The global pandemic has turbo-charged digital transformation in financial services. In a year that saw six million people in Britain download their first banking app a few weeks into lockdown, banks have had to change the way they operate at head-spinning speed and scale. Lucas Wager, financial services cloud leader at IBM UK & Ireland, writes
For most banks, that meant accelerating their transition to cloud computing, now widely considered a top priority in the industry. The Bank of England actively encourages adoption of cloud technologies to improve operational resilience, cut costs and boost performance.
But while financial institutions are embracing the speed and agility of the public cloud, many are being held back by the difficulties of navigating complex security and compliance challenges.
A major concern for banks is managing risk from relying too much on one or two cloud providers. This happens because most cloud services run on proprietary technologies, making it easy for businesses to become locked into a vendor’s platform.
When a bank can’t operate seamlessly between cloud providers, something like an outage can not only disrupt services for millions of customers, damaging trust. A domino effect could also impact the entire global financial system, if the bank is large enough.
Banks are also still in the early stages of migrating mission-critical workloads to the cloud. This means they have to use on-premise, public and private cloud just to maintain the always-on service customers expect: from balance checks to transfers.
To overcome the hurdles of vendor concentration, a hybrid cloud model offers the best solution for banks, because it allows workloads to run fluidly across any cloud environment. A study by IBM Institute of Business Value (IBV) found banks that outperform their peers, in both revenue and operational efficiency, are 88% more likely to have made hybrid cloud part of their business strategy.
But perhaps the biggest game-changer for digital transformation in banking is having a cloud platform custom-designed for the industry. This is what IBM introduced in 2019, when it launched its IBM Cloud for Financial Services feature. Developed with Bank of America, it provides a secure environment in a highly regulated industry that is also built on an interoperable and open architecture.
Keeping data secure
As more financial institutions transition to multi-cloud environments, their ability to keep data secure and private has come under immense pressure. The Finance and Insurance sector has been the most cyber attacked industry for the past four years and this was exacerbated by people moving from a secure company setting to an often more vulnerable home setting.
Data from MacAfee shows that cloud-based cyber-attacks alone rose 630% between January and April 2020, when most businesses were rapidly adapting to remote working.
The good news is that there is a way for banks to ensure their data is just as secure on the cloud as it is on their own mainframes. This is made possible by Confidential Computing technology, whereby data is hidden in a secure enclave during processing. It cannot be seen by anyone – not even the cloud provider. In a standard cloud configuration, data is encrypted when it’s ‘at rest’ or ‘in transit’, but is decrypted during processing, leaving it vulnerable.
At IBM, we have a Keep Your Own Key (KYOK) feature that means there is only one key to the encrypted data and no one else can access it, including the cloud provider. These capabilities allow banks to remain compliant while allowing customers to trust their data stays private – even in a shared cloud environment.
Regulators also require banks to have consistent controls across all of their internal and external digital platforms, to curb systemic risk. This demands a level of granular oversight that is virtually impossible to achieve on traditional cloud platforms. Adding complexity, banks also have to assess the risk profile for cloud providers individually, which can take years.
The solution is to build the controls into the cloud platform from the outset and keep them updated in line with local regulation. It means banks can now be as compliant on a cloud as they are within their own data centers. And they can demonstrate compliance on a continuous basis, rather than every few months.
An IBV study found that 78% of banking executives believe greater innovation will be a key benefit of adopting a platform business model. This is especially true if that platform has baked-in compliance, which allows banks to onboard new fintech vendors in just weeks, creating a thriving ecosystem of technology providers. In such an eco-system, banks and fintechs will flourish as collaborators instead of rivals.
Given how strategically important cloud technology is to the future success of banks, cloud providers need to be more than just a tech vendor. They need a true business partner, with deep industry expertise combined with leading security technology, and experience supporting large enterprises in highly regulated industries.
Looking at the bigger picture for banks, open technologies and vendor agnostic clouds aren’t just key to compliance. They will make or break business success. As competitors adopt new ways of working, interoperability underpinned by world-class encryption technology are vital to unleash innovation and growth. They will be what ultimately differentiates the most successful banks of tomorrow.