Analysing cloud providers’ infrastructure management – the bank perspective

  5 Be the first to comment

Analysing cloud providers’ infrastructure management – the bank perspective

Contributed

This content is contributed or sourced from third parties but has been subject to Finextra editorial review.

Speaking with two banks with also almost opposite roles and histories, we try to understand how cloud is playing a role in their overarching technology strategy, and the challenges that cloud migration has thrown in their path.

Gordon Mackechnie, chief technology officer at Deutsche Bank explains that the bank has effectively three partners for cloud use: Microsoft is used extensively on the end-user side, Google is used as the strategic public cloud partner and for the bulk of the bank’s migration, and finally for databases that will remain on premises in the private cloud the bank signed an agreement with Oracle to migrate the bulk of its Oracle Database estate to the Oracle Exadata Cloud@Customer.

“We are absolutely multi-cloud, but we’re not multi-cloud for the same purpose,” Mackechnie explains. “We want to take best of breed in each instance, and so we will have multiple cloud providers that we don’t use simultaneously for the same type of tasks. We think this is important.

Each solution has its strengths in different areas and more than delivers on them.” 

The app-only Minna Bank which officially began operations in May, boasts an in-house core banking system built by Zerobank Design Factory and Accenture, and is the first in Japan to run its core banking system on a public cloud – Google Cloud. Not only is the core banking system running Minna’s retail operations, but will be made available to third parties who wish to offer discrete embedded finance offerings or to run comprehensive branded banking services. 

CIO of Japan’s Minna Bank, Masaaki Miyamoto, also lists a swathe of other cloud providers being leveraged by the bank including Google Cloud, Azure, AWS, Oracle Fusion, DataDog, Salesforce, and PagerDuty.

Understanding the context for cloud migration

Explaining that there has been a range of factors driving the financial services industry’s acceptance of cloud adoption, Mackechnie highlights that the investments being made particularly by large cloud providers are significant. 

“Looking at the alternative – building large-scale shared platforms internally, the economics just don’t make sense.”

This type of project is typically more expensive and more difficult to do than initially expected. Second, he adds that financial institutions can't compete with the level of investment that Google or Microsoft or Amazon are making to their cloud platforms. 

Importantly, these projects aren’t points of commercial differentiation for incumbents. “It's not as if we’re going to build a shared service platform internally, that's going to give us a benefit as an organisation.” This removes the incentive to own anything or to self-develop.

He furthers that it’s important to understand the history of the “ecosystem of suppliers” in which banks have typically existed. Banks never built their own database software, but relied on software and infrastructure providers to provide these services. 

“In many cases we already have, a complex supply chain and providers that we use to kind of build the applications that we run the bank on. The cloud is just an evolution of that, rather than a complete revolution.”

Getting cloud strategy right from the outset

Now that the industry recognises the importance of cloud use, banks are looking to expedite their migration strategies in ways that will provide both scale and security quickly.

Straight to the point, Mackechnie states that the key mindset that banks should adopt is to go after this migration plan with strong intent. 

“There’s no point in doing this if you’re just going to play around at the edges.”

He recommends examining the more difficult problems up front, because while it is possible to shift over certain smaller, more discrete services and operations onto the cloud, in order to get the true benefit that cloud can provide “tinkering around the edges” isn’t going to deliver the progress you desire.

He qualifies this by stating that it is essential to identify the areas where real value will be delivered by shifting the cloud, and lead with these. 

“If you see the cloud as effectively an infrastructure or an infrastructure cost play, it doesn’t necessarily make clear the added value potential to business processes. We’re focusing on areas where we see incremental value which can only be achieved in the cloud.”

Managing the cloud provider relationship

Minna Bank, while leveraging the services of numerous providers, tends to have a closer relationship with its core-banking cloud provider Google Cloud. 

“We work very closely and have lots of support from Google Cloud, we’re in constant contact with their support members, and the Google Cloud team knows how our system works too.”

The Minna Bank team also schedules a monthly meeting with Google Cloud to share any error reports or new technologies available through the Google Cloud services which could assist their offering.

Aside from protocol which would involve close assistance with Google Cloud should any critical errors arise, Minna Bank only contacts its other cloud providers when need be.

Miyamoto adds that given its BaaS project currently under construction, it will need API connections to be able to deliver the offering at scale and with the ability to cater to high volumes. 

“Clients using our APIs don’t always notify us ahead of launching a marketing campaign whether our servers are prepared for high volumes of new customers. We need to make sure our servers can withstand the load. To therefore scale up our servers using cloud, Google Cloud is the only provider who can make this possible.”

When it comes to what banks should look out for in robust cloud infrastructure management strategies, Miyamoto explains that one factor (among many) is the ability to monitor services efficiently.

“It very challenging to monitor all cloud services in one place. Usually core banking services reside in a data centre so that when a problem occurs, you just need to visit the data centre to understand what is going on. But, on a cloud server, there isn’t anyone who can contact you to tell you there is a problem going on. It’s really important to get to know what has happened in real time, so that people can actually resolve issues quickly.”

What risks come with poor cloud infrastructure management?

First and foremost, Mackechnie argues, safety and security of data is the critical consideration that needs to be addressed in any cloud execution process. “With anything that is still relatively new and developing, we must be careful about ensuring that at each stage, we manage the risks.” 

In banking these risks typically manifest themselves as security, stability and operational resilience risks. He furthers that in the same way cloud providers investment significantly in the functionally of their platforms, they also invest heavily in operational resilience and security because much banks, security presents something of an “existential threat” for cloud providers who must be able to demonstrate and maintain this high level of security to operate in the highly regulated financial space.

“That isn't to say that it can't be done safely, but I think we have seen instances of people having problems in the past, maybe because a lack of experience and understanding, maybe a lack of configuration so we must be careful we don't make those mistakes. We have to be very careful to manage those risks effectively as we as we adopt new solution types like the cloud.” 

Resolving inherent challenges of cloud use

Miyamoto explains that a key challenge faced by Minna Bank is tied to management of cloud servicing protocol. He isn’t concerned in a material sense about outages or cloud services going down per say, as Minna Bank has designed into its systems the ability to continue functioning even if one of its cloud services goes down.

It builds this reliability by separating its servers, in fact, Minna Bank holds its data on Google Cloud servers located on both the East and West sides of Japan. This guarantees availability so that business can continue in the unlikely case one of these centres goes down.

However, a challenge it is yet to entirely resolve is managing maintenance periods.

“As a cloud infrastructure, the most important thing remains the account-end administration management, security, and operation management. However, because cloud services have to stop their servers for periodic maintenance, there is naturally a period of downtime. When that happens, our services also have to stop from anywhere between a few seconds to a few minutes.”

To manage this, Minna Bank tries to control when these maintenance downtimes will occur and prepare our services accordingly. “We not only have to negotiate with team members in our office and with the cloud providers, we also have to give notification to our customers, and all these updates cost a lot of money.”

Ideally, Miyamoto explains that by automating every process. Even then, as cloud providers are onboarding more and more services, it results in Minna Bank having to spend more to continue operating and managing the costs incurred through maintenance.

Are regulators on the right path for effective cloud use?

Insofar as operational resilience, Mackechnie believes that cloud definitely has a part to play, and Deutsche Bank is managing these resilience requirements as they pertain to cloud use.

“We retain full accountability for that resilience, and we are working with the cloud providers to make sure that it’s happening in a way that would meet our regulatory obligations.”

He explains that the cloud providers are very focused on these regulations too, and that they recognise that if they wish to be material players in supporting financial services, they must be able to meet regulatory expectations.

Regulators are also on a journey, continuously evolving their approach to cloud use, “but it’s challenging because a cloud provider is effectively a combination of things […] To some extent cloud providers are a hardware provider, to some extent they’re an open source service provider, and to some extent a they’re a software provider.”

Mackechnie adds that while the regulator historically looked at these providers separately, with different levels of oversight depending on the service, they are facing a new challenge today: “As you start to conflate these things you think, how do those different regulatory approaches come together in a way that sensible and effective for regulating an activity that's taking place in the public cloud?”

According to Miyamoto, Japanese regulators have not ruled out the use of public cloud in banking systems. “Rather, they encourage banks to evaluate cloud vendors as potential partners and promote the use of the cloud in line with the specific needs of their business and systems. Banks understand that without cloud use, they won't be able to compete with emerging companies simply by maintaining systems that have been entrenched for years."

How quickly should banks finalise their cloud migration plans?

While there is momentum behind shifting to cloud, Mackechnie argues that despite the increasing prevalence of digital players like Minna Bank which are entirely cloud native, there is not yet a pressure for incumbents to finalise their cloud migration. 

“If you're starting a bank from scratch today, would you build it all natively in the cloud? I'm sure you would. However you've got to recognise the sheer scale of 50 years’-worth of infrastructure, learning, and business logic that has been built in the systems of the larger incumbents.” 

“There's probably a tipping point somewhere down the line, where the cost of carrying a hybrid model becomes a bit painful, but we're a long way from that yet.”

He notes that there are still material reasons to maintain on-premises infrastructure at reasonable scale, which will continue for the foreseeable future. These include security, data elements, regulatory elements, online transaction processing, and certain functional low latency type elements (tied to trading activity) that that would be very difficult to move in any way.

On top of this sits the inhibitor of the substantial investment required to migrate properly. “To get the benefit you have to re-architect properly, therefore you're picking and choosing where to make those investments really have the most tangible impact.”

“I don't think there is pressure to finalise, rather, I think right now there's pressure to get it right. The risk profile of this is that we have to be absolutely certain that we're taking the right steps and we're taking those steps in a safe and secure way. So I think that's more the pressure on that than there is to actually finalise.”

Channels

Comments: (0)

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.