Despite the advantages and conveniences that new digital tools can bring, there are always those who are reluctant to embrace change. This is also true of large and sophisticated organisations within the rapidly digitalising finance industry. Not all banks, for example, are exploiting the full potential of public cloud computing. Since 2017, there have been more than 39,787 security patches on Microsoft products and 16 billion financial records that have been exposed through bank breaches. No wonder then that while 23% of global workloads have migrated to the public cloud, only 13% of financial workloads in Southeast Asia have done so — primarily due to regulatory requirements surrounding data security.
According to an Ernst & Young (EY) report from 2015, many executives remain hesitant to endorse a “cloud-first” approach. Moreover, 17% of respondents indicated cloud computing to be a first-priority vulnerability and potential source of increased risk, notes EY. Accenture has moreover found that data breaches are estimated to cost at least US$700 billion ($958 billion) in losses globally. With Covid-19 resulting in a sharp spike in cyberthreats, CEOs will likely be concerned about bringing more of their work onto the cloud.
Stakes are also high for firms deemed to have fallen short of data protection standards demanded by regulators. US financial holding firm Capital One, for example, was fined US$80 million for a 2019 security breach that exposed the personal data of more than 100 million customers. US tech news site The Verge reported that the Office of the Comptroller of Currency found that Capital One was aware its security practices were woefully insufficient yet failed to take effective actions to hold management accountable for potential security lapses.
While temporarily insulating businesses from cloud-related cyberthreats, however, not going on cloud would potentially deprive financial firms of future earnings. An Accenture report cited an example of an Asia Pacific bank that forsook four decades-old legacy IT for a multi-provider cloud model. After the change, costs for IT infrastructure, software development and provisioning fell 40%, while time to market for new applications and services was cut from six weeks to just four.
The Covid-19 pandemic has also shown cloud solutions have moreover become “mission critical” for firms to ensure business continuity within a large-scale health crisis, says Broadridge APAC CEO David Becker. The early days of the pandemic saw 1QFY2020 cloud expenditure rise 37% y-o-y as firms scrambled to put together makeshift business continuity plans as the world entered into lockdown. Failure to harness new technologies like cloud to enable business continuity within a crisis could lead to severe disruption to business operations.
Staying compliant
To solve this problem, tech giant and computing pioneer IBM is now positioning itself as a provider of cloud computing solutions that help firms stay compliant with data protection regulations. For 2QFY2020, IBM was able to beat earnings expectations partly with robust 30% y-o-y growth in its cloud business that hits US$6.3 billion — that’s around a third of the company’s total top line.
Instead of creating the technology and maintaining a choke-hold by selling them to clients as it used to in the mainframe era decades ago, IBM’s approach to delivering cloud computing today is a much more collaborative one. Last November, it partnered with Bank of America (BoA) to start IBM for Financial Services, which purports to be the first-ever financial services-ready public cloud built on IBM’s existing public cloud technology.
Through this program, IBM promises to provide firms with a purpose-built policy framework to support financial services compliance processes with proactive and automated security to keep sensitive data safe. With global finance businesses having to navigate more than 400 controls to stay compliant, such a system could save businesses a lot of time and money.
“To make sure that banks can rely on [IBM for Financial Services] and just join, we are actually certifying the vendors who want to work with those banks,” says Deon Newman, global vice-president at IBM Cloud Acceleration. It has inked strategic partnerships with more than 30 world-class independent software vendors (ISVs) like Adobe and Intellect to develop a broad and open ecosystem with the necessary skills to protect client cloud data. Already certified to the requisite data and security controls, clients can be confident that IBM’s cloud solutions are compliant too.
“The idea is to have them certify on the cloud policy framework for financial services to allow them to essentially plug in and remove the integration challenge that all these experiences,” adds Newman. This makes it much easier for financial institutions to integrate these disparate functions and skill sets into their compliance frameworks to create a more comprehensive response to financial regulations. Compliance therefore no longer becomes an additional chore for such firms, but rather a seamless part of their workflow on the cloud.
Another pillar of IBM’s strategy is to work with regulatory authorities through anchor clients, with BNP Paribas — Europe’s largest bank — serving as its “anchor client” in Europe while Japanese bank MUFG is considering becoming an anchor client in Asia Pacific. The core of this strategy is to rely on the local expertise of these established names to help ensure that IBM’s cloud solutions meet the compliance standards of the countries in which these large firms operate before expanding further. It is currently eyeing the promising Australia market for future expansion.
These anchor clients have been helpful in developing data centre capacity as well. IBM now has one of its “world-class” multi-zone regional cloud centres in Australia and is looking to develop more of such facilities around the region. With compliance being a dynamic field with regulations changing all the time, IBM is also taking a proactive approach towards ensuring cloud compliance. It has developed the IBM Research Cloud Innovation Lab to conduct Research and Development based on the advice of clients and partners to develop more innovative cloud solutions. It has also started the Financial Services Cloud Advisory Council, bringing in major financial institutions to develop new ideas that will drive the strategic evolution of cloud security.
“With major financial institutions and technology partners joining our financial services cloud, IBM is establishing confidence within the industry and around the globe that the IBM public cloud is the enterprise cloud for all highly regulated industries,” says IBM Cloud senior vice president Howard Boville.
Solutions for all
IBM’s cloud services have proven popular among the larger firms in the financial industry. In a sign of how popular IBM Cloud is with the larger end of the market, it is used by 47 out of the Fortune 50 companies, says Newman. The Fortune 50 are the 50 largest commercial banks, utilities, life insurance companies, retailers and transportation companies in the world. Some of IBM’s clients include ABN Amro, Citigroup and Deutsche Bank.
But IBM Cloud is not only for the great and mighty, adds Newman — practically any bank could benefit from using IBM cloud technology. The IBM Cloud, he says, has the largest number of VMware on their system in the world, allowing firms to run SAP applications on the cloud more easily. There are also a mix of different bank-specific applications on the cloud that would allow any firm with high levels of security and regulatory compliance to benefit from IBM Cloud.
Digital banking and FinTech is another area of growth as governments move to assert greater regulation over these industries. IBM Cloud would remove the need for such smaller firms to reinvent their operations and recertify their ISVs repeatedly, instead using IBM Cloud as a “one-stop shop” for recertification which they can also use to conduct business from. Considering the costs of change management and recertification, working with IBM could help nascent firms save on compliance costs.
The uses of these cloud technologies even extends beyond finance to other industries with strong compliance and security needs. Healthcare, insurance and even governments spring to mind. Newman even cites Indonesian start-up Skygrid, a cloud gaming partner offering premium games to customers over mobile devices. IBM Cloud supports these devices by providing the speed and performance of its bare-metal solutions, making it the best platform for low latency gaming.
Prominent IBM Cloud clients across the APAC region include Lygon, which runs its blockchain-based bank guarantee platform on IBM Cloud, and SK Holdings C&C, which utilises IBM Cloud to run solutions for various industries including financial services.
But what makes IBM Cloud stand out from the world’s strongest tech firms is its uniquely stringent data security compliance standards. It delivers client data security through a unique “Keep Your Own Key” system that is compliant with industry leading FIPS 140-2 Level 4 certifications for data security. Under this protocol, not even IBM itself can act on its own clients, using common controls and guard rails built from the industry up to provide open and secure cloud solutions to clients based on deep industry expertise.
Ultimately, says Newman, IBM’s long and storied history as a tech firm will see the company thrive within Southeast Asia’s digital economy amid global uncertainty and disruption. Having made its presence felt in the region long before the emergence of general computing, he adds, IBM has built a reputation for reliability and innovation. For example, its work in developing the global airline ticketing system and with Visa to develop the global credit card industry have radically transformed the world we live in today.
