Building for Operational Resilience in the Age of AI and Hybrid Cloud

Each year we see the challenges that enterprises face become more complex as they strive to keep up with the latest technologies, such as Generative AI, and changing customer demands – all while meeting evolving regulations and managing risk. For the financial services industry in particular, these challenges take on an entirely new level of expectation as they navigate the evolving regulatory landscape and manage requirements for privacy, resiliency, cybersecurity, data sovereignty, and more. In fact, organizations in the financial services industry and across all other regulated sectors including healthcare must place an even greater focus on managing risk – not only to meet compliance requirements, but to maintain customer confidence and trust.

To do this, it’s critical that banks and other financial institutions place an emphasis on operational resilience with the aim of maintaining stability, preserving market integrity, and protecting their and their customers’ most confidential data.

Prioritizing Operational Resiliency

The essence of operational resilience is an assumption that disruption is inevitable, and organizations must have measures in place to be able to absorb and adapt to any shocks. This includes cyber incidents, technology failures, natural disasters and more. With more dependency on technology and third- and fourth- parties, expectations are increasing for organizations to continue delivering critical business services through a major disruption in a safe and secure manner. This means it is critical to actively minimize downtime, and close gaps in the supply chain to remain competitive.

It's also important to understand that this is different from the long-standing industry practice of disaster recovery and returning to normal operations in several days with defined recovery point objectives and recovery time objectives. Although still an important practice, appetite for a conventional disaster recovery approach for critical business services is diminishing across industries and especially with regulators. This is evident from emerging regulatory requirements that we are seeing in the UK such as the Bank of England’s Critical Third-Party regime and the Digital Operational Resilience Act (DORA) in Europe.

Cybersecurity and Resiliency Across the Entire IT Estate

As hybrid cloud and generative AI adoption increases, data and applications are everywhere - across multiple clouds and vendors, including both SaaS and Fintech, on premises and even at the edge. For this reason, it’s more important than ever for financial services institutions to ensure their cybersecurity and resiliency strategy incorporates their entire IT estate, no matter where data resides.

To do this, organizations must first prioritize the most critical business services and develop a workload and data placement strategy to determine which applications and data should reside in a certain environment based on its specific security, resiliency and data sovereignty needs.

According to the 2024 IBM X-Force Threat Intelligence Index, attackers are increasingly shifting from ransomware to malware that is designed to steal information – which reinforces the importance of leveraging technology and an approach that provides a holistic view and end-to-end protection across your entire IT estate, including your partners.

While partnerships are essential for businesses to remain competitive and tap into new entry points, organizations must make sure third parties are thinking about security, resiliency and controls in the same way they and their regulators are.

It’s clear trust and security must be at the foundation of decisions about where workloads and data reside – regardless of industry. But how can an enterprise ensure these priorities remain front and center, especially when working with third and fourth parties?

Taking An Industry-Specific Approach To Accelerating Digital Transformation

Hybrid cloud is now the dominant architecture adopted by enterprises, according to an IBM Study, but critical to hybrid cloud strategy is an industry cloud approach. Similar to how financial organizations have a responsibility to protect their customers’ data, cloud providers have a responsibility to provide a platform that is built with the needs of their clients in mind.

Over the last few years, it has become clear that financial services organizations need an enterprise cloud platform designed for their unique regulated industry. By leveraging an industry-specific cloud platform – such as one with built-in controls – financial services organizations and other technology services providers can better meet their stringent industry standards.

Shared Understanding and Ownership

As enterprises continue to balance the complexities of innovation, risk, resilience and more, the path forward will be working towards a common, risk-based understanding of the core principles that underpin effective operational resiliency. It’s essential for organizations to take ownership of their operations and prioritize their actions and investments based on the impact to themselves, their customers, and market stability, but this can’t happen in a vacuum.

It takes all of us including financial services organizations, their supervisory authorities, third- and fourth- parties, and cloud providers to work in unison to accomplish the same critical mission: reducing risk and enabling resilience.