Finance does so much of its computing in the cloud that data center breakdowns could risk bringing down the economy, warned Democratic Congresswomen who want to give the US Treasury powers to scrutinize operators.
The shock security breach of Capital One banking systems operated by Amazon last month made the representatives act in fear that other breaches could cause a "catastrophe" for the entire economy.
Banks and finance companies had become so dependent on US cloud giants Amazon, Microsoft and Google that the Treasury should classify them under US law as vital parts of the finance system, and then use its legal powers to police their computer systems, they told US Treasury secretary Steven Mnuchin in a letter. But the numbers upon which they based their proposal were vague.
"The effect a disruption to a cloud services provider on the financial system could be catastrophic. It would cause immediate widespread harm and compromise stability of the market," said Congresswomen Nydia Velazquez and Katie Porter in the letter.
"A data breach could spur a bank run," they said, because if one cloud provider failed people would lose trust in the whole data infrastructure. For the system to have integrity it must have rules, they said.
The US economy had a problem most especially with Amazon Web Services, Microsoft Azure and Google Cloud Services, they said. The entire financial system relied on cloud services. And they commanded most of the market. Some banks were heavily dependent on them. Bank of America intended to put 80 percent of its functions "on virtual platforms and with public cloud providers", they said. Then eighty percent of all the world's biggest banks, and three quarters of its most vital financial institutions used Microsoft Azure.
Between them, the three cloud giants controlled 57 percent of the cloud market, said the Congresswomen. This implied the three giants did half the banking system's cloud computing, but the Congresswomen got their numbers from a market research report that said these three did half the work for all sectors, not just finance. AWS alone did 33 per cent of all cloud services. Amazon, NASA and state governments such as Arizona relied on Amazon as well.
"An Amazon Web Services cloud failure in particular would debilitate major swathes of the financial industry, government and national security," said the letter.
Yet regulatory powers are feeble. The US Federal Reserve had tried to inspect an Amazon data center but had been fobbed off, they said. Cloud companies were evading scrutiny.
They told Mnuchin he should regulate cloud computing at these companies by calling up legal powers to regulate companies that operated crucial parts of the financial system. Eight companies have previously been put under such scrutiny, using powers under the 2010 Dodd Frank Act to prevent another banking collapse like the one that caused the 2008 financial crash. But they were mostly payment clearing houses.
IT infrastructure had not been brought under the law, said the Congresswomen said, though they argued the Dodd-Frank rules made cloud companies liable. The big three cloud providers should be designated officially as Systematically Important Financial Market Utilities (SIFMUs) and policed by the Financial Stability Oversight Council (FSOC), they said. It would give the Treasury powers to inspect cloud computing centers and impose mandates on their systems.
Neither Velazquez or Porter's offices were ready to answer questions about their proposals. None of the three cloud companies, nor the Treasury were available for comment either.