Hybrid cloud: How to make it work for banks

Cloud transformation of the finance industry started a long time ago after the economic crisis in 2008. Since then, the transformation has been happening at a relatively slow pace. But due to the global pandemic, cloud computing, especially hybrid cloud, has gained new momentum. Banks want to have control over their key systems and keep them on-premises but should move a part of their infrastructure to the cloud to cope with a number of new challenges:

• A sudden increase of card-not-present payments transactions;
• Move to work-from-home environments;
• Pressure on digital channels due to closed branches of banks;
• Increased number of credit applications, etc.

So what does hybrid cloud mean for financial institutions? Why should banks use it? How to implement hybrid cloud in your bank? Here, you will learn the answers to these and many other questions. 

What is hybrid cloud for banks? 

In recent times, we have witnessed many banks moving to hybrid cloud. Bank of America launched a hybrid cloud with IBM, Banco Santander has partnered with Microsoft Azure to drive its cloud strategy, Keybank chooses Google’s Anthos to develop personalized banking solutions for its customers. And examples like these are numerous. According to the IDC's 2020 CloudPath Survey, 89% of banks reported operating with or planning to operate with such strategies. By using hybrid cloud, banks are able to maintain and support their legacy systems while simultaneously taking advantage of cloud technology. 

As the recent webinar by McKinsey & Company “Accelerating hybrid-cloud adoption in banking and securities” states, the trust in the public cloud is set to increase. As of now, only 13% of financial institutions have more than 50% of their environment in the public cloud. In the next 5 years, 54% of banks will have more than 50% of the environment in the public cloud. So why use hybrid cloud in the banking industry?

Financial institutions and banks adopt hybrid cloud for a number of cases:

• Storage: Banks and financial institutions operate huge volumes of big data. With hybrid cloud, banks can store sensitive data on-premises and move all the other data that has a lower risk in terms of security to the cloud. This will reduce the cost and complexity of storing huge amounts of data on physical data centers.
• Reporting and analytics: Banks move to hybrid cloud as cloud computing offers ML and AI capabilities that provide insights into customer behavior, product efficiency, cross-selling and upselling opportunities.
• Security: With the help of hybrid cloud, banks can no longer worry about disaster recovery. Financial institutions can keep their production environment in a private cloud and a recovery environment in a public cloud, ready to spin up as necessary. In the event of a disaster, administrators can quickly start the application in the public cloud, since the data is already present there. Also, such architecture is used for business process automation (RPA) in customer servicing (account payable, know your customer) and various report automation.
• Development and testing: With hybrid cloud, banks can leverage Kubernetes services, microservices architecture, and various testing solutions that are used for effective development and testing of web and mobile fintech applications.
• Regulatory requirements & compliance: Hybrid cloud helps banks adhere to changing regulatory reporting requirements (e.g., Comprehensive Capital Analysis and Review, Solvency II) in multiple operating jurisdictions. Cloud-based solutions also help financial services firms conduct intraday liquidity and risk calculations, and mine trade surveillance data to detect anti-money laundering and other fraud issues. 
• Migrating workloads to and from the cloud: moving to the cloud or back to on-premises is not a one-day task. Thus, financial institutions and banks use hybrid cloud to check the optimal services and resources for workloads by migrating applications to and from the cloud.

Benefits of using hybrid cloud for banks:

• Cost-efficiency;
• Business scalability;
• Flexibility and agility;
• Improved compliance and governance;
• Better availability and support;
• Improved time-to-market;
• Ease of innovation.

Best practices for implementing hybrid cloud for banks

1. Assess your resources

First, you need to conduct a thorough analysis of your apps, data, and workloads. Mission-critical apps that require the most control and monitoring should be hosted in your private cloud. Other apps can be migrated to the cloud. Also, it is important for banks to have an efficient cloud transformation strategy. There are various types of approaches to migrating legacy applications to the cloud. Taking into account classifications by AWS, Oracle, Google, and Forrester, here at N-iX, we have come up with 6 key application transformation methods. Before migrating apps, you should consider the application complexity, risks, costs/effort of migration, and ROI. If none of these methods suits, you will need to replace your existing app with services from a SaaS cloud provider or build a new cloud solution from scratch.

• Re-host (lift and shift);
• Re-platform (lift, tinker and shift);
• Modernize;
• Rewrite;
• Drop and shop;
• Retain.

2. Protect your data

Additionally, you should take care of your data. All sensitive information should be encrypted and stored on-premises. Those data that can be exposed to the cloud should be also protected, and banks should analyze it to drive insights. Cloud enables big data processing and makes machine learning at a large scale efficient. By putting the right technology in place, you can shape actionable models from existing data to predict possible scenarios and determine which actions will bring the best results. Also, it is very important to back up your data in the cloud, because cloud providers can experience outages too. Top cloud vendors offer built-in backup and recovery solutions.

3. Prepare your architecture

Banks that are moving to hybrid cloud should prepare the architecture of their apps for migration. If you decide to build a solution in the cloud from scratch, you also need to think about its architecture: microservices vs monolith. Compared to traditional monolithic apps, cloud-native applications are easier to manage and maintain. They comprise individual microservices that can be improved incrementally to continuously add new and improved application features.

Usually, legacy IT architecture is a complex system with many duplicated systems, inconsistent data, and inefficient processes. The complexity of the current IT architecture poses one of the major risks of moving to the cloud.It slows the migration to the cloud.

To help our clients make it fit for the cloud, N-iX cloud experts conduct a root cause analysis, resolve tech debt, figure out interdependent parts, and create profound documentation. The main goal is to make the architecture agile, secure, scalable, and cost-efficient. The best way to do it is to design the application as a collection of microservices - easily manageable and autonomous constituents, each of which addresses a particular task. 

For example, N-iX specialists have helped Finbursa, a leading investment marketplace, set up a cost-effective infrastructure for microservices architecture in GCP. We have built fully automated CI/CD from git commit to delivering the app to production. As a result, now transaction management platform provides users with security, scalability, and enhanced traceability.

For businesses that have already adopted microservices architecture and orchestrated their containers with tools like Kubernetes or Docker engine, it is easier to make a transition to the cloud. Popular cloud providers such as AWS, GCP, and Azure offer specific assistance for Kubernetes as well as other engines that further help in the migration process. 

Infrastructure as code (IaC) is a key enabler of efficient migration of legacy systems to the cloud. Thanks to it, you can automatically manage and provision computers and networks (physical and/or virtual) through scripts instead of manually configuring them.

4. Choose the cloud provider(s)

Major cloud vendors such as AWS, Azure, GCP, offer comprehensive tools for hybrid cloud that banks can use to their advantage. Azure is a leader in this approach, with platforms like Azure StorSimple, Hybrid SQL Server, and Azure Stack. Moreover, Microsoft announced it is working with a financial services software provider Finastra in a multi-year agreement to migrate applications to Azure, deliver end-to-end offerings for customers and engage with Finastra’s ecosystem of partners, exposing Microsoft to more customers in this segment, beyond the 3,000 banks and financial institutions already supported by both companies.

In 2018, Google introduced hybrid cloud support. It has dramatically increased its focus on hybrid and multi-cloud workloads using Anthos, allowing users to manage workloads on GCP and Google Kubernetes Engine. Google Cloud and Temenos, the banking software company, announced a global, strategic partnership to help financial services organizations run mission-critical banking software and applications on Google Cloud.

In recent years, AWS has also significantly developed this direction with solutions such as VMware and Outposts. Like its competitors, AWS has partners that serve the financial services industry with cloud-based offerings targeted at banks, insurance companies, capital market firms and payment processors. There is also AWS Marketplace, a digital catalog with more than over 4,8000 software listings (including 126 that are specific to the financial services industry), where users can find, test, buy, and deploy software that runs on AWS.

You can choose the services of any cloud provider to suit your business needs or combine services from several providers. Multicloud is a choice of many fintech companies as it gives a certain degree of freedom and flexibility, minimizing the risk of vendor lock-in.

5. Adopt hybrid cloud in banking step by step

If you want to succeed with hybrid cloud banking, don’t migrate all of your apps at once, make it in phases. Start with one or two apps as pilot projects to understand all the challenges and costs behind them. It is a good strategy to begin with migrating non-critical apps and services.

6. Orchestrate interoperability

When you combine your own infrastructure and public cloud services in one environment, you need to set up seamless interaction between them to avoid latency, security issues, outages, etc. There are different tools that help manage heterogeneous environments and ensure high visibility and control. But it’s one thing to have the tools you need at hand for managing data and apps in the cloud. And major cloud providers such as AWS, Azure, GCP offer them in abundance. But it is another thing to configure them correctly and be able to drive valuable insights. Experienced DevOps engineers can orchestrate interoperability between heterogeneous environments, make necessary configurations, and ensure the seamless performance of your data and apps.

7. Plan for security 

You need to adopt the DevSecOps approach and implement security at every stage of your cloud adoption. You should synchronize security measures across heterogeneous environments and use efficient tools for it. Popular cloud providers such as Azure, AWS, GCP provide security as a service. They ensure that your physical assets are protected from unauthorized access. The majority of cloud vendors have strong portfolios of compliance offerings including ITAR, DISA, HIPAA, CJIS, FIPS, etc. They invest heavily in security to protect customers’ data from cyberthreats.

Also, they offer robust solutions to secure your data and information during cloud migration. However, you need to have experienced DevOps engineers and a security team who can make necessary configurations and ensure the long-term security of your data and apps. Here are a few simple things about security in the cloud everyone should know:

• Encrypt data assets in transit and at rest;
• Leave sensitive data on-premises;
• Isolate individual workloads to minimize any damage an attacker could cause;
• Configure a Firewall;
• Make use of advanced technologies such as Big Data, AI, ML IoT, etc.;
• Avoid shadow IT;
• Implement necessary controls;
• Enable multi-factor authentication and set up user access policies;
• Update passwords;
• Don’t use one password for all tools;
• Update anti-virus software;
• Don’t open susceptible links;
• Upgrade software to the latest installation.
• Enable security policies to make sure secure changes are implemented.
• Train others on how to maintain security in the cloud. 

8. Optimize costs

DevOps practices can help companies optimize their costs involved in software development, deployment, and maintenance. With the help of DevOps, you can assess what resources you are using, analyze what areas can be optimized and how to do it, monitor spending of IT costs, and investigate new services that will help you reduce costs and optimize your infrastructure usage even more.

If you don’t know how to optimize your costs, find a partner who can help you with hybrid cloud cost optimization. There are a lot of best practices for hybrid cloud cost optimization. Here we highlight the most common ones:

• Reduce infrastructure usage in the areas where it can be reduced;
• Start using third-party services that allow you to reduce operational overhead and save costs;
• Automate the CI/CD process and provisioning of IT infrastructure;
• Delete underutilized instances;
• Rightsize your workloads;
• Resize resources if they are not in use;
• Take advantage of autoscaling;
• Move infrequently accessed storage to cheaper tiers;
• Set alerts for crossing predetermined spend thresholds;
• Explore whether hosting in a different region could reduce costs;
• Invest in reserved instances;
• Leverage spot instances for serverless and parts that don’t require high availability;
• Make use of discounts.

9. Monitor your hybrid cloud

To ensure solid application performance, high availability, and low costs across heterogeneous infrastructures, you need to build a robust hybrid cloud monitoring strategy. Automation should play a key role in this process. There are several best practices for effective hybrid cloud monitoring:

• Identify and track your KPIs: error rates (failed requests/total requests), application availability, latency, number of time-outs, throughput;
• Create operation dashboards;
• Establish an alert threshold;
• Integrate your monitoring system with management tools;
• Implement Data Lost Prevention solutions to make sure the data is not leaving the security perimeter;
• Explore vendor’s native monitoring tool options.

Read more: Cloud-based digital banking: pushing a new business frontier

How N-iX can help banks with moving to hybrid cloud

• N-iX boasts an internal pool of 2,200+ experts, many of which have experience with one or several cloud platforms. 
• N-iX is a global software development service company with offices and development centres across Europe and in the USA.
• N-iX is trusted in the global tech market: the company has been listed among the top software development providers by Clutch, in the Global Outsourcing 100 by IAOP for 4 consecutive years, recognized by GSA UK 2019 Awards, included in top software development companies by GoodFirms.co, and others.
• N-iX partners with leading global companies such as Currencycloud and Globacap to help them launch fintech projects and leverage all the benefits of hybrid cloud in banking.
• N-iX is a Select AWS Consulting Partner, a Microsoft Gold Certified Partner, a Google Cloud Partner.
• N-iX experts have proven experience working with such technologies as blockchain, computer vision, AI & ML, robotics which are essential in fintech web and mobile app development. 
• We help banks with hybrid cloud. Our expertise in cloud computing includes cloud-native services, on-premise-to-cloud migration, cloud-to-cloud migration as well as multi-cloud management. 
• We offer professional DevOps services, including Cloud adoption (infrastructure set up, migration, optimization), building and streamlining CI/CD processes, security issues detection/prevention (DDOS & intrusion), firewall-as-a-service, and more.
• N-iX has broad data expertise to design different kinds of data solutions: Big Data / Data Warehouse / Data lake development, Business Intelligence, Data Science, Artificial Intelligence & Machine Learning, etc.
• N-iX has been named No. 72 on the 2020 CRN Fast Growth 150 List for the substantial growth and performance over the previous two years. 
• N-iX is compliant with PCI DSS, ISO 9001, ISO 27001, and GDPR standards.