IBM: The real value of cloud computing – Sebastian Krause

Sebastian Krause of IBM talks to Future Banking about dedicated customer service teams, partner networks, standards and security, components of the cloud, public cloud versus private cloud, and virtualisation and efficiency.

What would you say constitutes the real value of cloud computing and how will cloud computing change the way organisations like banks purchase, manage and provide computing resources?

Sebastian Krause: To answer that question correctly, we need to understand that the starting point of this discussion is really the business model that banks chose to achieve. From that point onwards, we can look at the real value of cloud for them. For banks, it is all about getting the right platform to leverage not only the current technology, but also the technology of tomorrow. You need to have a three-to-five year horizon on your strategy for the cloud. To be able to do that, you need the reliability of a partner that can provide a hybrid model for their IT, integrating multiple sources of data, based on open technology and standards.

Hybrid IT also brings cultural and organisational changes for the CIO and IT departments. Intensive use of automation across all IT operational and development processes improves productivity and cycle times. This is achieved by creating a high-level operational visibility and control environment with dev-ops disciplines of automated testing and continual integration.

Do banks working with IBM/SoftLayer benefit from a dedicated customer service team?

As with all commercial engagements, we have a strong team doing the implementation of infrastructure as a service (IaaS) projects with our clients. They cover different areas of expertise such as presales, architects, engineers and account managers. Banking customers would be fully supported by a team of strong professionals, with years of experience in their respective domains.

Just like our clients, our support teams are also open for business 24/7 365 days a year, and aim to resolve any issues clients may face. And unlike our competitors, we aren't charging for it. All SoftLayer products include unlimited access to expert technical support at no additional charge. So, while we hope our clients never have a problem, they can rest assured that we've got their backs if one ever pops up.

What can you tell us about IBM/SoftLayer's approach to remaining a very high-performance organisation?

We have long prided ourselves on being a high performance organisation - whether its culture, technology or innovation. Several external analysts back this up, by underlining our strong price/performance stature, which allows our clients to get the best return on investment. As a company, we have been focused on providing clients a globally consistent software and infrastructure, but with a consistency of choice so that each bank can apply their specific requirements, yet know these will work around the world. We have a portfolio ranging from 'on premise' to 'off premise' options, with options to run these on 'bare metal', or just about any virtual machine (VM), including open-source, all integrated by a common user experience.

Today, our clients are raving about our close integration with VMware cloud products. Combining our capabilities allows clients to move their workloads seamlessly from on premises to off premises and between global data centres, all without shutting down their applications. I could go on about our global presence; our triple redundancy network; our security practice embedded throughout; or the extremely automated environment - I truly believe that SoftLayer is the premier infrastructure platform for business innovation.

How does IBM/SoftLayer go about achieving the industry's highest standards and compliance benchmarks?

SoftLayer is built and managed around best practices and provides a secure environment for your workload. We provide evidence of this through our ongoing compliance, and engage in multiple internal and external, third-party-lead risk assessments, audits and controls reviews to ensure that our infrastructure - the bank's workload foundation - is always managed to the highest standards.

In addition to these assertions and compliance statements, banks have full visibility into the make-up and management of their deployed environment through the SoftLayer web portal and APIs. This information can be imported into their governance, risk and compliance (GRC) tools. Based on SoftLayer's infrastructure compliance, customers can demonstrate the compliance of their workloads and infrastructure with specific requirements including customer-specific and regulatory requirements.

What can you tell us about IBM/SoftLayer's approach to guaranteeing security for your customers?

Security is critical to IBM; we've built a strong and reputable security practice over the past few years, and are investing a lot of resources in this area.

In the cloud, there can be many points of entry or attack for malicious activity. IBM provides a wide range of security options for banks to choose from, so they can protect their infrastructure with multiple layers of protection customised to their requirements. Our innovative network architecture and commitment to using the most advanced hardware technologies dramatically minimises data centre and server exposure to outside threats.

The network integrates three distinct and redundant architectures into our multi-tiered network topology. Systems are fully accessible to administrative personnel but safely off limits to others. The SoftLayer architecture and its associated operational management procedures support and enforce security best practices and risk-mitigation controls appropriate for hosting all types of customer workloads. SoftLayer's security management approach is aligned with US Government standards and based on the NIST 800-53 framework.

Physical and operational security is the foundation of SoftLayer security - no other measures matter without it. That's why every SoftLayer data centre is fully audited based on SOC 2 Type II reporting on controls to meet industry-recognised requirements for security.

Could you explain the significance of concepts like IaaS, platform as a service (PaaS) and software as a service (SaaS)?

IaaS means that you are obtaining cloud infrastructure (servers, storage and networking) in an on-demand, globally connected, elastic fashion and in a pay-as-you-go model. Vendors such as IBM provide the raw infrastructure and the bank takes care of the rest.

With PaaS, vendors such as IBM are not only responsible for the infrastructure resources, but also for providing a fully managed application development and deployment platform. It provides client developers with the appropriate flavours of operating systems, databases, middleware, software tools and managed services. As such, they can fully focus on what they are really good at and not worry about things like maintenance, scalability, security and more that are fully managed by PaaS.

What we see more and more is that the infrastructure and the platform are blending into one another. At IBM, this platform is called Bluemix, and it helps teams accelerate innovation and delivery, particularly when it comes to engaging users through new digital channels. However, doing that successfully, and at enterprise scale, also means being able to connect to and integrate with existing apps and data in simple, powerful and even self-service ways. As systems and infrastructure becomes increasingly hybrid, Bluemix offers developers and IT teams the tools and services to securely connect between on and off-premises apps and data.

Can you see banks ever using a public cloud given understandable concerns and sensitivity over customer confidentiality?

It is clear that traditional banks have kept their IT close to them - often in their own on-premises data centres - mainly out of security, privacy or performance motivations. As cloud technology evolves, and the underpinning business model benefits, banks are broadening their view on this topic. For certain, less critical applications, they now turn to external cloud solutions. They may make use of 'public', or 'shared' infrastructure; for example, shared server hardware and networks, or choose to prioritise private clouds - where hardware is dedicated to their use - on premise as well as off premise.

It's a situation we see in many financial institutions and it underlines the importance of our hybrid cloud model. No customer can rely on just one model, simply because of the number of different data services they rely on. On a longer-term strategy for banks, it is evident that they need to work with partners who are skilled in this 'hybrid' area, and have the experience and especially the technology to guide them to the best possible platform for their respective business model.

Could you tell us how virtualisation can enhance server efficiency to ensure constant availability, mitigate risk and promote 'greener' technology?

All companies have been virtualising their environment for decades. What is relevant today is how they optimise their use of virtualisation, in terms of price, performance and flexibility. For example, while shared virtual servers can cost less, banks also need to weigh that against performance. Sometimes, private virtual machines on dedicated hardware provide not only better performance, but can be more cost-efficient in the long term. Companies can also benefit from the ease buy which virtual instances can be moved and managed from their data centres to the cloud and even between cloud provider data centres around the world - the ability to do this live - without shutting down the application, and without reconfigurations for each data centre are key aspects of today's IT optimisation.

How can banks ensure they are obtaining the right cloud from the right vendor?

The 'right' cloud depends on the business model a company chooses to achieve. Based on that decision, the company needs to identify the solution and the right vendor to give themselves the means to be successful. What seems to be obvious however is that most, if not all, banks will opt for a hybrid model, consisting of a private and public infrastructure, on premise and off premise. Making these communicate seamlessly in a secure environment - so they meet customer expectations quickly but are also adaptable to future needs - will be crucial in the journey to remain relevant in the market that is going through an important digital transformation. Many of our clients require a migration of existing legacy systems to the cloud. Through many of the engagements we have had in the past, our IBM experts are well positioned to guide banks on this important journey.

Sebastian Krause of IBM.