The public cloud can fit any number of use cases, but for IBM a key focus is enabling financial services to adopt the cloud.
On July 22, a series of new IBM Cloud for Financial Services initiatives were announced, in an effort to ease the path to broader cloud deployments by organizations in the financial services industry. In aggregate, the new efforts are about better enabling compliance security and resiliency for financial services firms looking to run workloads in the cloud. Among the new components are the IBM Cloud Policy Framework for Financial Services, the Financial Services Cloud Advisory Council and a new IBM Cloud Security and Compliance Center.
“During the global pandemic, we’ve definitely seen that there is a really urgent call in the industry for businesses to shift their operations and the ways that they engage with their clients toward the cloud,” Hillery Hunter, vice president and CTO of IBM Cloud, told ITPro Today.
For banks and other financial services firms, a delicate balance needs to be achieved to provide the economic and scalability benefits of the cloud, while still protecting the privacy of consumers and ensuring the highest standard of security, Hunter said. The goal of IBM Cloud for Financial Services is to provide cloud resources and structure that can help financial services firms. Among those that have adopted the platform is Bank of America, which uses it to host key banking applications for its 66 million banking customers.
IBM Builds Financial Services Cloud on Its Public Cloud
IBM Cloud for Financial Services is not a separate cloud infrastructure; rather, it’s built on top of IBM’s existing public cloud. Hunter noted that IBM Cloud is a multi-region platform with data centers around the world.
“The Financial Services cloud itself is the set of services that comply to security and compliance for financial services,” she said. “Within that set of public cloud offerings, there’s a set of capabilities that are mapped in a predefined way into security and compliance and regulatory obligations for financial services.”
The mapping is done within the IBM Cloud Policy Framework, which provides security and compliance guidelines for the financial services industry that correspond to services in the IBM public cloud. Some of the services include the use of Confidential Computing, which is an approach to encrypted data in use, Hunter said.
One of the concerns that many financial services firms have about using public cloud resources is that the cloud is a multi-tenant system where there are shared resources. Across compute, networking and storage, there are different forms of isolation that are determined through a predefined mapping, according to Hunter. One such example of how IBM is able to secure data in its multi-tenant public cloud is through its Keep Your Own Key (KYOK) service. KYOK enables users to have their own secure digital encryption keys for data that make use of a hardware security module (HSM). Combining KYOK with Confidential Computing enables organizations to isolate their data and control their own encryption keys, Hunter said.
“In that situation, they’re still in a multi-tenant environment, but their data is completely cryptographically isolated and protected from everyone else out there,” she said.
IBM Cloud Security and Compliance Center
A key part of IBM’s efforts to help financial services firms make use of the cloud is a dashboard capability known as the IBM Cloud Security and Compliance Center.
Hunter explained that the dashboard is something that different teams will benefit from, including cloud and IT teams as well as regulatory and risk groups. There are different concerns about cloud usage that interest various groups within an organization, and the goal of the IBM Cloud Security and Compliance Center is to provide information for each of those groups, she said.
“Bringing all those concerns together into the Security and Compliance Center is something that we feel will enable banks to really get to a ‘yes’ answer for using the cloud,” Hunter said.