By Mahesh Pancholi, Research Computing Specialist at high performance compute, storage and data analytics integrator, OCF.
Some of the biggest challenges CIOs in financial organisations are facing are the reduction in budgets and the need to be more efficient with their resources. Throw in the expectation of increased agility, the ever increasing need for security and protection against malicious attacks, while undertaking digital transformation, and the need to innovate and keep up with challenger banks and you have an idea of some of their main concerns.
CIOs and CTOs are expected to do more with less. Operating in such a heavily regulated environment only exacerbates these challenges. Yet many still rely on their own legacy infrastructure.
Living with a legacy
Specialised, single purpose hardware is expensive. And it’s a finite resource; traditional infrastructure’s limitations remain in the fact that the hardware is only doing one job, some of the time. When it’s working it may be performant, but with a traditional infrastructure you will either be wasting money by having over-stretched or over staffed teams trying to milk extra performance out of not enough compute power or wasting money by purchasing to meet peak demand and having a huge amount of your infrastructure sitting idle.
Private Cloud Possibilities
The private cloud is not free of these constraints either – no matter what anyone tells you, as with any hardware-based solution, it’s also a finite resource and the above issues still apply. The limitations remain the underlying hardware size, as such, financial organisations cannot expect private cloud to tackle the most demanding workloads perfectly every time, there are going to jobs that are simply too large or complex for the finite resource to tackle.
Alternatively, to meet those peak demands every time you’ll conversely have whole data centres full of kit potentially doing little to nothing at times of low demand. That’s a huge cost burden.
An organisation needs to meet those peaks in demand like monthly payroll runs, batch processing, or use of customer facing applications. Ideally, it needs to cost nothing when it’s not in use too.
And that’s the other major argument against the legacy private cloud or specialised hardware model – IT budgets are a finite resource as well. Financial institutions need to make the best use of their IT spending power so having a cloud infrastructure that’s versatile enough to meet the demands of the business without breaking the bank, so to speak, is really important. Which is where the Public Cloud comes in.
The argument for public cloud
There are, of course, the security and compliance concerns of public cloud. But, as Joseph Pagano, practice advisor for financial services at Cisco Digital Transformation Group points out: ‘Many [financial services] organisations continue to rely on IT infrastructures that are built on outdated components and are running with vulnerabilities.”
Joseph goes on to say that the challenge for financial services CIOs and CTOs is to “figure out how to update and proactively maintain infrastructures in order to mitigate security risks and keep adversaries at bay during a time when boards of directors are asking IT to further cut budgets to help meet Return on Equity (RoE) targets.
How can CIOs help their firms save money while enhancing operational risk management and cybersecurity capabilities?”
For me, that’s the inflection point for taking advantage of a hybrid cloud model – using both public, and open source, private cloud.
Why public cloud matters for FS
The key benefit for financial services firms looking to take full advantage of public cloud is there is a huge Return on Investment (ROI); there’s the increased efficiency, increased agility, and faster time to results too.
But it’s not just my own opinion, even the Financial Conduct Authority (FCA) supports public cloud and has even gone so far to say that it can “facilitate entry and/or expansion, and increase the ability of financial services providers, overall, to renew their IT systems in a more efficient manner”.
The “improved choice and innovation in outsourcing” should deliver “commensurate benefits for firms and consumers”.
Of course, Pagano has a very good point; the big worry still is security and compliance. But, in my view, this doesn’t rule out public cloud. Pinpoint where you must comply with regulations and where keeping data secure is paramount and then build a hybrid cloud infrastructure that’s intelligent enough to know where the work is placed and bursting out only for those high demand workloads that can leave the network perimeter and hit public cloud.
For example, the more generalised workloads such as customer facing applications that need to be highly available and resilient are perfect for public, open source cloud. This is particularly true when you architect your applications to use APIs and microservices meaning that your data can be safe and secure in your data centre while the application can burst out to the public cloud to meet your peak demand.
And there’s also the added benefit that OpenStack, the most well know free and open-source software platform for cloud computing, has been shown to have zero security flaws or vulnerabilities. There is, in fact, an active security group for OpenStack that looks for security weaknesses and tests key components that, arguably, makes it more secure than financial organisations’ own legacy infrastructure and perfect for their private cloud.
Catching up with the challenger banks
It’s been hard to miss the rise of the new ‘challenger banks’, even outside of the financial services sector, consumers are turning towards the likes of Atom, Monzo, Starling, and Tandem. These new banks sprung out of the changes in 2013 by the Bank of England and have the ability of starting fresh with technology.
Unlike the big hitters of the industry, challenger banks were incepted when cloud had already taken off and aren’t encumbered by legacy infrastructure. They’ve got a distinct technological advantage in that they can be more agile and flexible to meet rising consumer demand.
The already established banks have monolithic applications that are going to take a very long time to develop into containerised DevOps-style services that can take advantage of hybrid cloud models.
This game of playing catch up isn’t something that’ll happen overnight I’m afraid. The sheer size of some financial institutions’ infrastructure means that moving to public cloud and adopting a hybrid cloud approach will take years.
Some firms have already started moving some of their newer services and consumer-facing applications to the cloud and, in my view, this is the right way to approach the switch. It’s about developing more cloud native pieces of work, enabling CIOs and their teams to understand the real value of public cloud by learning lessons from moving non-business critical services.
So then moving from traditional workflows to a cloud native way of working is not nearly as scary or challenging.
This is a real sticking point for our customers. Only the very largest tend to have the resources internally to begin rolling out and testing public cloud and incorporating it into their processes. The challenger banks already have taken full advantage, yet we have the tier two financial institutions that are ready, willing and interested in containerisation (virtualising the Operating System in which any application can be stored, transported and run – an efficient method for deploying applications) and public cloud but don’t have the resources to do proof of concepts.
In reality, these tier two banks need cloud engineers and architects, but once again that’s a significant cost, particularly when testing out public cloud services. So the solution has to be working with industry experts. It’s why I suggest that those organisations, whether financial services or other, work with the likes of RedHat.
You will get the enterprise level support and can adopt the best of breed OpenStack solutions that they add support to.
There are also the cloud implementation specialists – they’re the ones who know how to build your infrastructure. Look for those that have experience in building cloud infrastructures with data that must be held in a secure manner and meet compliance and governance regulations.
The technological advances we’ve seen in public cloud infrastructures as well as the developments in OpenStack really means that moving to a hybrid cloud model is now a viable option for financial institutions.
There will always be a place and a need for private cloud to host and retain the critically important data, but it’s a costly resource compared with public cloud, so it surely makes a lot of sense to take advantage of open source cloud technology to help discover the cost and efficiency savings that so many CIOs are now being asked to find.