The final chapter in IBM’s quest to build a cloud for banks


In November 2019, in a pre-pandemic world that seems like an age ago, I wrote the first article on IBM and Bank of America working together to develop a financial services ready public cloud. In May 2020, I previewed an update announcing the first round of Independent Software Providers (ISVs) and Software-as-a-Service (SaaS) Partners who announced their intention to integrate cloud-ready for them. IBM financial services. In July 2020, I chronicled the significant progress of the project as BNP Paribas announced that it would be the first flagship client in Europe.

Yesterday, IBM announced the latest chapter of IBM Cloud for Financial Services, a public cloud capable of overcoming stringent cybersecurity and regulatory challenges for a bank.

Respond to a market need

IBM increases the level of transparency and control for a financial institution in the public cloud. Most financial institutions would agree that the public cloud can enable transformation around new revenue opportunities and new customer experiences, but security and compliance remain barriers to adoption. The IBM Cloud for Financial Services platform addresses cybersecurity, compliance, and the risks inherent in the public cloud. The program has three objectives. It will allow banks and financial institutions to run workloads in the public cloud and consume IBM services. Second, activate the digital supply chain of ISVs, SaaS providers and FinTechs. Third, a set of IBM middleware, applications and SaaS for use in banking solutions. IBM Cloud for Financial Services runs on IBM Cloud, with everything managed through the IBM Cloud Framework for Financial Services described in more detail below.

What IBM creates is more than a platform, but rather a complete ecosystem for all financial companies to meet its IT needs. I think it’s more powerful than just a “cloud” for the financial services industry.

A framework to instill confidence

IBM Cloud Framework for Financial Services is the primary compliance and control body and the foundation of the program. It is contributed and overseen by a range of global financial institutions and Promontory Financial Group, an IBM company acquired in 2017, which continuously monitors regulatory changes in jurisdictions around the world. It’s a framework that covers capabilities, the cloud itself, core services like containers, and VM workloads from top to bottom. Strengthened services ensure consistency in risk management and compliance both on-premises and with the public cloud. ISV and SaaS providers that run in the cloud must also comply with the framework.

Everyone must adhere to this framework. Using tools from the Security and Compliance Center, a cloud-based security compliance management environment enables continuous monitoring of environment compliance, right through to document generation for regulatory purposes.

The bank is in control

One of the big challenges, especially last year, is that everyone wanted to go faster to digitally transform. For banks and financial institutions, the use of the public cloud implies great caution due to regulatory obligations. It is essential to protect data using hyper-secure cryptographic capabilities. IBM leverages confidential computer technology in such a way that even IBM’s public cloud operators cannot access the keys that protect the data. Controlling workloads to stay in the hands of the bank is essential to ensure visibility at all times.

Faster partner onboarding

IBM took a set of technologies, brought them together in a coordinated structure called the cloud framework, and then applied technologies like continuous security compliance management to cloud services to enable a bank to embrace the cloud a lot. faster. Typically, cloud adoption can be a very long journey of assessments and risk assessments with all ISV and SaaS provers.

The framework is the means of verifying the ISV and SaaS providers that intervene on the environment. These ecosystem partners are committed to the assessment and validation against the framework. A bank will have the same security, risk and compliance information for workloads and independent software vendors and SaaS, which will reduce risk in the digital supply chain.

Banks outsourced to SaaS providers continue to have overall responsibility for ensuring data protection. The program achieves compliance faster and ensures compliance is maintained.

IBM works with each ISV, SaaS or FinTech provider in the program by recruiting experts from within IBM Security Services and the IBM Cloud Client Success team to assess the partner architecture. IBM will also assess the controls against the control objectives in the framework. Any deficiencies in software or operations must be prior to validation.

Validation in the program greatly contributes to the integration process with a program’s financial institution due to common controls and criteria. The supplier can then address several banks in the program with the next iterative step which can be bank specific checks related to the integration and consumption of a partner.

Participants in this program are committed to maintaining compliance with the framework, with IBM providing the tools and other operations to enable them and partner financial institutions to achieve compliance.

What’s new in this ad

The IBM catalog contains two other fundamental runtime environments, Red Hat OpenShift and IBM Cloud Virtual Server for Virtual Private Cloud, in addition to the already announced support for workloads regulated by VMware. All of these services include built-in security and compliance controls for cloud native and VMware workloads.

The second component of this announcement is the expansion of the partner ecosystem from 30 to 90. It should be noted that SAP has agreed to join the IBM Cloud for Financial Services program.


It has been a long road for IBM to get there, understandable because the regulatory burden is not trivial. IBM has built a cloud that monitors and ensures continued compliance with all regulatory obligations of the big banks and the companies that sell them software and services.

The state of financial services in the cloud is changing rapidly. The cloud, with its elasticity, can do everything from risk modeling to analysis. In addition, several emerging companies, such as Temenos, specialize in basic banking services, which is the next wave of cloud adoption for financial services. Banks are looking to move basic banking services to the cloud, and IBM Cloud for Financial Services is giving them a competitive edge. I think this is an area where IBM can win and it’s a big deal.

I look forward to the next chapter of this journey.

Note: The editors and editors of Moor Insights & Strategy may have contributed to this article.

Moor Insights & Strategy, like all research and analysis companies, provides or has provided paid research, analysis, advice or advice to many high-tech companies in the industry including 8×8, Advanced Micro Devices, Amazon , Applied Micro, ARM, Aruba Réseaux, AT&T, AWS, A-10 Strategies, Bitfusion, Blaize, Box, Broadcom, Calix, Cisco Systems, Clear Software, Cloudera, Clumio, Cognitive Systems, CompuCom, Dell, Dell EMC, Dell Technologies , Diablo Technologies, Digital Optics, Dreamchain, Echelon, Ericsson, Extreme Networks, Flex, Foxconn, Frame (now VMware), Fujitsu, Gen Z Consortium, Glue Networks, GlobalFoundries, Google (Nest-Revolve), Google Cloud, HP Inc. , Hewlett Packard Enterprise, Honeywell, Huawei Technologies, IBM, Ion VR, Inseego, Infosys, Intel, Interdigital, Jabil Circuit, Konica Minolta, Lattice Semiconductor, Lenovo, Linux Foundation, MapBox, Marvell, Mavenir, Marseille Inc, Mayfair Equity, Meraki (Cisco), Mesophere , Microsoft, Mojo Networks, National Instruments, Net App, Nightwatch, NOKIA (Alcatel-Lucent), Nortek, Novumind, NVIDIA, Nuvia, ON Semiconductor, ONUG, OpenStack Foundation, Oracle, Poly, Panasas, Peraso, Pexip, Pixelworks, Plume Design, Poly, Portworx, Pure Storage, Qualcomm, Rackspace, Rambus, Rayvolt E-Bikes, Red Hat, Residio, Samsung Electronics, SAP, SAS, Scale Computing, Schneider Electric, Silver Peak, SONY, Springpath, Spirent, Splunk, Sprint , Stratus Technologies, Symantec, Synaptics, Syniverse, Synopsys, Tanium, TE Connectivity, TensTorrent, Tobii Technology, T-Mobile, Twitter, Unity Technologies, UiPath, Verizon Communications, Vidyo, VMware, Wave Computing, Wellsmith, Xilinx, Zebra, Zededa and Zoho which can be cited in blogs and research.


Comments are closed.