IBM Cloud Doubles Down On Resiliency, Security And Compliance

By Patrick Moorhead - November 22, 2022
IBM Cloud Sev 1 Incident Volume TrendIBM

It’s not controversial to say that the Cloud space has a lot of players coming from different angles. Of course, there are the public cloud size leaders—Azure, AWS, Oracle and Google Cloud—who are primarily taking a horizontal approach. But, in typical market fashion, we’re seeing more entrants, with more specialization and differentiation, as the Cloud industry continues to mature. IBM is on a very vertical cloud track, focusing on the deep need of industries like financial services.

I’ve been following IBM’s Cloud efforts with interest since the company purchased SoftLayer, a horizontal, public cloud platform, in 2013. The following year, IBM launched its Bluemix Cloud platform, built on SoftLayer infrastructure. Finally, in 2017, IBM rebranded Bluemix to IBM Cloud. Since then, IBM Cloud has taken a predominately vertical market and partner-led approach, often pairing strategically with other public clouds to provide differentiated solutions to its customers. This approach has perhaps partially obscured IBM Cloud’s achievements, many coming from banking and other highly regulated industries. It’s not surprising to me that these are the areas IBM Cloud has invested in, given IBM’s long history of working with industries that require strict levels of compliance and security (e.g., financial services and governmental organizations).

IBM Cloud took a few hits earlier in 2021 with the surfacing of customer complaints around the platform’s resiliency. However, I believe the company did an excellent job of owning its mistakes and has come a long way toward addressing the issues raised by detractors. We recently had IBM Cloud’s GM of Delivery and Operations, Alan Peacock, stop by for a chat on the Six Five Insider podcast, which I host with my colleague Daniel Newman at Futurum Research. We seized the opportunity to talk about IBM Cloud, the growth it is experiencing and the company’s commitment to security and compliance for the high-stakes industries it serves. Peacock’s viewpoint is unique and valuable, given he spent a career in the financial services industry before landing at IBM. Today I’d like to share some insights from that conversation.

When failure is not an option

In Peacock’s words, IBM Cloud’s mission is to be “the most secure, most stable and the most resilient cloud on the planet.” Clients have chosen to run their businesses on IBM’s platform, making IBM a vital part of their business. With such an arrangement, any downtime on IBM’s part can be disastrous for its clients.

The foundation of IBM Cloud’s resiliency, as the company tells it, are its multi-zone regions (MZRs). By design, these MZRs limit the adverse effects of any failure to a single data center instead of affecting all zones and grinding operations to a halt. In this way, IBM built resiliency into the very core of its architecture.

On top of that, IBM has improved its cloud infrastructure to reduce the number of Severity 1 incidents. Additionally, the company has made enhancements to its observability stack and is improving procedures to mitigate the impact of changes. These updates include but are not limited to the implementation of an “aggressive” currency strategy across all components, the optimization of network paths and route policies, control plane configuration changes, enhanced operating procedures for auto-scaling services and continued enhancements to deployment automation capabilities. As of August 2022, these modifications reportedly achieved a 90% reduction in Severity 1 incidents and an 87% improvement in overall disruption time over the previous year. These are outstanding improvements. You can see more details here.

Now that we’ve talked about resiliency, I’d like to focus in on what I think is the most advanced vertical, partner-led Cloud IBM, its Cloud for Financial Services.

IBM Cloud for Financial Services

Drilling down a bit further, some of IBM Cloud’s most compelling advances revolve around its IBM Cloud for Financial Services offering. Specifically, Peacock cited IBM’s Cloud Security and Compliance Center as a significant differentiator. The Cloud Security and Compliance Center provides clients with a tool to govern their cloud resource configurations and centrally manage their compliance with organizational and regulatory guidelines. According to IBM, these capabilities allow clients in particularly stringent industries (e.g., financial, telecom, government, health) to better address the tasks typically required to ensure security and compliance, thereby accelerating their cloud migrations. Notably, the Cloud Security and Compliance Center works on all Cloud platforms, albeit with deeper capabilities on IBM Cloud.

Another big differentiator for IBM Cloud for Financial Services is the framework it provides to third-party software vendors to assess and certify their ISV products before deployment on the IBM Cloud. According to Peacock, the accountability and transparency this provides allow for much faster and safer consumption of these products on the platform.

Wrapping up

Cloud migrations can be risky and daunting for any business, let alone the highly regulated ones that IBM Cloud predominately serves. I left the conversation with a renewed appreciation for how IBM has built resiliency and redundancy into its foundation. Additionally, through solutions such as the Security and Compliance Center, IBM Cloud for Financial Services and its validation framework for 3rd and 4thparty software developers, IBM has prioritized de-risking and simplifying the cloud migration process for these industries. Peacock was adamant that the work does not end here—IBM will continue to focus on design, process, tool and management improvements that will reduce incident volume, impact and response/recovery times. In time, I believe we’ll see IBM Cloud’s success resonate and expand to an even broader set of industries.

Note: Moor Insights & Strategy writers and editors may have contributed to this article.

Patrick Moorhead
+ posts

Patrick founded the firm based on his real-world world technology experiences with the understanding of what he wasn’t getting from analysts and consultants. Ten years later, Patrick is ranked #1 among technology industry analysts in terms of “power” (ARInsights)  in “press citations” (Apollo Research). Moorhead is a contributor at Forbes and frequently appears on CNBC. He is a broad-based analyst covering a wide variety of topics including the cloud, enterprise SaaS, collaboration, client computing, and semiconductors. He has 30 years of experience including 15 years of executive experience at high tech companies (NCR, AT&T, Compaq, now HP, and AMD) leading strategy, product management, product marketing, and corporate marketing, including three industry board appointments.