cloud computing in financial · pdf filecloud computing in financial services: ... offerings...
TRANSCRIPT
Cloud Computing In Financial Services
A Banker’s Guide
O R A C L E F I N A N C I A L S E R V I C E S W H I T E P A P E R | N O V E M B E R 2 0 1 5
CLOUD COMPUTING IN FINANCIAL SERVICES: A BANKER’S GUIDE
Disclaimer
The following is intended to outline our general product direction. It is intended for information
purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any
material, code, or functionality, and should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality described for Oracle’s products
remains at the sole discretion of Oracle.
CLOUD COMPUTING IN FINANCIAL SERVICES : A BANKER’S GUIDE
Table of Contents
Introduction 1
Cloud Service and Deployment Models 2
Cloud for Financial Services 3
Oracle Cloud Strategy 6
Oracle Cloud Offerings for Financial Services 6
Legal, Regulatory & Data Issues 7
Considerations for Cloud Service Provider Selection 9
1 | CLOUD COMPUTING IN FINANCIAL SERVICES : A BANKER’S GUIDE
“As a FinTech company in the payments space, we understand the need to not only get to the market fast with new
products and services, but also to have complete confidence in our revenue management lifecycle. Oracle Financial
Services Revenue Management and Billing Cloud Service has given us that opportunity and we see the new
Analytics offering as an additional way for us maximize our revenue,”
BRENDAN MCGRATH
CFO
ZAPP
Introduction
Cloud computing can power changing business demands and opportunities, driving organizations to
be more agile and scale resources with increasing speed and elasticity. For business leaders, cloud
computing enables lines of business (LOB) to rapidly provision computing resources or applications to
rollout key business initiatives. LOBs can now look to IT as a strategic partner to the business, driving
product innovation and agility; not just automation.
The most commonly accepted benefit of cloud computing is that it enables greater scale and utilization
of IT resources as shared services by an individual organization, driving greater efficiencies and costs
savings using pooled assets and standardizations as well as faster adoption and updates of new
functionality and capabilities.
2 | CLOUD COMPUTING IN FINANCIAL SERVICES : A BANKER’S GUIDE
Cloud Service and Deployment Models
Cloud computing enables convenient, on-demand network access to a shared pool of configurable computing
resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released
with minimal management effort or service provider interaction. This definition from the National Institute of
Standards has gained broad support from the industry.
The NIST definition of cloud computing describes five essential characteristics, three service models and four
deployment models.
Figure 1 NIST Model of Cloud Computing
Five Essential Characteristics
» On-demand self service –Users are able to provision, monitor and manage computing resources as needed
without the help of human administrators
» Broad network access – Computing services are delivered over standard networks and heterogeneous devices
» Rapid elasticity – IT resources are able to scale out and in quickly and on an as needed basis
» Resource pooling – IT resources are shared across multiple applications and tenants in a non-dedicated manner
» Measured service – IT resource utilization is tracked for each application and tenant, typically for public cloud
billing or private cloud chargeback
Three Service Models
» Software as a Service (SaaS) – Applications delivered as a service to end-users, typically through a Web
browser. Offering the most complete portfolio of any public cloud, Oracle Cloud’s SaaS delivers modern cloud
applications that connect business processes across the enterprise, covering everything from customer
experience to enterprise resource planning, human capital management, and more. Oracle Cloud’s SaaS
offerings are everything you need your business to be: personalized, connected, secure Oracle also offers
enterprise-grade enabling technology to Independent Software Vendors (ISVs) to build their own SaaS offerings.
3 | CLOUD COMPUTING IN FINANCIAL SERVICES : A BANKER’S GUIDE
» Platform as a Service (PaaS) – An application development and deployment platform delivered as a service to
developers who use the platform to build, deploy and manage SaaS applications. The platform typically includes
databases, middleware and development tools, all delivered as a service via the Internet. Delivering the industry’s
#1 database (Oracle Database) and #1 application server (Oracle WebLogic Server), Oracle Cloud’s PaaS is the
industry’s leading enterprise cloud platform. Built on proven Oracle technology that runs everywhere, Oracle
Cloud’s PaaS helps organizations drive innovation and business transformation.
» Infrastructure as a Service (IaaS) – Compute servers, storage, and networking hardware delivered as a service.
This infrastructure hardware is often virtualized, so virtualization, management and operating system software are
also part of IaaS as well. Offering a comprehensive set of infrastructure services—including elastic compute and
storage—Oracle Cloud’s IaaS lets businesses run any workload in the cloud. Best of all, IaaS enables a fully
integrated environment that has been optimized for the cloud and provides a unified security model.
Four Deployment Models
» Private Clouds – Infrastructure operated solely for an individual organization, delivered over the internet. It may
be managed by the organization or a third party and may exist on premise or off premise.
» Pros: It’s possible to achieve many of the cost and flexibility benefits of public cloud computing without the
concerns associated with having data stored in a public environment.
» Cons: Initial cost savings are less than with a public cloud, but long-term cost savings will in some cases
exceed the savings of public cloud implementations. This solution also likely requires in-house expertise that
current IT team members may not possess if the private cloud is kept on premise.
» Public Clouds – Shared infrastructure and services where organizations can host/build applications and store
data.
» Pros: Public cloud options offer cost savings, flexibility and elasticity, as well as initial speed of deployment
supported by shared services.
» Cons: Business decision-makers may resist having key data off-site or away from IT’s direct control, and
may not trust the security of data stored on servers shared with other customers.
» Community Clouds – A single cloud environment used by a group of related organizations who wish to make
use of a common infrastructure and/or set of services.
» Pros: In industries such as health care, government, and defense, a community cloud provides a secure
channel for the seamless transfer of vital data.
» Cons: Coordination is required among the members of the cloud community, who must agree on a provider
or central location for the cloud.
» Hybrid Clouds – Use by an organization of private and public clouds for a single application in order to take
advantage of the benefits of both models
» Pros: Hybrid clouds can offer the flexibility and cost savings of the public cloud along with the security and
data protection of the private cloud.
» Cons: This is the most complex cloud solution to manage, and integrating the public and private clouds
requires special expertise.
Cloud for Financial Services
The financial services community is already adopting a mix of cloud service and deployment models for their
business and IT needs, with many business functions within financial services being moved predominantly to the
cloud. Even so, some unique industry needs may keep some core solutions on premise, or out of public cloud
environments.
Highlighted below are some of the areas within financial services that are seeing rapid adoption of cloud computing,
and some additional detail on areas of cloud computing and the benefits they offer to financial services and other
industries.
4 | CLOUD COMPUTING IN FINANCIAL SERVICES : A BANKER’S GUIDE
Figure 2 Cloud Service Options for Financial Services1
Segment Areas for Cloud Computing Adoption
Banking Core Banking Cloud Service
Lending and Leasing Cloud Service
Revenue Management and Billing Cloud Service
Insurance Policy Administration for Life and Annuity Cloud Service
Health Insurance Cloud Service
Rating and Underwriting Cloud Service
Revenue Management and Billing Cloud Service
Revenue Management and Billing for Healthcare Payers Cloud Service
Document Management Cloud Service
Analytics Financial Crime and Compliance Management Cloud Service
Risk Management Cloud Service
Performance Management Cloud Service
Operational Risk Cloud Service
Customer Insight Cloud Service
Regulatory Reporting Cloud Service
1 IDC FutureScape: Worldwide Financial Services 2015 Predictions, NOV 2014
Top Industries Predicts 2014: The Pressure for Fundamental Transformation Continues to Accelerate, Kimberly Harris-Ferrante, Gartner, OCT 2013 Silver linings: Banks big and small are embracing cloud computing, The Economist, JUL 2013
5 | CLOUD COMPUTING IN FINANCIAL SERVICES : A BANKER’S GUIDE
Financial Services executives should use the following chart to determine the best fit for their function or area of
responsibility.
Figure 3 Cloud Service Options for Financial Services
Oracle has developed an evaluation framework, called the Cloud Candidate Selection Tool (CCST), to help IT
organizations determine which applications, services, modules, components, etc. are appropriate for deployment to
a cloud, either public or private.
IT Strategies from Oracle (ITSO) is a series of documentation and supporting material designed to enable
organizations to develop an architecture-centric approach to enterprise-class IT initiatives. ITSO presents successful
technology strategies and solution designs by defining architecture concepts, principles, guidelines, standards, and
best practices.
Please consult the ITSO web site for a complete listing of Cloud documents as well as other materials in the ITSO
series.
“We view delivery of outstanding client service as a priority, which in today’s world needs to be supported by the
best technological core banking platform available.”
GRAEME HARTOP
CEO
HAMPDEN & CO.
6 | CLOUD COMPUTING IN FINANCIAL SERVICES : A BANKER’S GUIDE
Oracle Cloud Strategy
Oracle’s goal is to offer customers choice and a broad set of products and services.
Oracle’s Cloud Strategy is focused on the following initiatives:-
» Provide products to help customers build, deploy and manage private clouds, as well as flexibility to leverage
public cloud services.
» Deliver a wide range of offerings through SaaS applications, PaaS including middleware and database, and IaaS
including servers, storage, networking and associated OS and virtualization software.
» Provide solutions that enable our customers to adopt cloud at a pace that fits their business.
Oracle offers choice as to how customers may consume software and technology with cloud computing. In addition
to traditional on-premise models, customers can avail themselves of the following cloud models:
» Public Cloud: Use Oracle technology as a subscription based service with no asset ownership needs. The
technology will be hosted at an Oracle or Oracle co-location partner datacenter.
» Private Cloud: Use Oracle technology to build their own private clouds and manage it in-house or through a
cloud provider. The private cloud can be hosted at an oracle data center, the customer’s data center, or at an
agreed upon partner’s data center.
» Managed Cloud: Use a third party provider like Oracle to do the IT run and maintain of the Oracle technology
as a managed cloud service. This can also include management of private clouds either at a customer’s
datacenter, partner data center or Oracle data center.
Oracle Cloud Offerings for Financial Services
Oracle Cloud for Industries (OCI) is dedicated to providing services to support industry specific applications. While
the Oracle public cloud offers core Oracle business solutions directly to enterprise customers, OCI provides secure
and highly-available data centers, housing best in class Oracle hardware.
List of Cloud Offerings for Financial Services
1. Industry Specific SaaS
a. Oracle Insurance Data Exchange Cloud Service
b. Oracle Financial Services Revenue Management & Billing Cloud Service
c. Oracle Insurance Revenue Management & Billing Cloud Service
d. Oracle Financial Services Lending & Leasing Cloud Service
e. Oracle Banking Cloud Service
f. Oracle Health Insurance Value Based Payment Cloud Service
2. Oracle Public Cloud
Application Services
Global Human Resources, Talent Management
Marketing, Sales, Service
Enterprise Resource Planning
Enterprise Performance Management
Social Services
Social Marketing, Social Engagement & Monitoring
Social Network, Social Data & Insight
7 | CLOUD COMPUTING IN FINANCIAL SERVICES : A BANKER’S GUIDE
Platform Services
Database, Database Backup
Java, Developer, Mobile, Documents
Business Intelligence, Cloud Marketplace, Object
Infrastructure services
Storage, Compute, Messaging
Cache, Identity, Sync
3. Oracle Financial Services Cloud
The Oracle Financial Services Cloud is a community cloud offering dedicated banks, insurance and
investment companies and securities institutions in addition to other regulated institutions in the financial
industry. This unique offering provides our financial services customers with assurance that their move to
the cloud is in accordance with Oracle’s cloud security standards. The Oracle Financial Services Cloud
supports the Financial Services requirements to manage their Human Capital Management, Financial
Services Management and Customer Relationship Management in the cloud.
Oracle provides a complete set of offerings directly and through our partner ecosystem. Customers leverage
Oracle’s cloud offerings through partners of their choice.
Legal, Regulatory & Data Issues
Security, resiliency, privacy, and disaster recovery associated with the data as well as solvency of the cloud service
provider are critical components of an enterprise cloud strategy.
Service Availability
Oracle Cloud Services are available 24 hours a day, 7 days a week, 365 days a year, except during system
maintenance periods and technology upgrades and as otherwise set forth in the agreement, the ordering document
and Delivery Policies.
Oracle data centers are highly resilient and our cloud services are backed up by alignment with Oracle cloud system
resiliency policy and cloud disaster recovery service policy that includes
1. Resilient infrastructure with component and power redundancy with backup generators to help maintain
availability of data centers in the event of a crisis.
2. Redundant Mechanical-Electrical-Plumbing (MEP) infrastructure that addresses redundant power feeds
and distribution with emergency standby power with battery backups.
3. Redundant network infrastructure with multiple carriers, firewall, switch and load balancer pairs
4. Redundant application servers with multiple physical and virtual servers
5. Redundant DB servers with database tier distributed across multiple physical and virtual servers
6. Redundant storage with protection from individual disk or array failure
7. An established cloud backup strategy with multi-site data replication of customers’ production data with
assistance for restoration to customers data based on order
Oracle disaster recovery and reconstitution of production cloud services has established alternate processing sites
to accommodate for loss of service at primary facility. Oracle has predefined RTO (Recovery time objective) that
determines the maximum time for recovery and RPO (Recovery point objective) in the event of a declared disaster.
Detailed hosting and delivery policies for PaaS and IaaS (Oracle Public Cloud) are available on the Oracle Cloud
Services website:
» Oracle Cloud Security Policy
8 | CLOUD COMPUTING IN FINANCIAL SERVICES : A BANKER’S GUIDE
» Oracle Cloud System Resiliency Policy
» Oracle Cloud Disaster Recovery Service Policy
» Oracle Cloud Service Level Objective Policy
» Oracle Cloud Change Management Policy
» Oracle Cloud Support Policy
» Oracle Cloud Suspension and Termination Policy
Oracle vertical SaaS offerings delivered by Oracle Cloud for Industry for the financial and insurance industries are
governed by the Oracle Cloud for Industry Hosting and Delivery Policies. This includes by reference the Oracle
Cloud for Industry Security Practices document for all services other than DataRaker Cloud Services, which are
governed by the DataRaker specific security document. These documents are listed at http://support.oracle.com
using the following path: Search Knowledge Base > 870963.5 > and selecting the Software as a Service (SaaS)
Documentation link.
Security of Cloud Services
Oracle Cloud for Industry security practices align with the ISO 27002 controls and include:
1. Encryption of external connections with TLS encryption technology standard configurable for all web and
web services based applications.
2. Oracle or content delivery networks (CDN) procures SSL certifications on behalf of customers with a bona
fide and valid certificate authority.
3. Oracle requires supported encryption and authentications that exchange confidential/proprietary customer
data across third parties.
4. Oracle provides data center physical security both at office and production cloud infrastructure with CCTV
monitoring and manual visitor identity recognition and visitor escort management.
5. Oracle provides appropriate network controls that incorporates a layered defense-in-depth approach with
protection of customer data at network, system database and application layers.
6. Cloud services utilizes Network intrusion detection systems (nIDS) to monitor and/or block suspicious
network traffic that are automatically routed to a centralized security monitoring system that are monitored
24x7x365.
7. Oracle provides restrictive access to authorized personnel with strong passwords that includes minimum
password length, password complexity and multi-factor authentication for administrative users to reduce
risk of intruders gaining access through exploitation of user accounts.
8. Authentication, authorization are implemented as a standard security policy for approved operations staff
with cryptographic controls and support for secure remote connections.
9. Oracle cloud provides audit, configuration and vulnerability controls with proactive vulnerability
assessments, approved configuration changes as per written SOPs with regular audits to confirm
compliance. .
10. Oracle provides hardening of system and network devices across all cloud infrastructure that is not limited
to protocol access and removal of unnecessary software and services, user accounts, patching with
setting of appropriate logging levels based on compliance requirements.
11. Oracle cloud services provide a variety of configurable information protection services for customer data
management and protection that includes data encryption at transit and rest, strong key management,
secure media disposal and standard decommissioning and secure data transmission such as SFTP, AS2
or WebDAV over HTTPS. Payload encryption is required for data being transferred outside Oracle
network.
12. Oracle also provides data privacy, information protection and regulatory governance with evaluation and
response of suspicious incidents by providing and defining escalation paths and response teams as with
9 | CLOUD COMPUTING IN FINANCIAL SERVICES : A BANKER’S GUIDE
oversight from the Global information security (GIS) organization. Cloud services security controls are
aligned with ISO security framework and IEC standards.
Please visit the Oracle Cloud for Industry support website for the detailed security policy.
Oracle has data centers across the European Union, USA, Canada and Asia Pacific including Australia to address
the residency of data for Financial Institutions. In all cases the primary data center resides in the host country or
jurisdiction.
Considerations for Cloud Service Provider Selection
Several capabilities to look for in a cloud provider:
1. Does the cloud provider have established security and privacy programs that are re-enforced by
independent certifications?
2. Has the provider established a set of rich features to provide security and privacy protections?
3. Do they have confidence in network and computing resources to meet and scale enterprise business
demands without impact to availability?
4. Does the provider have the required redundancy and protections at various levels to protect from business
impact events such as disasters
5. Is the provider committed to an experienced security function and is willing to collaborate on security and
risk topics with the customer?
6. Does the provider offer both cloud based and on premise versions of their applications?
7. What is the migration/exit strategy if you decide to change services? Are any of your configurations
transportable outside their cloud service? What about core data?
8. Does the vendor offer a complete service lifecycle from production through cloud service / SaaS (single
ownership)?
Cloud technology has the ability to have positive impacts throughout an organization, but adopting it can be done at
a pace that makes sense for the business. Starting with a cloud behind your firewall or subscribing on a limited basis
to cloud applications and compute services from a trusted cloud vendor can kick off adoption.
Choose a cloud provider with solutions that are pre-integrated and tested to work across the entire stack, whether in
your data center or in the cloud to assure a smooth operational transition and facilitate ease of adoption and
integration with existing business practices and processes.
Further Reading
IT Strategies from Oracle
IT Strategies from Oracle (ITSO) is a series of documentation and supporting material designed to enable
organizations to develop an architecture-centric approach to enterprise-class IT initiatives. ITSO presents successful
technology strategies and solution designs by defining architecture concepts, principles, guidelines, standards, and
best practices.
Access the ITSO website for a complete listing of Cloud documents as well as other materials in the ITSO series. A
list of related documents is provided below.
» Cloud Practitioner Guides
» A Pragmatic Approach to Cloud Adoption: For enterprises that seek to transform their own IT capabilities and
avoid adverse disruption in the process, a structured and pragmatic approach to Cloud computing is
10 | CLOUD COMPUTING IN FINANCIAL SERVICES : A BANKER’S GUIDE
required. This practitioner guide details a framework that can be used within any organization for developing
such an approach to Cloud adoption.
» Cloud Reference Architectures
» Cloud Foundation: Cloud computing offers the potential for substantial reduction in IT costs while increasing
IT agility. This document describes architectural characteristics and expectations of Cloud from a business
and operational perspective. Architectural principles, standards, concepts, and a conceptual view for Cloud
architecture are also provided.
» Cloud Infrastructure: Cloud computing has emerged as one of the most important new computing strategies
in the enterprise. This document focuses on Cloud from a provider view. It covers the capabilities for public
and private Clouds, a discussion of Cloud architectures, and provides key architecture views to jumpstart a
Cloud architecture initiative.
» Cloud White Papers and Datasheet
» Oracle’s Approach to Cloud (data sheet): Successful adoption of Cloud computing requires the definition of
an approach that aligns with business drivers and operational capabilities. This is why Oracle has developed
a pragmatic approach, based on experience with numerous companies, to help customers successfully
adopt Cloud. This data sheet provides an executive overview of Oracle's proven approach to Cloud.
» Cloud Candidate Selection Tool: Oracle offers a comprehensive cloud evaluation framework to help IT
organizations determine which applications, services, modules, components, and more are appropriate for
deployment to either a public or private cloud. This white paper describes the tool and how to use the
resulting analysis.
» Cloud Computing Maturity Model: Oracle offers a comprehensive cloud maturity model based on collective
experience and best practices. Maturity models are useful to benchmark yourself against others in your
industry, gauge progress on your initiatives, and perhaps even discover that you are on track to achieving
your goals. This white paper provides you a framework to evaluate your cloud initiative.
11 | CLOUD COMPUTING IN FINANCIAL SERVICES : A BANKER’S GUIDE
Oracle Corporation, World Headquarters Worldwide Inquiries
500 Oracle Parkway Phone: +1.650.506.7000
Redwood Shores, CA 94065, USA Fax: +1.650.506.7200
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the
contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0615 White Paper Title : CLOUD COMPUTING IN FINANCIAL SERVICES : A BANKER’S GUIDE November 2015 Author: Oracle Cloud for Industries Contributing Authors: Oracle
C O N N E C T W I T H U S
blogs.oracle.com/financialservices
facebook.com/oracleFS
twitter.com/oracleFS
oracle.com/financialservices