Banking the Bits and the Bytes
Ivo Ivanov, CEO of DE-CIX International, offers 4 steps to a future-proof connectivity strategy for the finance sector
To be fit for the modern world, banks and other financial service providers need to reduce their costs, develop new business models, activate new revenue streams beyond the standard set of financial services, and meet the needs and expectations of increasingly tech-savvy customers. They need to achieve full digitalization. To achieve this, it is necessary for banks and financial service providers to take a different approach to managing their data – these bits and bytes are the basic commodity of the digital age. These institutions need and want to become the moderator of their customer’s entire financial life-cycle, across multiple sectors and value chains. This means that, as part of their journey towards transformation, they need to develop an interconnection strategy.
An interconnection strategy will provide a framework for considering the ways in which the bank wishes to control connectivity with its own digital resources, its partners, and its customers. It is worth breaking this process down into manageable steps in order to test, gain experience, understand the benefits of gaining control over the bank’s interconnection infrastructure, and develop a long-term strategy. The following four-step process will help the institution to develop its interconnection experience and build its strategy.
1. Starting with the basics: how interconnection helps IT systems to work efficiently and effectively
Before even thinking about the outward-facing systems, the first essential step is to ensure that internal systems are functioning effectively. Connections to cloud resources and applications like Microsoft 365 and Microsoft Dynamics for CRM and ERP systems must be seamless, high-speed, secure, and redundant – so that whatever happens, you still have access to your data and workloads.
Traditionally, cloud resources are accessed over the public Internet, with all the risks that this entails. By making use of a cloud exchange through a secure and high-performance interconnection platform, on the other hand, it is possible to connect the bank’s network directly with the cloud provider’s network, bypassing the public Internet. This strategy has multiple benefits: not only is the connection – and thus the data travelling through it – protected against malicious attacks against its resources, but also the direct connection means that the data doesn’t have to travel so far. Because the further data needs to travel, the slower the response time will be. We call this delay ‘latency’, and the lower the latency, the faster the response, and the better the performance of applications.1
This is the case for accessing data in the cloud and using applications like video-conferencing systems, and becomes even more critical when it comes to processing transactions. Artificial intelligence applications, such as customer service bots or AI analytics and process automation, are further applications that need to be sourced from the cloud – and are extremely latency-sensitive. Therefore, direct interconnection to cloud resources and applications is the foundation of progressive digital transformation. Latency truly is the new currency when it comes to the future of banking.
2. Security first: control the financial customer journey and create private digital banking ecosystems
Clearly, banks need to ensure the security of their systems and their customer data. But customers are demanding easy-to-use digital systems and flexible access to banking products, and are more willing to shop around for a better deal – for example, through the growing range of FinTech companies on the market. Therefore, for banks to become truly digitalized, they need to nurture a secure and private interconnection ecosystem with their many partners, not to mention to their customers.
By interconnecting with this ecosystem in a ‘closed user group’, banks bypass the public Internet for all of their customer care, data management, and access to clouds and resources.
Let’s look at a couple of examples: Firstly, a bank customer accesses their account on the Internet banking platform of the bank. Regardless of how secure the banking platform itself has been made, the customer is connecting to the bank via their Internet service provider (ISP) and then via the public Internet. If, on the other hand, the bank invited that customer’s ISP to interconnect directly via a ‘closed user group’ (CUG)2, then this entire journey would be shielded from the risks of the open Internet, and would be protected further by the platform’s added security services. And that would be the case not only for this customer, but also for every other customer of this ISP.3
The same goes for a webshop: A company runs a webshop with integrated payment services from the bank – but the connection of the webshop to the bank flows over the public Internet. Suppose the company’s own network is big enough. In that case, it could itself interconnect directly with the bank in such a private ecosystem – but SMEs remain dependent on connecting via their ISP, just like a private individual. So, the SME and the SME’s customers can be best protected by ensuring their respective ISPs have a direct interconnection with the bank via a ‘closed user group’.
Another extension of this concept is the development of multi-cloud set-ups using workloads and computing resources involving multiple cloud service providers, accessed and managed via a cloud router service, something which has become part of the offering on well-developed interconnection platforms. This can be managed easily and at extremely reduced latency, therefore improving the performance and usability of cloud-based resources.
3. Meeting the regulatory and risk mitigation requirements for digital banking
With a framework for open banking having been introduced in the revised EU Payment Services Directive (PSD2), which came into effect in 2018, and with other regions following suit, like the US in 2021, banks are becoming obliged to make data available to third parties through their own application programming interface (API). This requirement forces banks to take strategic digital action and is just one of a range of new regulatory initiatives that aim at regulating digital banking. Managing the compliance of company policies and regulations (for example, in regard to data protection) becomes increasingly complex when connecting with a large number of different partners. Here, the traditional method used in the financial sector – connections via MPLS4, data transport using intransparent IP transit5, and bilateral agreements for each and every partner network – becomes a management nightmare. This can be simplified by creating a ‘closed user group’, in which compliance with the stipulated policies and regulations is made a mandatory prerequisite for participation in the ecosystem. In this way, the bank can set policies for all members of the ecosystem, and do so at the click of a button.
Figure 1: By creating a ‘closed user group’ (CUG), a bank can interconnect securely with all of their partners and ensure compliance with legal regulations and corporate policies. In addition, the CUG bypasses the public Internet, increasing the level of protection against cyber threats.
One particularly interesting regulatory initiative currently emerging in several jurisdictions is the requirement to mitigate the cloud concentration risk. Clearly, no bank should place all their eggs in one basket, and this goes also for digital infrastructure. It is necessary to have distributed infrastructure to avoid any single point of failure, whether we’re talking about the clouds, the data centers, or the networks you’re using. To meet the requirements of cloud concentration risk mitigation, having a multi-cloud strategy is essential – and easy to manage without the risk of vendor lock-in if you use a data center neutral cloud exchange that offers a wide variety of cloud providers and services. Even in regions where such risk mitigation is not yet mandatory, it soon will be – and, to be frank, business logic demands that a bank that wants to provide its customers with the best security possible should adopt this kind of concentration risk mitigation plan.
But really mitigating the cloud concentration risk doesn’t just stop at using different clouds. Why? Because it is also important to be able to access those clouds from physically independent locations. What help is a hybrid-cloud or multi-cloud strategy if you’re limited to one single location to connect to your chosen clouds? If one connection fails, or one data center experiences an outage, you still have a single point of failure. Therefore, digital infrastructure must be conceived of as a distributed infrastructure involving a diversity of providers and multiple redundant pathways. This creates the resilience necessary for critical applications and data. Using a distributed cloud exchange platform which allows a multi-home set-up and a range of providers, as well as ensuring redundant connection to clouds and partner networks from physically separated locations, dramatically increases the resilience of connections and ensures continuous access to critical data.
4. Developing new revenue streams through digital partnerships
With growing competition from new players, banks and other financial service providers need to look into creating new revenue streams. One potential option is offering their services and products to new customer groups (e.g. in different geographical regions or for specific niche markets) through partners. They can develop their own payment service to be embedded in webshops. Banks can sell their services as white-label products, so that another bank (e.g. a Neo bank) can brand them accordingly and sell them on to new customer groups. They can – and in Europe and the UK are now obliged to – offer FinTechs access to customer data (on request and with consent) to be embedded in financial management and other types of applications, using an API based on open banking. What’s more, by separating customer management from service management, they can also offer their services through partner banks to customers in other geographical locations, where they themselves do not have a banking license.
What all of these activities have in common is the need for open standards and interoperability, combined with highly secure and low-latency interconnection between the partners. The bank may want to make its banking infrastructure available to third parties for new products and services – but to do that, it must first ensure its digital infrastructure is up to the task.
Conclusion: Take control of the financial data journey by controlling the digital infrastructure it travels through
Where does this leave us? We have seen that there are many benefits to digitalizing banking and financial services, and a range of risks that need to be mitigated. If they want to maintain their dominance in the financial sector, banks need to secure and control their network interconnections so that they can develop new revenue streams and business models. Creating a secure and private special-interest ecosystem on a high-performance interconnection platform offers a multitude of advantages.
In a nutshell, direct connection to other networks improves the speed, performance, and security of data transfer between partners. The bank or financial institution can connect with all of its required cloud partners securely, efficiently, and redundantly, and so properly mitigate the risk of cloud concentration. Beyond this, the diversity of infrastructure partners on a distributed and data center and carrier neutral interconnection platform increases the redundancy and reliability of connections to resources and partners, and mitigates the risk of vendor lock-in and a single point of failure. Furthermore, to generate new revenue streams, the institution can create its own private and secure interconnection ecosystem of partners (a ‘closed user group’) which bypasses the public Internet. The interconnection platform can thus function as a one-stop shop for all the bank or financial service provider’s interconnection needs throughout its journey towards full digital transformation.
__________________
References
1 Latency describes the time it takes for a data packet to travel from a device connected to the Internet, such as a smartphone, to a server in the Internet, and back again. The shorter the latency is, the better the user experience (UX) of digital applications is. Put simply: Latency that is too high causes the delays that we experience when doing long-distance video calls and conferences. Latency also determines the time needed to complete an online transaction, and for a good user experience (UX) when using cloud applications.
2 A ‘closed user group’ (CUG) is a private special-interest connectivity ecosystem set up on a secure and high-performance interconnection platform, under the control, in this case, of the bank as owner. It bypasses the public Internet and securely connects the bank’s network directly to the networks of its trusted partners and customers, enabling low-latency, flexible, efficient, and secure data exchange.
3 In this scenario, the customer would still need to take care of security for their own devices and connecting securely to the ISP, and the ISP and the bank networks secure the data for the rest of the journey.
4 Multiprotocol Label Switching (MPLS) has been used for the past two decades for enterprises and banks to connect their branch offices to their headquarters. By labelling each data packet, MPLS allows critical data to be prioritized for transport. However, it is extremely inflexible, with waiting times of weeks to months for the implementation of an MPLS circuit.
5 In IP transit, a customer (here, the bank) orders a bandwidth of connectivity to the Internet via a carrier or telecommunications provider. This transit provider then connects to other networks in order to pass data traffic through the public Internet. Downsides to IP transit include the cost and the fact that, because the telecommunications provider cannot connect to the entire set of networks that make up the Internet, the data traffic will be sent via multiple further networks across the Internet to reach its destination, with no control over the routing – therefore reducing both the speed (latency) and the security of the data traffic.
Ivo A. Ivanov is Chief Executive Officer of DE-CIX International, with more than 10 years’ experience in the regulatory, legal and commercial Internet environment. Ivo joined DE-CIX in January 2007. In recent years, he has been deeply involved in the establishment of DE-CIX sites in Istanbul, Palermo, Madrid, Marseille, New York, Dallas, Dubai (UAE-IX powered by DE-CIX), as well as Mumbai (Mumbai IX powered by DE-CIX), and several DE-CIX consultancy projects in Africa, Asia, and Europe.
Ranked as one of the top 100 most influential professionals of the Telecom industry (Capacity Magazine’s Power 100 listing, 2021), Ivo is regularly invited to share his vision and thought leadership in various industry-leading conferences around the globe.
Ivo has an educational background focused on law and business. Fluent in German, English, Russian, and Bulgarian, he graduated from a German business school in 1995 and holds two law degrees, from the Universities of Sofia (Bulgaria) and Bonn (Germany). After graduation, he worked as a lawyer, with a focus on e-commerce law, IP law, telecommunications law, and data protection law.