Guy Warren, CEO of ITRS Group
As we begin 2023, businesses and firms should be considering ways to preserve and set their IT systems up for success. With technology continuing to develop at a fast pace, preserving IT systems must remain a top priority for those in the banking sector.
In March 2022, the Financial Conduct Authority’s (FCA) new guidelines designed to strengthen the operational resilience of the UK’s financial sector came into force. These regulations showcase the importance of operational resilience and observability, giving the financial sector the ability to adapt and recover from disruption.
To support the banking sector on its journey to overcome challenges in the coming year, we’ve put together five top tips to help overcome these barriers.
- Renovate legacy systems
For a long time, it was assumed that renovating software with cyber security in mind, would be too expensive and therefore burdensome to develop. However, third-party vendors are now enabling firms to get their IT estates up to scratch quickly, consistently, and affordably, allowing them to forgo a complete revamp or overhaul. These types of vendors may be the key to allowing struggling firms – particularly smaller ones – to avoid legacy rot and move into the next era of digital transformation with minimum cost and maximum efficiency.
Firms must remember that as they inevitably move forward with digital transformation that new technologies are constantly being layered on top of legacy systems. Instead, companies must work to update or replace the dated components as outdated IT systems can do more damage than good. More often than that, they lead to estates becoming increasingly complex and make the observability of the transaction flow nearly impossible.
- Get to know your system
As businesses are now required to declare the level of uptime they are prepared to commit and stick to, they must ensure they keep on top of a data led approach.
Banks that are struggling to comply with regulations can look to Google’s popularisation of the Site Reliability Engineering (SRE), performance delivery. The SRE is considered the gold standard of uptime monitoring for internet giants and firms interested in digital transformation ambitions.
The SRE approach involves tracking data and trends over a long lifespan to identify and quickly fix degrading performance levels and uses both Service Level Objectives (SLOs) and Service Level Indicators (SLIs) as a two-phase early warning system to ensure they are never close breaching their SLAs.
While Google has the benefit of massive resources and an incredibly experienced team dedicated to the monitoring of this data, third party providers can support smaller businesses with remote specialists and purpose-built software.
- Optimise Cloud capacity
Usage of the cloud has surged over the past few years and as a result, organisations have spent enormous amounts on cloud solutions. However, 35% is currently going to waste, equating to approximately $80 billion of total global cloud spend going down the drain each year.
This is largely due to the challenges of accurately predicting cloud costs and demands. Moving to the cloud requires extensive planning if it is to be done effectively. It is not a simple “lift and shift” transition where the cloud estate is mapped out as a virtual equivalent to the physical estate.
A crucial first step is to take a thorough inventory of the demand of the business’ workload. Businesses must start by downsizing their estate and using in-depth analytics to gain a thorough understanding of workload behaviour.
Firms can ensure accuracy, once they gather all this information, allowing them to optimise their environment for the right workload configuration and spend accordingly. This means more accurate sizes and, in the majority of cases, decreased financial input.
- Know your limits
Pre-testing is crucial to determine what the production environment can handle in order to know for sure that it will function properly at peak demand. Businesses must pinpoint not just the overall system capacity limit but also any specific bottlenecks and performance-impacting pinch points.
Let’s say you’ve had a problem with cloud migration and some of your clients are having IT challenges as a result. As soon as your other customers hear of this and rush to check their own applications, the issue is exacerbated by more users putting additional pressure on the application.
In order for banks and firms to maintain operational resilience measures and avoid further cyber security costs, they must ensure they are constantly using effective monitoring tools.
Businesses can suppress the white noise and focus on what’s important in real-time by implementing a proactive monitoring system that includes physical, cloud, and third-party estates. This will help them anticipate and mitigate IT failures before they happen and save costs ahead of the current unstable economic climate.
- Integrate Zero Trust
In 2022, 39% of UK businesses identified cyber-attacks – among them, around a quarter experienced a cyber-attack at least once a week.
Firms must start integrating security into their operational mindset from now, as opposed to traditional ideas that treat security as separate to operations. As the number of people working from home has increased, businesses must take greater measures against cyber security threats and organise proper training for those working in production on the critical importance of cybersecurity.
The best new practice involves a Zero Trust approach, which puts pressure on businesses to show proof of every transaction, even inside their own data centre. The benefits are evident. If you view every piece of software with the assumption that it’s untrustworthy and you oblige users to prove they’re authorised to access it every single time, the risk of hacking becomes almost negligible.
Looking ahead
With the FCA’s regulations firmly in place, it’s essential that banks continue implementing new strategies and procedures with these requirements in mind as the landscape continues to evolve over the coming years. The last nine months have gone quickly, and it won’t be long before the implementation window is closed and the FCA begins handing out fines for non-compliance.
The bottom line is this: if you say you can’t afford to prioritise the operational resilience of your systems, you risk being labelled a laggard.
