As we enter 2020, I wanted to share what I think will be the technology focal points for Banks throughout this year.
Following both the Treasury Select Committee, and the UK Regulators papers around Operational Resiliency, how firms ensure they are able to overcome operational disruptions will continue to be high on the agenda for banking technology leaders. As a reminder,
operational resilience is defined by the BoE/PRA/FCA as “the ability of firms, financial market infrastructure and the system as a whole to prevent, respond to, recover and learn from operational disruptions”.
As a I touched on in a recent blog on how there is no time for downtime in financial services, I expect there will be more focus this year on actually piloting cyber stress testing, and also ensuring data integrity. The challenge for firms will be how they
ensure compliance in this space, in particular demonstrating that compliance under any stress-testing. In my opinion this will link to both technology modernization, cyber security and the use of multi-cloud, which I talk about elsewhere in this blog.
Cyber security is always a priority for banking technology leaders, however following further banking related incidents in 2019, and with the Travelex incident
still unfolding as we start 2020, it will continue to be a focus area. In particular, I expect we will start to see more interest and planning for “zero trust” architecture models.
Zero trust is an evolving approach to technology design, and will mean many different things to different people. In essence though it is based on the mind-set of removing inherent trust from the network and systems on it; treat everything as hostile and
instead gain confidence that you can trust it.
As well as focusing on zero trust, I expect the focus will continue to understand behavioural patterns on the network to try to identify bad actors before they strike. As we know from many of the high-profile cyber security incidents of recent years, often
bad actors have been within the perimeter for some time before finally striking and making their demands known. With advances in both computation as well as data analytics, analysing the vast volume and velocity of logs generated within an enterprise is now
possible for cyber security teams.
Emergence of the Edge
Whilst more retail banking focused, “the edge” will start to gain more focus this year as the explosion in connected devices continue. As this blog covered,
I expect using technologies such as video analytics as well as location based services within retail banking branches will start to gain traction as the retail banks look to modernise the experience for customers. In particular the ability to understand how
the branch estate is used by customers and staff, as well as being able to bridge the physical and digital banking worlds will be of particular interest and focus.
Cloud / Multi-Cloud / Omni-Cloud
In another recent blog, I talked about the promise of multi cloud in financial
services. In particular how one of the drivers for adopting a multi-cloud strategy is the potential regulatory focus on understanding and mitigating the risk posed by multiple institutions relying on the same underlying providers. As an example, the
UK Governments Treasury Committee released a report late in 2019, that explored IT Failures in the
Financial Services sector. In this report they highlighted the potential concentration risk that the large public cloud providers pose, with a recommendation that the UK Government should urgent consider how best to regulate cloud service providers, and
that regulating them as a critical infrastructure (the same as payment processing companies such as Vocalink) may be necessary. Another example that drives firms to look at multi-cloud is related to advice
given by the UK’s FCA which treats the use of public cloud by regulated firms the same as it treats outsourcing the provision of any services; a key requirement being that “firms should have exit plans and termination agreement that are understood, documented
and fully tested” as well as knowing “how [a firm] would transition to an alternative service provider and maintain business continuity”.
So with a number of firms having clear cloud strategies, I expect we will see more focus this year on how the services they have already moved to the public cloud can be supported across multiple cloud providers, if they needed to.
In addition, as highlighted by CRN, I expect we will see multi-cloud start
to become omni-cloud with the experience of supporting multiple public cloud providers becoming easier than it has been.
Closely linked to the continued adoption of cloud technologies, we will continue to see the general continued modernization of technology. I think this will be in a couple of areas – firstly, as the adoption of the public cloud continues, organisations
will look to try to offer the simplicity this provides them in their on-premises hybrid environments. We will see not only the technical aspects of this (automation, APIs, software driven infrastructure), but also the economical aspect of looking to have
the same commercial constructs for their on-premises infrastructure as they do for their cloud based services, as well as the ability to have an element of elasticity to support peaks in demand, but without the time-constraints they suffer today when it comes
to landing new.
The second area I expect to see more momentum in is the move to Kubernetes orchestrated container based infrastructures. Gartner have
predicted that by 2020 75% of enterprises will have deployed and be using containers; I expect we will see more focus on the move to these technologies in 2020 – especially in support of modernizing existing legacy applications, and utilising multi-cloud architectures.
The final area in this space, which can help exploit the previous two is the general adoption of microservices for applications deployed. For those that aren’t aware, microservices are an architectural style where applications are made up of loosely coupled
services. It enables the continuous integration/continuous deployed (CI/CD) approach to be applied to the managed of large complex applications. Each microservice provides an API endpoint that is connected by a lightweight protocol such as REST. As firms
drive for greater agility, in part to keep up with the “born in digital” challengers, the development velocity that microservices enable will be key. However, the operational complexity that microservices also introduces should not be forgotten.
Continued drive for efficiencies
No different to any other year, firms will continue to look to drive for efficiencies in how they operate. Within IT organisations, we will see continued focus on how they can learn from the wider business adoption of automation and AI. The journey to
a fully automated IT operation will continue, with the nirvana being called NoOps.
NoOps is in essence a world where a certain level of automation is achieved in the running and maintenance of technology that “no operations” teams are required any more. Whilst NoOps isn’t a new concept, the adoption of modern technologies such as Kubernetes,
the investment in API’s to drive infrastructure, the move to cloud based technologies and AIOps services, all make it much more of a reality than it previously was.