evaluating cloud computing risk :recounting pbb’s journey into the cloud - keith s. chan
TRANSCRIPT
EVALUATING CLOUD COMPUTING RISKS:
Recounting PBB’s Journey into the Cloud
March 2015 Keith S. Chan, ABCP
www.pbb.com.ph
AGENDA
About Philippine Business Bank
Case Study: SaaS/Community Cloud
Case Study: IaaS/Private Cloud
Understanding Risks on Cloud Computing
www.pbb.com.ph
PBB was incorporated and began operations
• Expansion to 18 branches• FCDU operations approved by
the BSP• Approval to undertake trust
operations• Accredited as GS Eligible Dealer
ACS increased to PHP1.0bn
• Acquired Kabalikat Rural Bank (incl. 5 branches) & obtained approval for 13 new branches
• Expanded to 32 branches• Integrated ATM operations
• First savings bank allowed to offer trade finance
• Established foreign correspondent bank network
Expanded to 65 branches
Increase in ACS to PHP10 bn
Listed at PSEOn FEB 19
The 5th largest thrift bank in the Philippines in terms of asset size in the thrift bank industry.
Part of the Yao Group of companies with business interests spanning food and beverages; air transportation; trade and marketing ; real estate development; and financial services.
Deliberately focused on the SME market
PBB has 116 branches as of 2014 all over the country.
www.pbb.com.ph
PBB opened an average of 5 branches per year in the past 15 years
'97 '98 '99 '00 '01 '02 '03 '04 '05 '06 '07 '08 '09 '10 '11 '12 '13 '14
19 14 14 14 16 18 20 21 22 27 32
4855
6578
100 102
4
Branch Network Expansion
Note: 2014 Figure is as of June 30, 2014
1997-2008 > 32 branches (avg. 3 branches/year)2008- Dec 2012 > 46 branches (avg. 11 branches/year)2013 > 22 branches116 branches in 2014
116
www.pbb.com.ph
PBB’S JOURNEY INTO CLOUD
2009, PBB became the 1st savings bank to be granted the authority to issue Foreign Letters of Credit and pay/accept/negotiate import/export drafts/bills of exchange by the Bangko Sentral ng Pilipinas.
The International Banking Group was created with one business requirement for IT… to join SWIFT in electronic payment transmission of MT messages.
July 2010 - PBB signed with a SWIFT SaaS provider for the electronic messaging and it went production in 1 month.
March 2012 - PBB migrated to SWIFT Ver 7.0 by SaaS provider.
Plans underway for 2013 to virtualize data center on the success of SaaS.
Integrated on-premise Treasury System with the SWIFT on SaaS for straight-through-processing.
Data center virtualization completed mid 2013 with core banking system running on a private cloud.
Mid 2014 Completed Virtual Disaster Recovery Facilities
www.pbb.com.ph
2010 SWIFT CHALLENGE (SaaS/Community Cloud)
First thrift bank to be granted authority to
issue Foreign Letters of Credit and
pay/accept/ negotiate import/export drafts/bills
of exchange by the Bangko Sentral ng
Pilipinas.
One of the Bank’s International Banking
Group strategy is to be a member of SWIFT.
Information Technology Group tasked to
provide the SWIFT payment gateway…
soonest possible time.
OPTIONS: Traditional on-premise or
Software-as-a-Service
www.pbb.com.ph
THE BUSINESS CASE: SWIFT on SaaS
•IT Strategy adopted SWIFT on SaaS due to faster time-to-market and
lower IT expense. Satisfied client’s requirement and enabled the bank
to make available the service at the quickest possible time.
Traditional On-premise
SaaS/Cloud
Time to Market 3 months 1 month
Investment 196% higher 51% lower
Annual cost 238% higher 42% lower
www.pbb.com.ph
CLOUD INTEGRATION?
In 2013, Straight-
Through-Processing
(STP) Integration from
an on-premise Treasury
System to the SWIFT on
SaaS.
www.pbb.com.ph
BENEFITS
Financial – Low upfront investment, tiered pricing based on transaction volume – competitive advantage.
Agility and Rapid Deployment –Application was ready 1 week after contract signing. Applications can be accessed from any computer with the proper VPN.
Availability – SLA defined commitment of the SaaS provider.
Scalability – resource provisioning with provider.
Ease of Technology Management –Version upgrade by provider, no servers to maintain.
Environmental Friendly - less energy consumption of Data Centers.
www.pbb.com.ph
2012 IT INFRASTRUCTURE CHALLENGE(IaaS/Private Cloud)
Need to replace old slow servers (aged 8-10 years), modernize to provide higher data center service level and increase computing resources at the same time reduce operating cost and minimize technology risks.
Future Proof the IT Infrastructure, able to address short, mid and long term business IT Infrastructure.
Preserve low cost advantage of mission critical applications. No major issues on core banking system.
Transform data center without disruption to business. Risk on changes to processes and systems can be disruptive to growth momentum when replacing core systems.
Improve Disaster Recovery Response.
OPTIONS: 1:1 replacement of servers or transform to a virtual/private cloud.
www.pbb.com.ph
Financial – IT Optimization (10:1 ratio), no new capex for mission critical application replacement.
Agility and Rapid Deployment –Software definable servers no waiting time.
Availability – Built-in Redundancy with virtual DR Site
Scalability – IT resources can be grown in Virtualization – future proofing the data center
Ease of Technology Management –Transformation of IT Operations -Simplified.
Environmental Friendly – lessen energy consumption of Data Centers.
BENEFITS
www.pbb.com.ph
LESSONS FROM LEVERAGING ON CLOUD MODELS
Virtualization is only the technology, but the strategic used that transformed and future proof our data center on an enterprise level without business disruption and maintaining the financial advantage, meet the short, medium and long term business needs while sustaining scalability and reliability, fiscalized the value of cloud models to meet and scale up to business demands.
IT optimization can be achieved through reduction of data center real estate, energy consumption, simplified IT operations and furthermore, it can extended the life of mission critical applications specially if it is the competitive advantage of the bank and speed up time to market. It could level the playing field for mid-sized banks to compete with the economies of scale of the larger banks.
www.pbb.com.ph
CLOUD COMPUTING RISKSRegulatory Framework
Critical Business Data Exposed
Skill Shortage
Reliance on Third Parties/Outsourcing
Guaranteed Performance/Service Levels
Service Provider Outrages/Disaster Recovery
Broadband Availability/Reliability
Cost-savings Benefits Disappear as Demand Grows
Unwanted Updates and Functions
Vendor Lock-in/Restoring to On-Premise Cost
Data Sovereignty
“There is no such a thing as risk free. Who dares… Make things happen!”
www.pbb.com.ph
Fixed Cost
NUMBER OF TRANSACTIONS
C
O
S
T
COST BEHAVIOR OF PAY-PER-USE
Variable Cost
Pay-per-use
www.pbb.com.ph
New Regulatory Guidelines on Cloud Computing
(Philippines)
August 1, 2013 – BSP approved Circular 808 stating the Guidelines on Information Technology Risk Management for All Banks and Other BSP Supervised Institutions.
Annex 75e Section 4 – IT Risk Management Standards and Guidelines on IT Outsourcing/Vendor Management –Emerging Technologies
www.pbb.com.ph
The use of cloud
services is no
different to any
form of
technology
outsourcing.
www.pbb.com.ph
CLOUD IS A SERVICE MODEL ALTERNATIVE
• Software-as-a-Service –
Cost effective/fast
deployment outsourcing
model.
• Cloud Infrastructure
(Virtualization/Private
Cloud) – a model to future
proof, transform and
optimize IT infrastructure.
“Look for the cloud model that fits your business case.”
www.pbb.com.ph
Recipient of the following Awards:
• 2014 – “Best Banking Technology, Philippines”,
Global Banking and Finance Review, London.
• 2014 – “Philippine Domestic Technology and Operations of the Year”,
Asia Banking and Finance, Singapore
• 2013 – “Philippine Domestic Technology and Operations of the Year”,
Asia Banking and Finance, Singapore
IDC Financial Insights Innovation Awards: Cited among the top 30 Financial Technology Initiatives in the Asia/Pacific regions.
• 2014 - “Future Proofing with Enterprise Data Center-Virtualization” (The only Philippine based bank on the list.)
• 2012 – “SWIFT on SaaS”
• 2011 – “SWIFT on SaaS”
IDC Asia/Pacific Published Case Study:
• March 2014, “Philippine Business Bank: Data Center Transformation to Meet Future Business Demands” by the International Data Corporation (IDC) Asia/Pacific Headquarters, Singapore. [IDC #AP246107]
Awards, Citations and Case Studies on PBB’s Technology Initiatives
www.pbb.com.ph
Keith S. Chan, ABCP
FVP, Information Technology GroupPhilippine Business [email protected] [email protected]
Contact Information