Microsoft says it will launch a Financial Services Cloud later this month, more than a year after IBM announced its Cloud for Financial Services.
The software companies are competing with each other and with the other two major cloud providers, Amazon and Google, for banks’ business as financial institutions increasingly embrace cloud computing to cut costs, improve flexibility and facilitate rapid digital expansion.
IBM and Microsoft are the first big technology companies to offer a complete cloud environment specialized for banks.
“I do think this is something beyond just marketing,” said Jason Malo, research director at Gartner. “There are tangible benefits to be seen. Financial services have a higher standard of security and compliance than other verticals. So it makes sense that a one-size-fits-all model would wane for those institutions in deference to ones that have compliance by design or security by design.”
Microsoft and IBM are each repackaging existing technology and creating some elements for financial companies.
Both companies tout the interoperability, compliance and security of their financial services clouds. Both have some financial services clients and vendor partners. Where they appear to differ is in focus: Microsoft is emphasizing the interoperability of its cloud pieces, while IBM is stressing security and compliance.
Microsoft: Emphasis on interoperability
Just as Microsoft won over the American workplace in the late 1980s with the interoperability of its Windows applications, the company now says its cloud-based software pieces all work well with each other and with popular financial services applications.
“Our customers are saying, you have great capabilities. How do you allow us to, instead of just using the individual Lego blocks and having us figure it out, actually bring the Lego blocks together, with better assembly instructions so we can move faster?” said Bill Borden, corporate vice president of worldwide financial services at Microsoft.
Microsoft’s financial services cloud integrates its cloud infrastructure, Microsoft Azure; its cloud-based version of Office, Microsoft 365; its customer relationship management and enterprise resource planning software, Microsoft Dynamics; and the Microsoft Power application-development environment.
To help share data between these different applications in the cloud, Microsoft plans to introduce a common data model for the industry that allows software to easily be ported from one program to another.
“We've come up with common data definitions and structures so that data can be used interchangeably around different features and functions,” Borden said.
Microsoft will also debut a product within this specialized cloud called Loan Manager that banks can use to schedule appointments with potential borrowers, host virtual meetings in Microsoft Teams, let customers apply for loans online, provide status updates to borrowers, send loan applications to human loan officers' phones to approve, obtain e-signatures and close loans without requiring customers to visit a branch.
Financial services firms that use Microsoft’s Azure cloud today include Bank of America, which has been letting some of its employees use Microsoft Office 365 since 2017.
A challenge to using newer, cloud-based software is that many banks have core systems that are 30 or 40 years old, and not written using modern application language and protocols.
“Modernizing core platforms and core infrastructure is one of the big outcomes that we spend a lot of time talking with our customers about, because they're not going to throw out that infrastructure — they can't afford to do that,” Borden said.
The Microsoft financial services cloud is designed to connect to existing cores through application programming interfaces, Borden said. Microsoft has signed up core vendors like Fiserv, FIS and Finastra as partners; they have committed to making their software compatible with Azure, Dynamics and 365.
Security is an issue Microsoft and all the cloud vendors have to pay close attention to. A couple of summers ago, when a former Amazon software engineer, Paige Thompson,
The cloud providers targeting banks all say they are addressing this issue.
“We've been talking to customers and regulators around the world for quite some time about how our cloud services will need to operate in this industry,” Borden said. Security features Microsoft is building for this cloud include encryption key management, identity management and real-time security monitoring, Borden said.
IBM: Focus on security, compliance
IBM stresses the compliance and security components of its cloud for banking.
“What we're doing in our cloud for financial services is changing the technology of the cloud itself so that it has a higher security and compliance posture,” said Hillary Hunter, chief technology officer of IBM Cloud. “That enables banks to get onto the cloud faster, because one of the most lengthy processes that they have to undergo is the security and compliance planning and assessments of a cloud environment so that they can trust it.”
A unique security feature IBM offers is “keep your own key” encryption, which means only clients can access their own data in the cloud, even if IBM gets a government subpoena for it.
“If you keep full control of the keys, it enables a much stronger posture of control even when a bank is working in a multitenant environment like a cloud,” Hunter said.
Another security feature is called “confidential computing.” This isolates sensitive data in a protected central processing unit enclave during processing. The contents of the enclave are accessible only to authorized programming code.
Hunter offers the analogy of an office building that provides a lot of security: video cameras out front, a security person at the front desk and security badges required to take an elevator. The secure enclave is like a soundproofed office in that building where someone can have a conversation and do work that is unheard and unseen from everyone else in the building.
Hunter further asserts that the use of IBM’s financial services cloud reduces third-party risk for banks.
“If everyone's using the same security and compliance control set, and hundreds of controls have been baked into the cloud itself, it reduces the risk of everyone that's using the environment,” she said.
The consistency of security and compliance settings can help with speed to market, she said.
“With the pandemic and the world economic situation, banks are all under a tremendous amount of pressure to create change in the way they're engaging with customers,” Hunter said. Some of IBM’s bank customers had to quickly ramp up online small-business lending to handle the Paycheck Protection Program, she said.
“The cloud can deliver that ability to quickly create new applications and functions, and provides elasticity,” she said. “Things can grow and scale as economic circumstances and business needs change.”
At most banks, 90% to 95% of workloads are not in the cloud because of concerns about sensitive data, Hunter said.
To help prevent the kind of misconfiguration error that allowed Paige Thompson to access Capital One data, IBM last summer acquired Spanugo, a U.S.-based provider of cloud cybersecurity solutions. The software is now supporting the IBM financial services cloud. It logs and monitors user behavior to make sure the right security measures are being taken on the clients’ side.
“Documentation can also be generated to ensure that regulators, for example, can see that you are correctly enforcing and monitoring and correcting the things that need to be happening on the cloud,” Hunter said.
