Last year, some regulators and senior bankers expressed concerns that the City had concentrated too much of its resources in a small number of cloud providers and that a breach or systems failure could create significant problems. Some have called for regulatory oversight of cloud infrastructure providers given the industry’s dependence on them.
Tech security experts, however, say it could be difficult to tackle the problem. Malik said: “It’s not like Amazon is deliberately forcing anyone [to use AWS], they just have the superior product at the moment that everyone seems to be gravitating towards.”
He added that financial watchdogs could consider introducing data storage caps. “Maybe you have a system where can’t put more than 60% of your transaction services into one cloud provider.”
The risk of overreliance is heightened by the fact that Amazon offers a variety of software tools on top of its cloud product, making it harder for firms to switch between cloud providers. Scott Baldry, chief architect at T Rowe Price, said: “I wouldn’t say it’s trivial to move [cloud provider]. We are fully aware we are being tied into a relationship but we are comfortable with that.”
Although there are many other cloud providers, including Google, the majority of the City either uses AWS or Amazon’s main rival, Microsoft Azure, which counts Societe Generale among its asset management clients and serves 85% of systemically important banks including UBS.
Modi said: “My biggest fear is that companies have not done their due diligence [and rely on their competitors]. Barclays, BlackRock or Goldman would have done extensive research on this. The problem is that these institutions will have done research on what it would mean for themselves not for the entire industry.”
AWS did not respond to requests for comment.
To contact the author of this story with feedback or news, email Yolanda Bobeldijk