Build a foundation for operational resiliency in financial services

In response to increasing demand and changing market conditions, financial services organizations are rapidly expanding their digital services, moving an increasing number of applications to third-party platforms and services like public clouds. In fact, 45% of financial firms have a multicloud strategy in place and use an average of three public cloud vendors.¹

As a result, firms’ reliance on third-party vendors and hyperscalers continues to grow. By 2025, it is expected that 54% of financial firms’ applications will run in a public cloud²,  and many organizations already run critical applications in public cloud environments. Accordingly, digital operational resiliency has become a greater concern. Worldwide, regulatory agencies are issuing many requirements — like the European Union’s Digital Operational Risk Act (DORA) and the U.K.’s Prudential Regulation Authority Supervisory Statement 1/21 (PRA SS1/21) and Financial Conduct Authority Policy Statement 21/3 (FCA PS21/3) — to address these risks. North American regulators, including the U.S. Security Exchange Commission (SEC), the U.S. Office of Comptroller of the Currency (OCC), and the Canadian Office of the Superintendent of Financial Institutions (OSFI), have also openly discussed adding new guidance. And regulators continue to update guidance to keep up with technological change.

Even so, existing approaches to operational resiliency often fall short of what is needed to mitigate operational failures and disruption and comply with these growing regulations. Financial services organizations need new strategies for addressing operational resilience in a digital cloud-based world.

The term operational resiliency is typically used to refer to an organization’s ability to recover from incidents and events. For example, if the servers running a core application fail, your organization may invoke emergency procedures to recover lost data and restart the application on different servers.

At Red Hat, we take a broader, more proactive approach to operational resiliency. We believe that to be truly resilient, your whole organization must be adaptable and make change a part of normal operations, rather than simply responding to events in a reactive manner. This means implementing organizational structures, operational processes, and IT technology that is flexible, agile, and ready for change at any moment. In addition to minimizing the impact of incidents and failures, this approach allows organizations to capitalize on new opportunities and implement new requirements and regulations faster and more easily.

This overview discusses key considerations for building a technology foundation to support operational resilience across your organization.

While operational resiliency encompasses more than just technology — your organizational culture and processes are also critical — your technology stack serves as a foundation for your staff and operations. An effective technology foundation can help you:

• More easily articulate your resilience to regulators and shareholders.
• Comply with existing and new regulations.
• Improve business and IT agility to remain competitive.
• Attract the next generation of technologists and customers.

When designing your technology foundation, focus on capabilities that will support operational resilience, business continuity, and rapid adaptation of services and vendors. You should base your design on the core principles that disruption will happen and failures will occur.

Effective implementation of your operational resilience and technology strategy relies on collaboration and acceptance across your organization. You should also be sure that all applicable teams — including application development, data privacy, security, compliance, infrastructure, and operations teams — are involved in both creating your strategy and building your technology foundation. Each team has unique needs that should be addressed from cultural, procedural, and technical perspectives.

The following sections detail areas of consideration for planning your strategy and foundation.

Operating system and application platform

A key statute of operational resiliency is portability — you must be able to deploy and move applications and data across different infrastructures to deal with changing conditions. Efficient, effective application and data portability requires a consistent operating foundation across your entire environment, including on-site datacenters and public cloud infrastructure. Deploying a flexible hybrid cloud platform can help you achieve this consistency to support faster, easier application and data portability.

Open source and open standards-based hybrid cloud platforms can help you create a consistent operating layer across vendors and technologies. Interoperability with a wide selection of software, hardware, and cloud vendors gives you more choice and flexibility.

Data sovereignty and availability

Many financial services organizations operate across multiple geopolitical regions and must comply with regulatory requirements in these jurisdictions. Your technology foundation should include detailed data placement and control capabilities to ensure that you can meet regulatory and data sovereignty requirements. However, because applications rely on data for operation, your technology foundation also needs to account for data portability in addition to application portability. Your foundation should additionally address overall data protection, availability, and scalability to support both traditional and cloud-native applications.

Application portability

Application portability is also a concern for many financial institutions. A technology foundation that can be deployed in an on-site datacenter owned by your organization, as well as public cloud environments, can help mitigate risks associated with operating large numbers of critical applications and processes on infrastructure owned by other organizations and entities. If needed, you can move or redeploy cloud-based applications and data to your on-site datacenter. A consistent foundation across datacenter and cloud infrastructure also allows you to deploy, manage, and operate applications in the same manner regardless of where they are located.

Application architecture

New application architectures and development approaches let you rapidly deliver critical applications and services that can be run across datacenter and cloud environments. An operationally resilient technology foundation can help you adopt modern DevSecOps approaches to build high-quality, resilient, portable applications. Operationally resilient applications are more contextually independent, allowing them to be deployed on a variety of infrastructures. These applications typically have few or easily satisfied dependencies and well-defined interfaces. You can also design your applications to take advantage of the features of your technology foundation to enhance performance, capabilities, and reliability. 

Legacy application support

Many organizations operate a mix of traditional and modern applications. Your technology foundation should support all of the existing applications that you intend to deploy on it. While most financial organizations plan to modernize their legacy applications, they cannot immediately abandon these investments and must modernize iteratively over time. Adopting a technology foundation that can support scalability, availability, and resiliency for legacy applications without major changes can ease your transition to modern, cloud-native application architectures.

Automation

IT automation is critical for operational resiliency. Manual failover and migration processes can result in delays, errors, lost business, and regulatory repercussions. IT automation with tools like Red Hat® Ansible® Automation Platform lets you handle both simple tasks and complex scenarios with less, if any, human intervention. As a result, you can respond to unexpected events faster and streamline planned deployments and migrations. IT automation can also help you maintain compliance with security and regulatory policies and control configuration drift. Adding a flexible IT automation platform to your technology foundation lets you automate across your infrastructure and organization to improve speed, efficiency, and consistency. It can also help you operate legacy applications in a more resilient manner.

Red Hat takes an open hybrid cloud approach to modern applications and IT. An open hybrid cloud strategy lets you architect, develop, and operate a mix of applications and delivers a truly flexible cloud experience with the speed, stability, and scale required for digital business. An open hybrid cloud inherently addresses operational resiliency challenges, allowing you to comply with industry regulations. In fact, 54% of financial firms are modernizing their datacenters to better support a hybrid cloud strategy, and another 38% are planning to do so in the next 2 years.

The benefits of our open hybrid cloud approach also extend beyond operational resiliency.

• A modern, open hybrid cloud environment provides the flexibility and interoperability needed to adapt to new technologies and methodologies.
• A consistent operating and application foundation unifies your on-site and cloud infrastructures to provide increased visibility into and control over resources across your environment.
• Standardized development processes, design approaches, and operating models connect disparate tools and teams across your organization to increase collaboration and innovation.
• An open hybrid cloud also includes the capabilities needed to support modern DevSecOps and cloud-native approaches to application development across your entire environment.

Based on this open hybrid cloud strategy, Red Hat offers a foundation for operational resiliency for financial services organizations.

Red Hat offers a portfolio of integrated products for building open hybrid cloud environments. Red Hat® open hybrid cloud solutions let you create a consistent foundation for application portability, scalability, and resiliency. These solutions are modular, allowing you to deploy what you need now, extend your environment as needs change, and integrate with other Red Hat and certified third-party products to customize your infrastructure. Each component provides key functionality:

• Red Hat OpenShift® is an enterprise-grade cloud platform with full-stack automated operations to manage hybrid cloud and multicloud deployments. It lets you consistently run and move applications across on-site datacenters and cloud environments, including Amazon Web Services (AWS), Google Cloud, IBM Cloud, and Microsoft Azure. Red Hat OpenShift also supports containerized, legacy, and cloud-native applications and provides key capabilities for constructing a hybrid cloud foundation, including built-in security capabilities, monitoring, logging, and service and resource management.
• Red Hat Enterprise Linux® CoreOS is a specialized distribution of Red Hat Enterprise Linux, optimized for running Linux containers on Kubernetes. Through minimal system use, immutability, regular updates, and managed operations, it reduces risk and complexity for your environment. Because it is based on Red Hat Enterprise Linux, Red Hat Enterprise Linux CoreOS inherits a mature, comprehensive delivery and support model with a robust ecosystem. Included with Red Hat Enterprise Linux CoreOS, the Compliance Operator assesses the compliance of both Red Hat OpenShift’s Kubernetes application programming interface (API) resources and the nodes running the cluster. The Compliance Operator uses OpenSCAP, a collection of tools certified by the National Institute of Standards and Technology (NIST), to scan and enforce security policies.
• Red Hat Ansible® Automation Platform delivers consistent, user-friendly automation for your entire IT environment and organization, allowing you to adopt resilient operating models. The platform includes all the tools needed to implement enterprise-wide automation — including deployment, configuration, backup, recovery, and migration operations — in hybrid cloud environments, at scale.
• Red Hat Advanced Cluster Management for Kubernetes offers end-to-end visibility and control to manage your Red Hat OpenShift clusters and application life cycles. A unified interface helps you continually enforce security and compliance policies at scale across your environment to meet operational resiliency requirements.
• Red Hat Advanced Cluster Security for Kubernetes is an enterprise-ready, Kubernetes-native container security solution that helps you build, deploy, and run cloud-native applications more securely. It integrates with DevOps and security tools to help you mitigate threats and enforce security policies that minimize operational risk to your applications.
• Red Hat OpenShift Data Foundation is a scalable data and storage services layer that provides data efficiency, resilience, and security for Red Hat OpenShift environments. Engineered as the data and storage services platform for Red Hat OpenShift, it helps teams develop and deploy applications quickly and efficiently across clouds.
• Red Hat Quay is an open source container image registry that provides storage and allows you to build, distribute, and deploy trusted containers across datacenter and cloud environments to support resilient operations and application portability. It provides additional security for image repositories with automation, authentication, and authorization systems. 

A Red Hat open hybrid cloud foundation allows you to build naturally resilient applications and environments to support your business. The following practices can help you get started on your path to operational resiliency. The letters that follow each Red Hat product correspond to those shown in Figure 1.

• Start by deploying Red Hat OpenShift (A) on two or more infrastructures — including on-site datacenters, private clouds, and public clouds — to create your hybrid cloud.
• Use Red Hat OpenShift Data Foundation (F) to create, replicate, and synchronize persistent storage across multiple environments or availability zones.
• Use industry best practices with built-in operating system and platform capabilities to consistently configure, manage, and operate your environment via Red Hat’s integrated management and automation tools (C, D, E). Common best practices include everything-as-code approaches, implementation of source control and change management practices, configuration of security and network guardrails, and automation of provisioning and policy enforcement.
• Use Red Hat Ansible Automation Platform (C) to connect your hybrid environments, orchestrate application deployment and movement between environments and availability zones, and increase overall operational speed and accuracy.
• Use Red Hat’s management and automation tools (C, D, E) to connect to and manage native service offerings like infrastructure, developer, application, and data services. For example, you can choose to use database services from your public cloud provider and create automation playbooks to orchestrate data portability and availability between infrastructures. Red Hat OpenShift (A) also offers many services to increase consistency across dependencies and streamline movement between infrastructures.
• Customize your environment with third-party tools and services through Red Hat’s certified partner ecosystem (H). Open integration interfaces and partner certification let you use both existing and new development, test, operations, and security tools with your Red Hat hybrid cloud foundation. Many vendors offer certified Red Hat OpenShift operators or certified software containers to simplify installation and management. You can also purchase and deploy many software products directly from Red Hat Marketplace.

Many financial services organizations are already benefiting from hybrid cloud foundations based on Red Hat OpenShift. For example, a leading insurance provider in Europe uses a full stack of Red Hat technology to support their public managed cloud strategy, which incorporates multiple public cloud vendors. Red Hat OpenShift allows the company to comply with local financial regulatory requirements while staying as flexible as possible to minimize migration efforts if they need to change one of their public cloud vendors.Their Red Hat foundation has also helped the insurance provider speed software development, boost employee productivity, and improve financial transparency and business agility.

Operational resiliency is a top concern for financial services organizations that operate in the cloud. Red Hat provides an integrated, flexible, and consistent open hybrid cloud foundation to support operational resiliency across datacenter and cloud environments and prepare you for future change and success.

See how other financial services organizations are using Red Hat technologies or learn more at redhat.com/en/solutions/financial-services.