The banking industry has changed enormously in the last two decades – a 2021 report from Google found that the “vast majority” of financial services companies, including banks, are already using the public cloud and interest in multi-cloud migrations remains strong. But many banks’ underlying IT infrastructure is still catching up with these digital transformation shifts, which has created several new challenges for the executives and teams responsible for maintaining and securing the applications and networks that banks rely on. These include delivering service agility, maintaining a positive user experience, and keeping their data secure. A solid observability strategy and practice helps solve these challenges. Here’s how.
Changing Habits, Changing Traffic
More customers than ever before are banking remotely via mobile devices – 169.3 million in the United States as of 2021. This means that the network traffic generated by these customers is coming from many more distributed locations and is much more difficult for the IT to manage and observe. Centralizing applications, and data clusters in a couple of data centers no longer fits this scenario (users close to that data center would get much better experience than one located halfway around the world, for example). When most people banked in person by walking into a local branch, internet link usage followed regular patterns; it would be high during working hours and concentrated in major metro areas. Now customers can bank anytime, from anywhere, and banking IT teams are struggling to adjust to the new patterns from both an experience and security management perspectives. In response, banks are migrating workloads and application to the cloud in huge numbers. Many now use a distributed services model, with applications hosted across the hybrid-cloud and to the closest edge point to the user (i.e. edge-computing). Most banks are also using more than one cloud, and coordinating between multi-cloud and on-premises systems creates even more challenges for IT.
Banking IT leaders (CIOs and CISOs) have three main challenges because of these shifts:
- Service Agility: Banks operate in a highly competitive environment and rolling out new digital services (such as mobile banking, check deposits, or wire transfers) is an ongoing race to stand out from competitors. Those services must be rolled out on time and without glitches.
- User Experiences: Performance of these new services matters. In a mobile-first world users are very sensitive to even small delays, latencies, or non-responsiveness. The service components and chaining must be tested and observed thoroughly before commissioning into production.
- Security Assurance: Banks are high-value targets for attackers and fraud criminals, and must secure huge amounts of sensitive customer data, their assets, and other financial information. They must always stay a few steps ahead of their competitors.
Observability, from a network perspective, means that IT can see what is happening on the network in a holistic sense, easily determine why it is happening, and understand how to fix it. IT must plan ahead and have the observability systems in place before or during a cloud transition as the banks become more of a hybrid-cloud and multi-cloud digital service providers. Here’s how this works with each key challenge, in detail.
Hosting new services in the cloud requires that they be architected and rolled out much faster. Development teams do not need to deal with allocating servers, storage, bandwidth, hardware, etc.; and scalability becomes elastic. But migrating to the cloud means losing control in some dimensions. – IT DevOps and NetOps do not have easy access to the network data from the cloud like they would on-premises. The IT team will need a way to access the network data for troubleshooting and optimization/tuning of new services before commissioning into production. If network observability doesn’t follow these services to the cloud, blind spots and disruptions occur, delaying the service rollouts – which is a competitive disadvantage and bottom-line impact. Because of these high stakes, the observability should be in place before services move to the cloud.
For example: if a bank is rolling out a new service such as mobile check deposit, and it keeps breaking during the testing, while there are no observability tools and mechanisms in place to troubleshoot, the bank may have a competitive disadvantage and may face customer churn since post pandemic, many users expect that as a basic service.
In a hybrid-cloud based architecture, different service components reside in different locations and even across different clouds. This adds connectivity issues and latency and affects overall user experience drastically compared to on-premises, where latency between service components is minimal. There is added cost and complexity as well. IT must baseline and tune up all components in the service chain to adjust for these changes.
The users, of course, expect the same or better experience despite all the changes on the back end. To prevent this, IT needs observability to know what the latency is for each part of the service chain and monitor for issues proactively before users complain. Again, this need to be in place before users start using services.
For example: If a mobile check deposit doesn’t go through, takes multiple attempts or is extremely slow, the user will get frustrated. If logging on to a mobile banking app takes too long, the same will happen.
A breach can have huge repercussions for a bank, like customer/business churn, legal liabilities and reputational damage. Banks must be on top of securing their applications, data and infrastructure. Observability helps with this in multiple ways. First, it allows the SecOps blue team (with the help from NetOps) to observe east-west traffic within the hybrid-cloud for non-traditional intrusions such as malware or ransomware or fraudulent transactions. This is vital since most transactions take place here. Second, observability solutions that can collect network data from all parts of the hybrid-cloud expose the blind spots where threats can go undetected. In the public cloud case, while cloud providers will secure the elements of their infrastructure, security within the banks’ VPCs is still the IT responsibility. Observability also enables faster incident response and forensics.
For example: unusual network activity such as a bank statement download, or large transfer amount at an unusual time from an unusual region or device, may signal a fraud attempt. Access to the network data, analysis and replay capabilities helps track down the threats.
Hopefully the above key challenges and how they can be addressed through an effective observability strategy illuminates how it helps banks in staying on top of their business. The result is usually increased transaction velocity, enhanced user experience and tightened security.