IBM has created a cloud practice aimed at regulated businesses, with a focus on financial services.
“IBM is well entrenched in terms of providing technology for mission critical services in financial services around the world,” said Howard Boville, SVP & head of IBM Cloud Platform.
The U.S. Department of the Treasury recently released a report on financial services and the cloud noting some concerns about how much information cloud service providers (CSP) release to financial services firms, the concentration of service providers and differences in regulation across the globe.
Working with an active group of more than 130 financial firms (IBM Financial Services Cloud Council), IBM is learning what they need from cloud providers and incorporating those requirements — such as compliance and security — into its cloud offering.
In 2012 to 2014 cloud became a general purpose resource, not mission critical and certainly not regulated, said Boville. The company is talking with financial firms about managing third and fourth party, risk, he added.
“In the past when a bank would buy a piece of software it would sit in the bank’s data center with the bank’s security and controls. But with Software as a Service it sits in a data center the bank has no control over, and that can be a real risk if the cloud provider doesn’t have the security and controls.”
Users of cloud computing expect the services to be up and running, but in 2021 cloud providers had a number of outages. AWS had three outages in December, The Washington Post reported. Many outages by general purpose cloud operators don’t get much publicity, Boville said. People who want to see what is going on with the internet can download a free smartphone app, Downdetector.
“It shows the fragility of general purpose cloud providers,” he added.
IBM’s financial services cloud operates at seven nines of availability, he said while general purpose clouds offer three nines.
“That doesn’t cut it for financial services.”
Performance is also a key concern for finance, he added. If a call center that uses cloud runs slow that isn’t a big concern, but when the data center is running trillions in payments, slow is not an option. He recommends a hybrid approach to cloud.
“If you have three data centers you need a network to connect them. It’s not unusual for fiber to get dug up by a backhoe, so even with three data centers it is still possible to have failure. That’s why we recommend a hybrid cloud — your own data center plus the cloud data centers, so if someone cuts through a line you still have your own.”
He also recommends users have two data center providers — IBM works with AWS and Microsoft.
“You can’t build resilience with just one, and you don’t want to be locked out of innovation that cloud providers are doing.”
Because IBM is not just a cloud provider, it offers customers a some perspective on how to use cloud in business.
“If you work with a cloud provider the answer is cloud, now what’s the question?” Boville remarked. “Financial services firms have rushed into the shiny new technology thinking cloud will solve all their problems, but technology is just a tool.”
He calls the result FrankenCloud — bits of this and that.
“You have to build on solid architectural principles.”
A growing trend he sees is nation states, especially in Europe, are looking at cloud-based financial services and asking how their citizens’ data can be protected. France is leading the way with Capgemini, Orange and Microsoft participating in a platform called Bleu while Thales, a major French defense contractor, is joining forces with Google on a trusted cloud. through a newly formed company called S3NS.
Europeans grew concerned about the U.S. Patriot Act after a subpoena was served on an Irish account held at an American hyperscaler (cloud provider) without anyone in Ireland being told about it, Boville said. IBM, unlike other cloud providers for financial services, doesn’t hold an encryption key.
“Even if we were subpoenaed by a nation state we couldn’t provide encrypted data.”
Looking ahead, Boville thinks that the big growth area in cloud will move beyond customer applications to business processes using third party apps that increasingly won’t be built by the bank but will use APIs to plug and play and keep the business vibrant.