Bank of America and IBM, along with IBM’s regulatory compliance arm Promontory Financial Group, have partnered to build a cloud for banks that has security, privacy and bank-specific regulatory compliance built in.
The special-purpose cloud is designed to address challenges that hold banks back when they think about adopting cloud computing.
“We believe that the whole industry has some unique challenges with the public cloud around compliance, security and resiliency,” said Bridget van Kralingen, senior vice president for global industries, clients, platforms and blockchain at IBM. “Governance, risk and compliance consumes around 20% of the operations costs of most major banks.”
The requirements for security, data protection and regulation in general change continually, she said.
“Because of that, many banks have not moved their production workloads to public cloud providers,” van Kralingen said. “There is not enough focus on those specific control requirements for the industry.”
Bank of America and IBM executives, including van Kralingen and Cathy Bessant, BofA’s chief technology officer, have collaborated since March on a set of controls that provide proactive and automated security and use the industry’s highest level of encryption certification for this cloud, van Kralingen said.
The cloud is expected to run on IBM’s existing public cloud, which uses Red Hat OpenShift as its primary Kubernetes environment to manage containerized software across an enterprise, and includes more than 190 API-driven, cloud-native platform-as-a-service products to create new and enhanced cloud-native apps. Container software provides certain functions, like security, in a wrapper within which applications run and can be moved from one cloud to another.
Bank of America’s cloud journey
Bank of America has been on an internal cloud journey since 2013, two years before Microsoft Azure even existed.
“We started out focused on efficiency of utilization and expense efficiency,” said Bessant, who last month was named American Banker’s Most Powerful Woman in Banking for the third year in a row.
Bessant said 80% of the bank’s workloads run in its private cloud. It does not run anything in a public cloud, other than in test mode. The private cloud has achieved the efficiencies Bessant sought. Where Bank of America once had 200,000 servers and 60 data centers, it’s pared that down to 70,000 servers and 23 data centers.
Through benchmarks, the bank has found that its private cloud is 29% cheaper than other service providers. It now spends $2.1 billion less per year on infrastructure than it did in 2012, due in large part to the private cloud.
But Bessant recognizes that eventually, public cloud computing is bound to become the most cost-efficient option.
“While the economics [of an internal cloud] are great today, they’re not going to be great forever for…