The Bank of England is a strong supporter of cloud banking. At the Mansion House speech in June 2019 the governor spoke of how “new general purpose technologies, like the Cloud and AI, can be used to strengthen the resilience of the system”.
You hear the same message from other central bankers and the major consultancies. Deloitte, for example, published a report on the future of banking in 2019 and concluded: “So, is it time to move core processing to the cloud? Yes, it absolutely is, and it should be on the minds of all banking executives.”
Each time the keyword is resilience. Cloud banking offers uptime, security, and durability. These qualities are desperately needed by an industry experiencing unacceptable and expensive glitches and outages.
But why? What makes the cloud more reliable? It’s vital bankers and regulators understand the reasons the cloud is so stable.
Hardware is an obvious answer – but not quite the right one. Traditional on-premise data-centres are vulnerable to hardware failure. If an individual server fails it must be decommissioned and replaced. It’s slow and disruptive. If a facility runs into trouble – a flood, power-cut or internet outage – the bank is in trouble. A redundant colocation facility is mandatory, but is a primitive solution.
Move to the cloud and you enjoy extraordinary physical advantages. Amazon Web Services, for example, runs 69 Availability Zones (AZs) across 22 geographic regions worldwide. Data is hosted across multiple AZs connected via private fibre optic networking for incredible resilience. A disaster in one AZ thus poses no threat since they have fully isolated networking, hardware and power supplies. IBM Cloud, Microsoft Azure and Google Cloud Platform offer similar geographic diversity.
But we are barely scratching the service. The real resilience comes from how software can run in the cloud.
A migration to the cloud is a golden opportunity to abandon unstable legacy systems from a by-gone era and shift to rock-solid applications, written from scratch on Cloud Native principles.
Cloud Native software uses Microservices. The application is split into autonomous chunks, which communicate via APIs. Microservices are inherently more robust: a problem arising in one is isolated and contained. The others are unaffected, so the system can keep running despite a single failure.
Containerisation is another key concept. At Google, for example, everything from Gmail to YouTube runs on containers – billions are started every week. These are lightweight software units, able to be spun-up or spun-down in a fraction of a second. Kubernetes is the management tool, automatically optimising the operation of the containers.
In practical terms, containers make an application bullet-proof. If a container malfunctions it is destroyed and replaced by another. This is known as “self-healing”, and the description is spot on.
Cloud Native software is extensible. This means it can expand and contract on demand.
Capacity is effectively limitless in the cloud. A traffic spike on Black Friday can knock traditional bank systems offline. But extensible Cloud Native software can handle any load. Just look at how Netflix stays online over Christmas when numbers soar. Netflix accounts for around 15 per cent of the world’s internet traffic. WeChat was reported to handle up to 250,000 transactions a second on singles day in China. This is a level of traffic traditional systems would find impossible. It copes with demand on this scale by running on Cloud Native software hosted on AWS.
Perhaps the biggest advantage is the way software is updated. We all know the challenges of altering banking software. IT teams may risk a Big Bang upgrade once a quarter. And they hold their breath when they do it.
Cloud Native software is utterly different. It can be updated hundreds of times a day with no downtime. Changes are tested and deployed automatically. Updates can be tested separately and in parallel using techniques such as Blue-Green deployments, in which traffic is switched smoothly between different versions of the application, eliminating risk and downtime.
We need to mention security too. Traditional banking software struggles with encryption, relying mainly on perimeter defences. This is sub-optimal, to put it politely. There are horror stories of plain text files accessible by contact centre staff. By contrast, the cloud-native design, deployed by Thought Machine's Vault platform, encrypts data at source and once again in transit. Data is never exposed. This approach is orders of magnitude more secure.
So when the Bank of England suggests banks move to the cloud to improve resilience this message is more than just fashionable posturing. There are profound technical reasons behind the policy.
A report for the Bank of England by Huw van Steenis in 2019 called the Future of Finance put it thus:
“Another priority should be for financial services to embrace cloud technologies, which have matured to the point they can meet the high expectations of regulators and financial institutions. Shifting from in-house data storage and processing to cloud environments can speed up innovation, enable use of the best analytical tools, increase competition and build resilience. For mid-sized firms in particular upgrading to the cloud can materially improve cyber-security.”
If banks want five-nines uptime, superior security, and the ability to update as often as they wish with no interruption to consumers, they need to listen to the Bank of England, and move their core banking to the cloud.