The cloud-computing question for Wall Street is no longer “if” but “when.”

Firms are implementing cloud computing into their workflows to find cost savings as well as access to new technologies like machine learning, which would prove too expensive to host internally for all but the largest financial institutions.

“It is a very pronounced change for the large institutions, which had a ‘do it in our own data center’ attitude for so long until they could not do it anymore,” Mike Beller, CEO of Thesys Technologies told Markets Media.

Simultaneously, financial services industry is increasing its focus on cyber-security as more regulators, such as the New York State of Financial Services, implement rigorous new rules to protect client privacy.

However, the two trends are not affecting each other negatively, according to Beller.

“We see that market structure technology should be a thing that spans the data center to the cloud and work seamlessly between the two,” he added.

Thesys Technologies had its cloud security strategy in 2007, which paid off five years later when it won the contract US Securities and Exchange Commission’s Market Information Data Analytics System, the first regulator’s first cloud-based platform, in 2012.

“We had to find a way of making it work,” said Beller. “We worked with the folks at Amazon Web Services and with the SEC. We also used the guidelines provided by the Federal Risk and Authorization Management Program and were able to bring them onto the cloud in just six months and get approval to operate.”

As firms become more familiar with cloud offerings, they will see that the major cloud providers have found ways to meet Wall Street’s cyber-security concerns, he added.

The shortcoming Beller finds in many applications in the industry, cloud-based and not, is that software engineers often develop the core function of their applications first and then build security around it.

“Our approach at Thesys is to build security in from the ground up so that it is easier and more effective to secure the platforms using standard security frameworks from the National Institute of Standards and Technology and others.”

Cyber-security concerns, such as meeting SEC’s Regulation Systems Compliance and Integrity, have led the trading infrastructure vendor possibly moving some of its typically co-located offerings into the cloud.

“What we are considering doing for our customers now is doing the backup matching engine in the the cloud,” said Beller. “It does not need the same performance characteristics because when you are in that level of disaster scenario people can accept a little bit more latency.”