Towards the end of last year, IBM and Bank of America made news with the announcement they were partnering to develop a financial services-ready public cloud (of which Bank of America will be the first customer). This is a significant development, since I believe the horizontally-oriented cloud market does not yet offer the levels of security, privacy, and network resiliency necessary to meet the needs of a highly regulated industry such as banking (see my coverage here for more).
This week IBM shared an update on the initiative, announcing its first round of Independent Software Vendors (ISVs) and Software-as-a-Service (SaaS) partners who have announced their intention to onboard their offerings to IBM’s financial services-ready cloud. Let’s do a flyby of the announcement and see where the project currently stands.
Building out the ecosystem
IBM’s financial-services ready public cloud is expected to launch in the latter half of 2020, and as mentioned, Bank of America will be the new cloud’s first customer. This is a big get for IBM, but building a successful ecosystem means bringing a lot of organizations under the tent. The ISVs and SaaS providers who do business with and serve financial institutions are a critical piece of the puzzle because this will open the door for broad expansion of the offering to banks large and small, and globally.. However, it can be a drawn out, tedious exercise in frustration to ensure these players’ security and compliance readiness—a fact that I believe stymies innovation and broader industry collaboration. IBM is seeking to change that by offering a prescriptive implementation and evidence process for these organizations looking to deliver their solutions via the public cloud. IBM says that its financial services-ready public cloud will help these organizations accelerate and simplify their engagement and evidence processes with participating banks.
The first round of ISV and SaaS organizations to commit to hosting their offerings on IBM’s new cloud include the likes of Assima, C3.ai, Finacle, Intellect Design and Thought Machine. These are all known, trusted vendors, a fact that should help give financial institutions a level of confidence when considering IBM’s cloud offering. IBM says all of these ISV ecosystem partners will undergo an onboarding process, which will be supported by IBM and developed with financial services requirements in mind.
So how does IBM convince an industry, historically wary of such things, to migrate its sensitive operations to the public cloud? That brings us to the company’s efforts to ensure security and compliance. IBM provides assistance to ISVs and financial institutions alike in defining and monitoring their security and compliance postures.
IBM says its in-house consulting firm, Promontory, will help organizations make sense of regulatory requirements and that’s a good thing. Additionally, the company says it will provide organizations with a reference architecture that enables users to more effectively deploy and manage security and compliance controls in the public cloud, leveraging automation and integrated DevSecOps processes.
Additionally, as part of this push, IBM expanded its Hyper Protect Crypto Services with a specific focus on data protection. In addition to new support for application level encryption, key administrators will now be able to utilize smart cards to help their organizations secure data while in transit. Organizations will be able to keep their own keys—in other words, not even IBM employees can gain access to unencrypted customer data. In my mind, this is a key differentiator (pardon the wordplay) that IBM’s solution brings to the table. While some other cloud vendors claim to have “keep your own key,” or KYOK, IBM utilizes secure, hardware-based enclaves that allow its customers to retain complete control over their keys. Thanks to this ability, IBM’s offering meets the requirements for a FIPS 140-2 Level 4 security certification—the highest level of security certification possible. Lacking this crucial hardware component, other vendors’ offerings fall short of this certification.
It looks like IBM is making good progress on its quest to build the first financial services-ready public cloud. With Bank of America as its first customer, and a whole slew of ISV and SaaS partners ready to sign on, the ecosystem is taking shape. IBM’s experience and innovation in hardware/mainframe security technology separates it from much of the pack, enabling true KYOK and the highest possible security certification. That’s the sort of thing that just might be able to convince the financial services industry to migrate their sensitive operations to the public cloud and unlock a new era of innovation in the sector. I will continue to follow with interest.
Note: Moor Insights & Strategy writers and editors may have contributed to this article.