Digitally native banking helps banks get products to market faster and rethink the customer experience. And even though many banks are dissatisfied with their legacy core banking systems, our research found that banks have concerns over moving to modern, cloud-based core banking platforms. The top three concerns are:
To learn more about the cloud-native sticking point, 10x's Brand and Content Manager, Jacob Story, sat down with our VP of Engineering, Jonathan Sowler.
In the following interview, Jon explains why banks should consider hosting critical banking systems in the cloud, why the cloud tends to be more secure (not less), and why agility is vital.
Watch the full interview below or use the headings on the left of this page to navigate to specific answers.
For more detailed info on core banking migration, get a copy of our whitepaper: Making Sense of Cloud-Native Core Banking Migration.
I think of about 20 years ago when enterprises talked about moving to the cloud, and the same concerns were expressed. At the time, I worked with multinationals, and most enterprises have learned that the cloud is a more secure place, not a less secure place, than their own data centers.
The security standards in the cloud and the security measures around the cloud data centers are just cost-prohibitive for most businesses. So most businesses find that to be a cloud vendor, the three dominant cloud vendors practice absolutely world-class security. It's fundamental to their business. Although banks are security machines, they will find that this is an area where they can buy a service that is absolutely fit for purpose. And they can focus on the risk management of running cloud services, but also on focusing resources elsewhere.
So it feels like we're in the same position with financial institutions that enterprises were in 20 years ago, not quite 20 years ago, 15 years ago when they were faced with migration to the cloud. And how many technology and security organizations stood up and said, "No, it's insecure. We lose control." How can we trust these organizations?" And now you have to make a case, I guess, I mean, I can't even imagine a case for not putting something into the cloud.
Anybody who looks after customer data needs to have some good data security measures and data protection plans in place. So, if I put data on the cloud, I have the same sort of access control. I can back up the data, I can replicate it between data centers, and I can manage risk in different ways. I still need to demonstrate that I'm securing that data appropriately and managing access to that data. Not a lot has really changed from having that data in your own data center.
If anything, I've now got the ability to back up and use a set of security tools that would be prohibitive or would require specialist staff in my own data center. There's not a lot that has ostensibly changed between those worlds. It's a different way of thinking, but just because I have something in my data center, as many organizations have proved over the years, doesn't mean it's any more secure.
[There's a] False sense of security that I own the data center, but then, you know, how good is my team? How good is my hardening and implementing all the protective measures? How much testing do I really do? Are those protective measures in place and working as they should?
And we know that the cloud vendors are obsessed with security because of reputational risk.
If every other bank is managing to be agile and risk managed–so that's a new discipline here–around being agile, risk management becomes part of what you do, then you're going to be outpaced by the competition. So we're seeing lots of new banks.
We've had the neobanks. We're seeing lots of new entrants for the provision of financial services. So banks need to focus on how they can be more agile. If you think about the history of 10x, Antony Jenkins is our founder. He founded 10x very much on the basis that, as the CEO of a large multinational bank, he couldn't move quickly enough on great product ideas. So it took teams too long to provision new services, to make changes to back-end systems, to bring services to market.
The way that 10x has built its service you can do the holy grail in banking: you can do a proof of concept for a new banking product, you can tweak things very easily, you can have a product manager go in with no coding support, and look at the product definition, and change it and play with it and understand what the market is looking for in ways that you've never been able to do.
These capabilities include the ability to A/B test, run proof of concepts, and trial different versions of products. The retail industry, for example, has been doing this for decades. And yet, banking is only now catching up. So you've got a fundamental shift. The fact that one bank can do it means sooner or later, all banks will be trying to find ways to be more agile to add services more quickly. You look around the industry, and you look at how quickly a bank like Revolut managed to support different geographies and add services. So, at one point, Revolut was a simple charge card for payments. And now you can buy crypto on there, I think you can trade stocks, get credit cards, and all sorts of additional products. And that speed is terrifying for financial institutions that take decades to get new products to market. So something needs to change.
Also, think about what's happening in society at the moment – climate change is a good example. It's going to push us to change a lot of our behaviors. Will that need new financial products? Or offer opportunities for traditional providers to be disintermediated and lose existing businesses? All big changes in human history have offered opportunities to disintermediate, change, and disrupt the way industries work.
So now is the time for banks to be taking advantage of what are now fairly established technologies. The cloud isn't new. There's a lot of science and discipline around how you secure services and deliver services at a fast pace in the cloud. And there's a lot of good practice that can be readily adopted.
Run a proof of concept. We can turn a proof of concept on in hours if not minutes. So, run a proof of concept. Start in a way that allows you to put your toe in the water without committing a huge amount. The problem with legacy bank infrastructure is to run a proof of concept, I need to set everything up in my data center, and I need to secure connections to the outside world. You know, I can't just press a button and get going.
We're offering the ability just to get going and run a proof of concept, build up some expertise and skills, and get in-house staff familiar with how you work and develop in these ways, with no to very little capital investment needed. That's the beauty of this way of working: you can build your skills slowly or quickly over time. But you don't have to go and build a complete data center and buy hardware and harden it, install the software, configure the networks, run your risk processes across it, and do everything that you have to do to commission services in the legacy world.
I can't see why financial institutions wouldn't do this. This is going to happen anyway. You might as well lead from the front. Whether you're going to be a leader or a fast follower, you need to acquire those skills. And you can acquire those skills without making a huge upfront investment. So start running those proof of concepts and start understanding how you deliver banking services in new ways.
For more detailed info on core banking migration, get a copy of our whitepaper: Making Sense of Cloud-Native Core Banking Migration.