SYS-CON MEDIA Authors: Pat Romanski, Elizabeth White, Zakia Bouachraoui, Liz McMillan, William Schmarzo

Blog Feed Post

Public Cloud Core Banking: Vendors Hype or Short term Reality?

Many large banks are IBM Mainframes users. They use mainframes for decades. They use other platforms as well, but their Core Banking systems are deployed on Mainframes.

Recently leading Cloud Computing vendors such as Amazon, Microsoft and Google approached large banks in order to start migration of systems to their Public Clouds. 

I looked for evidence supporting the notion that Banks are transforming from Mainframes to Public Clouds. I found no evidence.

I am not the one to be blamed for not finding any significant evidence, because there is no evidence supporting the notion cited above. 

Banks are using Public Clouds but...
Like many other organizations, banks are using Public Clouds applications. However, they do not use it for Core Banking systems deployment.
They use Public Clouds for applications which are less integrated with the Core Banking systems.

If they will not use Public Clouds for Core Systems, IBM Mainframes will be used for many years.

Public Clouds, Private Clouds or Hybrid Clouds
The answer to the question: Which type of Clouds are you using or you will use in the next years? will  vary.  
SMBs' frequent answer would be: Public Clouds
Large Enterprises' frequent answer would be: Hybrid Clouds.

Hybrid Clouds usage is based upon both Private Clouds and Public Clouds.

If you read a previous post titled: The Next generation of Private Clouds, you probably noticed that, according to Forrester Consulting's survey, building Private Clouds is a priority for nearly half of the large enterprises surveyed.

You may also noticed that 67% of the survey respondents said that access to Mainframe Data was critically important or very important in Clouds environments. 

Conclusions

1. Large enterprises will continue to use Mainframes.

2. Large Enterprises will use Hybrid and Private Clouds. Mainframes will be part of Private Clouds.

Large Banks will not migrate of Mainframes to other platforms if they considering including Mainframes in their Private Clouds. 

Business Barriers to Migration from Mainframes
Is there a Business Case for migrating Core Banking systems from Mainframe? 
It is difficult to justify such a large and expensive  endeavour.

The CEO or another manager would ask: What would we get for this multi year expensive endeavour?
The answer would probably be the same functionality.

Not the best answer for convincing Business oriented non-tech managers to spend a large amount of money.

Risks

1. resistance to change
Many of the current elderly Mainframe team members will not be able to adjust to new platforms and new development paradigm and tools. They are afraid of losing their jobs. 
Some of them will resist the change and will not cooperate.

2. losing expertize
The IT staff maintaining current Core Banking systems has limitations, as far as new technologies and architectures are concerned, however some of the employees have deep understanding of current systems and the Bank's Business processes and Business goals.

They also know a lot about the Organizational Culture and about people working in the Business departments. 

Many of these employees will retire or will be fired.
The new young energetic employees, replacing them,  lack understanding and knowledge of the Business, the Organization and the People.     

3. Bugs 
Even in case of no resistance to change do not expect 100% accurate migration.
New bugs introduced to the new system imply cost and less satisfied customers.    

3. missing Functionality
Undocumented functionality will not be part of the new Core Banking Systems.
The assumption that the documentation of complex old systems is full and accurate is an unrealistic assumption

4. missing Data
Replace the word Functionality in the previous section by Data. Do not expect 100% precise data migration. 

5. Misinterpreted Business Processes
The Challenges to BPM implementations include lack of Visibility and non-documented processes. 
If the Bank migrating from Mainframe, did not complete its BPM implementation, some Business Processes in the new non-mainframe systems will not be identical to current Business  

6. Co-existence and Migration process
After completion the development of new systems, these systems should be deployed.
Anything could get wrong during the actual migration process.

  
Additional Challenges 
  
 1. Security
Mainframes Security is better than other platforms Security.
In addition to the gap between Mainframe Security and Windows Security and Linux Security in non Cloud based environment, there is an issue of Public Cloud Security.

I am not sure that in house Linux and Windows based systems are more secured than Public Cloud based Linux and Windows systems. 
However, customers perceive them as less secure because they are managed by employees of another company and because their systems shared resources with other enterprises' systems.

Systems and Data Security is more important to banks than to many other enterprises. 

2. processing Large Amounts of Data
Mainframes are capable of processing large amounts of Data. High percentage of Business Data resides on Mainframes. 

3. Scalability and Workloads Management 
Current Public Clouds are based on Hypervisiors, Windows and Linux. 
Are these Operating Systems capable of supporting large amount of concurrent Banking Transactions? 
I doubt. My experience, as well as others experience, do not support the assumption that these Operating Systems will be capable of supporting and managing  properly large number of concurrent Banking transactions.  

Reasons to replace current mainframe Core Banking systems


1. Maintenance
Maintenance of old Legacy systems could be a nightmare. 

Many of the people we wrote the programs 20 years or 30 years ago are not available.

The systems are not architectured well and are not structured properly. Usually the systems are large monolithic silos.

The code was changed many times by many different people.

2. lack of Agility and a long Change Backlog  
The lack of Agility is an additional maintenance difficulty.
The Business result of the difficulty to change systems is a long list of unfulfilled change requests.
 
3. Skills unavailability
Young professional prefer to work with mainstream technologies and/or new innovative technologies. Gradual skills decline is a real problem in Mainframes environment.

Are there non-migration alternatives?
Basically there are two alternatives addressing Mainframes concerns without risky migration to other platforms:

1. Modernization
Systems modernization could be performed without migration.
The Modernized systems could be Service Oriented and may use advanced modern technologies, which are available on Mainframes.

It is not a Big Bang risky approach but it is still a long journey. Those who will decide to modernize  their Mainframe Core Banking systems will use Mainframes for more than Short Term period.
However, after completing systems Modernization they will be capable of gradual and relatively smooth migration, if they will decide to migrate.  

2. Core Banking Packages
Core Banking systems could be replaced by Core Banking packages. These packages resemble ERP products. Some of these packages can be deployed on Mainframes and on other platforms as well.

An endeavour of choosing a Core Banking Package and replacing current Core Banking Systems by it is also a long journey. Usually it is a longer journey than Modernization.

After completing the journey maintenance could be easier and cheaper, the dependency on employees is reduced and future gradual or complete migration from Mainframe is smoother and cheaper.  

Migrated from Mainframe but not the Public Cloud
After long journeys to Modernization or Core Banking packages the last thing you would think of is another migration from Mainframes to another platform.
  
Few years later you may start migration to another platform. Even if someone will migrate to Linux or Windows the systems are still deployed in his Private Cloud (or not in any Cloud).

There are still significant barriers to Public Cloud based deployment.
I will name few major barriers: Local Regulation, International Regulation (e.g. Basel 3), Security and integration with other systems in the Data Center and in other Public Clouds.  

   
Real World Case Studies? - Capital One
Amazon's leading Early Adopter is Capital One.  
Capital One is a Credit Cards company and a Large Bank. 

Capital Bank is using Open Source software, Microservices and Devops. Capital is performing transformation to Digital Banking. 

Capital Bank's CIO Rob Alexander presented a Keynote presentation in last October at Amazon's re:Invent conference.  

Alexander described how they start experimenting AWS in 2014 and how late in 2015, they launched production Mobile Banking applications based on Amazon's AWS.

I guess that the Mobile applications are using Mainframe Core Banking Applications and Data.

According to Capital One's CIO "the bank has been working closely with Amazon's team to develop the Security model". 

For more details read: 
AWS Case Study: Capital One 
AWS reinvent 2015 keynote - Rob Alexander


The private Security model will be only the first step in a long process of development of industry Security standards and implementing these standards.


Me Bank
Me bank is a full fledged retail bank. The Melbourne-Headquartered company manages 20 billion $ in assets and has 800 employees who support 280,000 customers around Australia. 

Amazon AWS is used for Development and Testing.
The Core Banking systems reside in the bank's Data Center.     
For more details read:
AWS Case Study: ME Bank


ME Bank is not a large bank. I do not know if the Core Banking Systems were deployed on Mainframes.
If they were, I would not predict migration from Mainframe in the following 5 years.

Microsoft's partner: Capgemini
Capgemini partnered with Microsoft in order to provide Cloud based Services in Microsoft's Azure

I did not find Case Studies in Capgemini's white paper Cloud Computing In Banking.

However, I found the following text: " Banks are expected to enter the cloud computing arena cautiously, with no single cloud services delivery model being a silver bullet for best meeting their demanding business needs". 

Capgemini's white paper also discussing the first methodological step of choosing the right cloud model. The models are: SaaS, PaaS, IaaS and BPaaS (Business Process as a Service). 

Microsoft's partner is preparing the methodology for banks entering the Cloud Computing arena. No Case Studies yet.

It should be remembered that the first banks that will  use Azure will be smaller banks using Windows operating system and not Mainframe based large banks. 


The Bottom Line
Mainframe was not dead in the 90ies and was not dead few years ago.
Large Banks will continue Core Banking systems deployment on Mainframes at least for the following 5 years. 

Read the original blog entry...

More Stories By Avi Rosenthal

Ari has over 30 years of experience in IT across a wide variety of technology platforms, including application development, technology selection, application and infrastructure strategies, system design, middleware and transaction management technologies and security.

Positions held include CTO for one of the largest software houses in Israel as well as the CTO position for one of the largest ministries of the Israeli government.

Latest Stories
DevOps tends to focus on the relationship between Dev and Ops, putting an emphasis on the ops and application infrastructure. But that’s changing with microservices architectures. In her session at DevOps Summit, Lori MacVittie, Evangelist for F5 Networks, will focus on how microservices are changing the underlying architectures needed to scale, secure and deliver applications based on highly distributed (micro) services and why that means an expansion into “the network” for DevOps.
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settl...
Contextual Analytics of various threat data provides a deeper understanding of a given threat and enables identification of unknown threat vectors. In his session at @ThingsExpo, David Dufour, Head of Security Architecture, IoT, Webroot, Inc., discussed how through the use of Big Data analytics and deep data correlation across different threat types, it is possible to gain a better understanding of where, how and to what level of danger a malicious actor poses to an organization, and to determin...
@CloudEXPO and @ExpoDX, two of the most influential technology events in the world, have hosted hundreds of sponsors and exhibitors since our launch 10 years ago. @CloudEXPO and @ExpoDX New York and Silicon Valley provide a full year of face-to-face marketing opportunities for your company. Each sponsorship and exhibit package comes with pre and post-show marketing programs. By sponsoring and exhibiting in New York and Silicon Valley, you reach a full complement of decision makers and buyers in ...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
LogRocket helps product teams develop better experiences for users by recording videos of user sessions with logs and network data. It identifies UX problems and reveals the root cause of every bug. LogRocket presents impactful errors on a website, and how to reproduce it. With LogRocket, users can replay problems.
Data Theorem is a leading provider of modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously scans APIs and mobile applications in search of security flaws and data privacy gaps. Data Theorem products help organizations build safer applications that maximize data security and brand protection. The company has detected more than 300 million application eavesdropping incidents and currently secu...
Rafay enables developers to automate the distribution, operations, cross-region scaling and lifecycle management of containerized microservices across public and private clouds, and service provider networks. Rafay's platform is built around foundational elements that together deliver an optimal abstraction layer across disparate infrastructure, making it easy for developers to scale and operate applications across any number of locations or regions. Consumed as a service, Rafay's platform elimi...
Kubernetes is a new and revolutionary open-sourced system for managing containers across multiple hosts in a cluster. Ansible is a simple IT automation tool for just about any requirement for reproducible environments. In his session at @DevOpsSummit at 18th Cloud Expo, Patrick Galbraith, a principal engineer at HPE, discussed how to build a fully functional Kubernetes cluster on a number of virtual machines or bare-metal hosts. Also included will be a brief demonstration of running a Galera MyS...
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, application p...
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, Sandy Ca...
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessio...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
Fact: storage performance problems have only gotten more complicated, as applications not only have become largely virtualized, but also have moved to cloud-based infrastructures. Storage performance in virtualized environments isn’t just about IOPS anymore. Instead, you need to guarantee performance for individual VMs, helping applications maintain performance as the number of VMs continues to go up in real time. In his session at Cloud Expo, Dhiraj Sehgal, Product and Marketing at Tintri, sha...
According to Forrester Research, every business will become either a digital predator or digital prey by 2020. To avoid demise, organizations must rapidly create new sources of value in their end-to-end customer experiences. True digital predators also must break down information and process silos and extend digital transformation initiatives to empower employees with the digital resources needed to win, serve, and retain customers.