- IBM publicly launched its financial services-specific hybrid cloud in April.
- IBM’s top cloud exec explained how it helps customers reduce vendor onboarding times.
- IBM has 109 vendors on its Wall Street-focused cloud.
IBM’s finance-focused cloud is looking to speed up how quickly its customers can start working with the group of vendors it partners with.
With a network that includes 109 software providers, IBM has plenty of options for its financial clients. And it’s keen to save them time when looking to work with a new vendor.
Howard Boville, head of IBM’s hybrid cloud and previously CTO at Bank of America, told Insider the process of assessing and onboarding a new vendor, known as vendor risk management, is a pain point in the industry.
“Imagine that you want to get some innovation from a fintech provider,” Boville told Insider. “After 18 months to two years of brain damage that that poor fintech had to go through, you probably missed the innovation cycle, and the poor fintech is probably bankrupt because it’s taken so long.”
IBM Cloud for Financial Services is the tech company’s Wall Street-focused hybrid cloud launched in April. Bank of America, BNP Paribas, and MUFG serve as anchor partners that co-develop with IBM in the US, Europe, and Japan, respectively.
It also has a network of 40 global banks, called the IBM Financial Services Cloud Council, that collaborate on IBM’s cloud security and are IBM Cloud customers in various capacities.
IBM recognized that 95% of the vendor onboarding process was similar among banks, Boville said. So the tech giant got its bank customers comfortable with a standard control framework developed by the National Institute of Standards and Technology, a non-regulatory body that works to promote innovation.
The framework, which includes more than 1,000 controls, was applied to the IBM Cloud for new vendors joining the ecosystem. Customers can now work with vendors quicker because they’ve already met significant requirements. Onboarding times have been shaved down to as little as one week in some cases, Boville said.
Continuous monitoring of the vendor is required, and IBM can ensure those controls are being followed even after the first onboarding phase, Boville said. Controls are automatically updated on a monthly basis to reflect changes in global regulation, adjustments to tweaks in privacy, and capture new cybersecurity threats, he added.
IBM is automating more of the process
IBM has streamlined vendor risk management even more by automating roughly 15% to 20% of the controls via data integrations that prove the vendor is adhering to them, Boville said.
The process will never be fully automated, Hillery Hunter, CTO of IBM Cloud, told Insider, due to the nature of some of the controls. Some simply can’t be automated while others aren’t technical in nature or don’t need to be, she said.
As for the controls IBM is looking to automate, there’s a priority list that’s largely influenced by what banks see as the biggest risks.
Securing code, which ensures software developers aren’t introducing new risk as they update or add features to their services, is one area of focus, Boville said.
IBM’s Security and Compliance Center, launched in September 2020, includes a rules-based tool preventing code from moving to a production environment if a given policy is not being met.
A big driver to developing the tool was a data breach with a financial institution and public cloud provider a year and a half ago.
“The cloud service provider’s platform is inherently very secure, but it just had so much choice in that it was built for a different marketplace,” Boville said. “That situation was a really good developer, a really good secure platform, but there was so much choice that they left something open they shouldn’t have.”