By Bob Mudhar, Partner at Citihub Consulting.
Public Cloud Adoption. Operational Resilience. Data Management. Microsoft 365. These will be the stories likely to dominate the headlines in banking technology for 2020, as forecasted by Bob Mudhar, Partner at Citihub Consulting.
His perspective is slightly different from banktech providers since, as a technology consultancy focused on Financial Services organisations, they operate in key areas that are current, relevant and in-demand at their clients’. The following are the areas Bob Mudhar sees financial services firms investing in, either through their own internal spend or through using external providers, ISVs and banktech organisations:
The major top tier Financial Services (FS) firms are still investing large amounts of time, money and organisational willpower on cloud adoption programmes. Mostly, they are trying to move early adoption candidates into full public cloud. Here, the challenges are still on technology security and enablement issues. FS firms find that moving a single instance of something into public cloud as a bespoke effort is achievable. Converting a single handcrafted migration into a factory-style approach to migrate thousands of applications is a much more challenging task. One common theme here is the lack of real and relevant skilled resources capable of the level of automation at such huge scale.
An emergent theme in this same topic is known as “compliance as code”. Paul Jones, Associate Partner at Citihub Consulting notes, “Firms have already benefited from infrastructure as code (where software engineering techniques such as versioning, testing and automation are applied to infrastructure delivery) and they are expanding this approach to cover security & compliance, too.”
Instead of a handbook or Wiki, corporate IT policies and security standards can be written as tests, and these tests can be executed against real infrastructure by CI/CD. Compliance teams get an up-to-date view of the status of their environments, and DevOps teams get clear, implementable requirements that can be embedded into their delivery pipelines.
Compliance as code is part of a general to “shift left” on security and compliance – an effort to introduce security & compliance best practice early in the development of a solution rather than leaving it for assessment, often by a separate team, just before deploying it to production.
Finally, as firms have adopted public cloud, there is increasing attention spent on Cyber Vaulting of code and data – that is ensuring you have access to your own code and data in the event of catastrophic failure of your cloud service provider. Once this is resolved, the next step is the rehydration, or recovery, of an entire application estate.
Data management and data governance were themes in 2019 and will continue to be headline topics in 2020, with growing importance. Data ties together the cloud adoption story and the digitisation of the banking enterprise. This is because firms often see the offloading of data to the cloud as being an enabler (easier for multiple areas to access the same data, greater usage of the latest toolsets). Once data is in the cloud, it becomes a huge driver for enabling the digital enterprise – offering services to clients on any platform (from mobile through to desktop PC) and ensuring a consistent experience on any device. However, moving data to the cloud also means understanding what data a firm has and what controls they have over it.
The migration to Office 365 is far more than an application upgrade. This is because it is also a move to the cloud as some of the services will be natively on Microsoft Azure. As it will be company data that will move to the cloud, there are concerns over data integrity and security. Hence, what starts as an application-upgrade problem has become, for many banks, all about auditing what data is stored internally and how to handle it in a post Office 365 world.
The PRA has been increasing focus on operational resilience of financial service firms. This is coming from a far more holistic perspective than technological data centre and disaster recovery plans. It considers the resilience of the organisation as a whole – people, processes, and technology. There may be a role for banktech firms here to propose innovative new solutions to resilience. However, there will also be a need for forensic investigation and uncovering of operational resilience risks and how to mitigate those. Some firms have begun mobilising their responses. The recent Treasury report on TSB technology failures was another trigger point to increase strong focus on operation resilience.
There is a link here to cloud adoption. As more services are digital first, and as the retail banking customer increasingly uses a mobile device as their only interaction with financial services firms, then the resilience of the cloud platform becomes a priority entry point and therefore at the top end of critical infrastructures that need an assured level of resilience. A few years back, technology resilience would have been focused on back-office system. Now, the front portal and cybershop front are just as important.