When you think of banks, marble columns and steel vaults are probably what jump to mind. They project stability, dependability, security and trust.
What if today, the truest symbol of a bank’s rock-solid reliability was the cloud—with the added advantage of faster innovation and globe-spanning efficiency? What if cloud computing, which once seemed so vulnerable and unpredictable, had become, through its size, scope and ambition, among the most secure and compliance-attuned places for a financial firm to conduct business?
It’s about more than having some of the world’s ten largest banks on board, though. When it comes to building a public cloud suitable for an industry that is the circulatory system of the global economy, four capabilities should be in place.
The freedom to innovate
One of the biggest appeals of public cloud has always been its adaptability and elasticity.
Your bank could be launching a new service or that app gets really popular overnight. Maybe regulators or the security team want to double back-ups on the payments system.
“Before, you might have to buy a whole bunch of new servers, the space to put them in, configure them—it’s a huge investment not just of money but time,” explained Tom Eck, global CTO for banking and financial markets at IBM. “With public cloud, we’re seeing banks get access to the resources they need within a matter of minutes or hours.”
This flexibility has already been crucial in the fast-moving digital world, and it has only grown more essential in 2020. Disruptions due to natural disasters, macroeconomic shocks, and cyberattacks revealed in the past how companies needed to be agile; the new normal brought on by COVID-19 has taken this imperative to the extreme.
The ability to rapidly scale day-to-day operations and to release new products quickly—by tapping into services and partners already integrated into the public cloud—means financial institutions can become better prepared for whatever the future holds.
There should be freedom in that future, too. Utilizing an open-source model where your applications live in portable containers—like the one offered by IBM and Red Hat—your operations can run on any cloud as well as on-premises networks. You’re not locked in.
Partnerships and platforms are where most banks have been headed for years, it’s widely acknowledged, and most of those partners are moving to the cloud or were born on the cloud to begin with.
Fintechs have played an especially important role over the past decade. Many traditional institutions viewed them first as adversaries, then as acquisitions. Now, with public cloud, it’s easier to collaborate and source the services you need and build platforms together.
“The real value in open banking isn’t about trying to do everything yourself,” Bharat Bhushan, IBM’s financial services CTO for Europe, said. “It’s about exploring what other people are good at and exploring that partnership model where you create a win-win situation. Those relationships thrive on the cloud.”
They also thrive on trust, which is why IBM, Bank of America and BNP Paribas initiated the Financial Services Cloud Advisory Council. Users of the financial services public cloud can gain the confidence that their peers on the platform are trustworthy and compliant.
Cloud is also where advanced technologies, like AI, edge computing and quantum programs can live freely. Many of these technologies have grown so large and complex, to tap their full capabilities within a private data center is all but impossible.
Regulation is fundamental
One of the biggest constraints on public cloud adoption has long been financial regulations. The importance of maintaining good relationships with regulators naturally leads to a conservative approach to operations.
It’s one thing to host a customer service chatbot on a cloud server. It’s another to put your mortgage processing or savings accounts there and have the agencies charged with oversight accept that customer data and the bank’s operations overall are safe.
Working with Promontory Financial Group—an IBM unit that helped author many cloud regulations in the United States and European Union—IBM and Bank of America created a policy framework containing numerous public cloud controls, architecture patterns and guidance for implementation and evidence, all of which support institutions’ regulatory and security needs.
“In banking, it’s all about assessing risk,” Eck said. “When a bank is assessing the benefits of public cloud, jeopardizing compliance has always been a risk. But we’ve turned that on its head—we’ve put in place regulatory guard rails, and now, instead of being a burden, one of the benefits inherent in our cloud is the ability to more easily fulfill regulatory requirements.”
Institutions that adopt IBM Cloud for Financial Services can readily adapt its regulatory framework to their needs as well as easily integrating their own. This helps companies rapidly confirm that applications running on the cloud comply with current rules and security obligations. Furthermore, the framework is updated as necessary to support ongoing compliance into the future.
The new policy framework is IBM’s way of engineering a solution that turns an obligation into an advantage.
Security, security, security
If your operations have moved outside your own walls, your own servers and even your own private cloud, how can you be sure they’re secure?
“It’s simple,” Bhushan said. “Their data remains their data, their insights from that data remains theirs, and security is not just purely about the end-to-end, point-to-point security.”
The nature and sophistication of cyber threats increasingly means there is greatest safety in numbers. The same way public cloud offers more access to diverse services and apps, it can offer enhanced security by aggregating the cyber requirements of multiple institutions. This combined defense is designed to help IBM Cloud for Financial Services deliver security that is more robust, more efficient and more regularly updated.
What is particularly distinctive about IBM Cloud for Financial Services is that, while all participants benefit from their shared security, IBM is the rare partner providing each organization with sole control of their cryptographic keys, which gives them confidence that third parties aren’t sharing their keys.
“With newfound confidence in cloud technology’s ability to address their security and compliance needs, banks can extend their reach without losing focus on their core mission of serving customers,” Sarah Diamond, IBM’s global managing director for banking and financial markets, recently wrote in Forbes.