High Level Risks

External Risks

 Business-As-Usual operations and could be impacted during migration if the source data is
inaccessible or in case of extended downtime
 Legal and Compliance rules might be different, and the same migration strategy might not
apply across all banks or across all nations
 The regulator may introduce new guidelines which would result in additional requirements

Technical Risks

 Data Loss may occur when the data is migrated to the new system
 Data Inconsistency can cause an issue of data is missing or stored in an inconsistent format
 Duplicate Data – Banks might contain multiple data for same customer
 Application Stability Risk – The cloud-based system of the bank might not be stable after
migration
 Incompatible Hardware or Software
 Performance of the overall system may be impacted due to significant volumes of data

Project Management Risks

 Unclear or Complex Scope is likely to have an impact on project timelines

 Scope Creep may add time to the project and therefore additional cost
 If priorities of deliverables change, estimates and deadlines may be impacted
 Cost Overruns may occur due to escalation in cost hardware, software or vendor
services

Quality Concerns

 Data Inconsistency – There is a possibility data might be missing or stored in an inconsistent

format

 FNBoCS Data Migration Project Complexity
Complexity

Cost and Duration

Highly Complex
Level of Organizational Impact to FNBoCS Risks and Constraints

Moderately Complex

Quality Assurance and Testing Team Organization

Less Complex

IT Infrastructure Scope Definition

Data Variation Requirement Volatility

Change Accomodation/Flexibility
Risks Involved in Cloud Migration

Despite the positives of moving to the cloud, there are significant concerns that you must be aware
of.

Compliance: Certain compliance standards may limit the information stored on cloud. There could
be risks involved with the IT provider’s compliance to existing policies and contractual obligations
with respect to data handling and business operations. There are legal implications in using an
external IT provider.

Sensitive information: No matter how secure a cloud service is, there is always the possibility of a
security glitch. If the app has extremely sensitive data, then it would be advisable not to save it in
the cloud. It would be good to evaluate the entire structure rather than face the repercussions later
on.

Proprietary resources: If the application or technology has proprietary resources, then moving to the
cloud could lead to legal complications. CSPs come with their own set of proprietary specifications
and standards. Make sure you are aware of those before deciding to migrate.

Latency: Latency is the delay period between a client request and the response provided by the
cloud service. This affects the effectiveness and usability of devices. And in cloud services, this
problem can be really magnified. High latency can lead to huge delay times, especially in these
situations: video conferencing contact centres, cloud-based telephone systems and similar
collaboration tools. It is important to take measures that would lower the latency for public cloud
apps. You can start by identifying the areas where bottlenecks often arise, and clear those. You can
also control latency by moving your office closer to that of the cloud service provider. Significant
measures have been taken to control the latency, and there has been a huge change too, but there
could still be some loose ends.

Current setup: If you follow an on-premise model that is not too expensive and is comparatively
easier for you to handle, then the wiser option is to stick with it. This way, you will not call in
unnecessary complication of moving to the cloud.

Debugging: There is this threat of lack of control over performance because of the incompetence of
the cloud provider to provide quality service all the time. Make sure you are aware of what the cloud
provider can provide in terms of system performance, how they handle a disruption of service threat
and how they can manage your application without too much delay. When the cloud vendor handles
the hardware, it could affect the performance factor.

Sharing issues: With shared infrastructure, the threat of one application hogging the resources of
other application is always a glaring fact. Unless there is proper visibility, it is not possible to monitor
the applications and the physical hardware that they share while running simultaneously. This is
always a risk that will stare right at you all the time.

Vendor lock-in: Vendor lock-in is a primary issue of moving to cloud. It happens when you cannot
have a smooth transition from one product or service to another. This mostly results from usage of
proprietary technologies and resources with those of the vendor’s. The four primary vendor locking
risks are data transfer risk, application transfer risk, infrastructure transfer risk and human resource
knowledge risk. These could also lead to substantial switching costs. And once committed to a
particular cloud model, you will have difficulties in switching back to an on-premise model.
Compatibility: It may so happen that the existing infrastructure is not compatible with that of the
cloud provider’s. In that case, you might have to make some changes and ensure compatibility
before moving ahead.