The News: Temenos and Zafin announced the availability of their respective offerings on IBM’s financial services cloud platform to accelerate hybrid cloud adoption within the financial services industry. Read the Temenos full press release here and the Zafin press release here.
Temenos and Zafin Availability on IBM Financial Services Cloud Platform Shows Banking-aaS Technology Stack Starts to Gain Traction
Analyst Take: The banking landscape is dynamic and rapidly deconstructing and decentralizing based, not only disruption of the core technology stack, but by heavily funded new entrants looking for a piece of the action particularly in the payments space. When you couple this overall banking specific dynamic with a general shift to the public cloud, the traditional banks have a huge task ahead to modernize their tech stack and provide customer facing services faster.
Banks have a huge technology stack and supporting development teams that over decades have built systems that support huge transaction volumes with near zero downtime, all the time operating in a heavily regulated environment. This has led the banks to select technologies, different in many cases, to other industries as their requirements are fundamentally more demanding. As a result, mainframe systems are prevalent in banking and often provide the core systems of record to support what is referred to as ‘core banking systems.’ In many cases, mainframes are still the right choice for these core banking systems as they deliver the unique combination of transaction volume throughput, availability, and industry-leading security, however, modernization is becoming critical to compete.
Against this backdrop, software vendors such as Temenos and Zafin are looking to offer innovative solutions that help either modernize the core or provide adjacent functionality that can augment an existing mainframe core system. These software companies are increasingly looking to the public cloud as the delivery platform of choice as their clients demand the consumption and scalability that the public cloud delivers.
The Role of Confidential Computing in Banking and Financial Services
Banking systems are highly regulated, and rightly so, and demand the highest levels of system integrity when it comes to security. One technology approach that is rapidly emerging to address the requirements of highly regulated banking workloads is Confidential Computing. The technology industry has long solved the need to secure data at rest and in-flight by the use of various encryption approaches. However, when data is in use or being accessed by an application or use, it is in the clear. Confidential Computing looks to address this requirement, encrypting data while it is in use. Through the use of secure enclaves and trusted execution environments, Confidential Computing platforms offer the ability for data to be used eliminating the possibility of nefarious actions being performed against it.
Put another way, establishing operational trust is the objective, where through a combination of compliance and best practices, cloud providers look to ensure that data is secure. However, in many instances, highly credentialed administrators in the cloud provider still have access to sensitive data and can be socially engineered and tricked into divulging this data or their credentials can be obtained by bad actors. Confidential Computing looks to another trust model — technical trust — which moves beyond compliance and best practice and implements an architecture where even the most privileged administrators cannot access unencrypted data.
To delineate the distinction between operational and technical trust, imagine this scenario. A federal agency serves a subpoena to access customer data on a cloud service to the cloud provider. In the case operating under the operational trust-based cloud services, the cloud provider would be able to comply with the subpoena, and the cloud admin would simply copy the subpoenaed data and provide it to the federal agency. In the case of an organization operating under technical trust-based systems, the cloud provider, however keen they were to comply with the requests of the federal agency, would be unable to provide their clients’ data. In a technical trust environment, a cloud services provider would simply not be able to access the encrypted data without intervention from the end customer. In this scenario, the federal agency would have to subpoena the end customer and not the cloud services provider — which is likely viewed by most leaders as a good thing.
IBM Financial Services Cloud is Designed to Address the Nuanced Requirements of the FinServ Industry
Public cloud services have rapidly grown in adoption through their commoditization and ubiquity, and for many a common tech stack has been deployed regardless of use case or industry. This has enabled offerings such as serverless, containerization, and Kubernetes to become the default approach for delivering innovative microservices at scale. However, as we discussed, banking has different transactional and security requirements, and when coupled with heavyweight regulatory insight, the adoption of public cloud services has been a lot slower than in other industries. While many industries are seeing 20-30% of on-premises workloads having already migrated to the public cloud, banking sees overall adoption of public cloud in the 5-10% range.
Against this backdrop, IBM launched a Financial Services specific cloud stack back in late 2019 in collaboration with Bank of America. The industry specific cloud platform is designed to address the unique trifecta of requirements that the financial services industry faces, namely; security, availability and industry specific regulatory requirements. In this model, IBM certifies specific software solutions so that they meet the demanding requirements, and then end clients can leverage the services, safe in the knowledge that their requirements have been addressed up front with an approved stack.
Temenos’ is on the Front Lines of Banking-aaS Offerings
Temenos is a leader in core banking and payments technology with over 3,000 clients in 150 countries, including 41 of the top 50 banks. As a result, Temenos is on the front lines of the trend to public cloud adoption within financial services. The core Temenos Transact offering is a cloud-native, cloud-agnostic core banking solution providing functionality across the retail, corporate, treasury, wealth, and payments sectors. As banks balance the need to drive innovation by delivering high value services and the industry’s strict security and compliance requirements, hybrid cloud environments have become increasingly important.
Through the alliance with IBM Cloud, Temenos plans to leverage IBM’s uniquely architected security capabilities, including Confidential Computing technology and ‘Keep Your Own Key’ encryption. The underlying foundation in the IBM cloud will be via IBM Hyper Protect Services and backed by the highest level of security certification especially in the key management space where IBM Cloud is the only provider of FIPS 140-2 Level 4 certified HSMs.
The partnership between IBM and Temenos goes deeper than just Temenos onboarding to the IBM Cloud. IBM has recently created a Temenos Services Practice within the Global Business Services (GBS) business unit. This services practice will focus on the deployment of Temenos solution,s be they on IBM Cloud, IBM on premises hardware or in hybrid deployment scenarios. From the Temenos press release:
Philip Barnett, President of Strategic Growth at Temenos, said: “We are delighted to extend our leadership in the cloud by bringing Temenos Transact to the IBM Cloud and also join the IBM Cloud for Financial Services ecosystem. This expanded collaboration will help banks accelerate their move to the cloud and the benefits of a modern cloud-native banking platform. With Temenos’ AI-powered, API-first technology, banks can innovate faster, open up new business models, and achieve industry-leading cost/income ratios. Integration with IBM Cloud demonstrates that our cloud-agnostic banking platform enables banks to pursue a multi-cloud strategy and have the highest levels of active-active resilience with the cloud provider of their choice.”
IBM is also collaborating with Temenos to ensure that as clients look to transform and modernize core banking systems, they do it by leveraging Red Hat OpenShift. As banks look to decompose monolithic legacy applications and move to a more agile model for developing services, then containerization, and specifically Kubernetes, is an obvious choice. IBM is well placed to leverage the breadth and ISV adoption for certified containers from the likes of Temenos to be orchestrated using Red Hat OpenShift and this announcement is a case in point. By basing the deployment on OpenShift, Temenos gets the benefits of being able to deploy both on-premises and in the cloud in a hybrid environment and developing once.
Zafin Provides SaaS based Product and Pricing
Zafin is the provider of a leading SaaS cloud-native product and pricing platform for financial institutions. In a move similar to that of Temenos’ outlined above, Zafin has built on its work with IBM Global Business Services (GBS), IBM Garage, and perhaps most interestingly the IBM Z mainframe team to onboard its product and pricing platform to the IBM Cloud for Financial Services.
The Zafin product and pricing solution perfectly augments a core banking system of record running on IBM’s Z platform and enables banks to rapidly innovate how they operate without needing to invest in developing applications themselves in COBOL directly on their mainframe systems. This enables the mainframe to keep doing what it does best and for the bank to innovate quickly to the changing dynamics of the market. Having the combination of Zafin’s SaaS solution run in the IBM Cloud on LinuxONE based systems, that underpin the Hyper Protect range of services, connecting to largely on-premises mainframe deployments is the best of both worlds when it come to the crucial requirements of security, regulatory compliance, and availability. From the Zafin press release:
“IBM and Zafin continue to collaborate to deliver a solution that is designed to utilize IBM Cloud’s confidential computing capabilities that enable financial institutions to securely deploy, scale, transform, and benefit from Zafin’s platform on IBM Cloud,” said John Smith, Executive Vice President of Ecosystem, Zafin. “Many of Zafin’s clients currently run IBM Z. Our continued collaboration with IBM marks a mutual commitment to offering IBM Z customers a path to modernization while helping to address compliance for financial services institutions both in the cloud and on-premises.”
Zafin took advantage of IBM’s Cloud Engagement Fund, established as part of IBM’s $1B investment into its partner ecosystem, to accelerate the company’s global expansion through access to technical resources and cloud credits. Zafin has also joined IBM’s partner ecosystem collaborating on the IBM Cloud for Financial Services and is partnering with GBS to deliver implementation services.
Looking Ahead: Industry Specific Clouds are the Future
It seems like every week cloud providers are launching industry specific cloud offerings tailored for the needs of specific industries like banking, telco, or healthcare where the regulatory frameworks offset the benefits of typical one-size-fits all public cloud based IaaS offerings. In the UK, BT was the latest to go this route, with their financial services specific approaches launched this past week.
I expect this trend to continue, and also expect all of the hyperscale cloud providers to double down on addressing the specific regulatory requirements of a few core industries in the coming months and years ahead. For IBM, focusing on Financial Services makes perfect sense against this backdrop. The company has a storied history of working with banks to provide core mission critical platforms and the company positioning itself as the cloud best suited to banking workloads is a smart move. I will be watching closely for continued adoption by the banking ISVs of IBM Cloud in the months ahead and more specifically the Hyper Protect range of services as they have characteristics perfectly positioned for the shift to Confidential Computing style deployments.
Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.