Device42 – Official Blog

Towards a Unified View of IT Infrastructure | The Official Device42 Blog

ArticlesCMDB

How Banks & Financial Institutions Use IT Infrastructure Visibility to Become More Resilient

How Banks & Financial Institutions Use IT Infrastructure Visibility to Become More Resilient

Banks and financial institutions provide critical infrastructure that supports consumers, businesses, and societal functions worldwide. As a result, they need to be change-ready and resilient, able to seize new opportunities, scale with business demands, and proactively address the latest risks and threats. This article covers:

  • IT in the finance and banking industry: Providing a brief history of the role of IT in the industry, the digitization imperative due to fintech competition, IT challenges, and cloud adoption.

  • The role of security and compliance with financial IT infrastructure: Covering US and EU regulatory requirements for data and system security. Highlighting strategies for improving security, such as using infrastructure visibility and dependency mapping to identify and remediate sensitive data exposures and other vulnerabilities.

  • Meeting scalability and performance requirements: How IT operations tools like configuration management databases can help teams identify workloads for cloud migrations and identify and address performance bottlenecks.

  • Enabling regulatory reporting and audit readiness: Empowering key stakeholders to get audit-ready with detailed, on-demand reporting that identifies assets and critical information, such as their locations, data use, upstream and downstream dependencies, criticality for disaster recovery, and more. 

  • Ensuring disaster recovery and business continuity: Providing vital intelligence that stakeholders can use to develop and test disaster recovery and business continuity plans and make continuous improvements that improve service quality.

  • Integrating with financial applications and systems: Describing how APIs and connectors enable banks to connect IT operations tools to systems using a wide range of protocols, data formats, and standards.
  • Evolving financial IT to meet emerging demands: How banks can use configuration management databases to grow, innovate, and meet regulatory and other requirements.

IT in the Finance and Banking Industry 

Finance institutions provide access to capital and enable money flows worldwide, providing consumer, corporate, and investment banking services. Consumers and organizations can transact on checking accounts, save with deposit accounts, secure loans, and execute trades, among other tasks. With these processes undergirding most transactions, it’s unsurprising that finance and banking companies are considered critical infrastructure providers. 

Technology has always played an important role in finance and banking. Companies still operate decades-old mainframes to execute transactions at scale because this technology is scalable and reliable. Finance and banking companies also have many legacy applications that support customer-facing and back-office processes. These systems are sometimes difficult to migrate and modernize because they support intertwined business processes. However, they are costly to maintain, require legacy programming skills that are hard to obtain, and impede these organizations’ ability to transform at market pace. 

With the rise of fintechs, finance and banking institutions have had to accelerate transformation. Cloud-native fintechs offer digital payments, banking, and lending; crypto; cash advances, buy-now, pay-later services; trading; wealth management; and other services. Consumers now routinely use services like Venmo, Robinhood, SoFi, Affirm, and others to manage their financial lives. At the same time, small businesses can take payments and run financial operations using Plaid, Square, Stripe, Intel’s QuickBooks, and others. 

Banks and other financial institutions have embraced digitization, transforming the customer experience with cloud, data, analytics, and artificial intelligence. They’re moving workloads to the cloud slowly but steadily. Banks have migrated 35% of enterprise workloads to the cloud, such as collaboration and business applications; 20% of all data and analytics workloads; 21% of surrounds; and 7% of core processing. (Surrounds refer to customer-facing technology, such as ATMs, online banking, mobile banking, call centers, and relationship management tools.) And while core cloud adoption has lagged, most (82%) of banking leaders now plan to move more than half of their mainframe workloads to the public cloud. 

In addition to the complexity of their environment, banking leaders have been slower to adopt the cloud because of security concerns. However, hyperscalers have strengthened data protections, while technology such as configuration management databases (CMDBs) and cloud data security platforms enable IT to identify sensitive data exposures that need remediation. 

Banking and financial companies are accelerating cloud adoption to future-proof their business, ensure access to crucial programming skills, and create the agility and resilience they need to prosper in any market condition. To do so, they need to increase visibility into their asset base, identify workloads that are good candidates for cloud migrations, and tightly manage changes and configurations to prevent security gaps. CMDBs provide the capabilities to accomplish these critical goals. 

Ensuring Security and Compliance with Financial IT Infrastructure

Finance and banking institutions are governed by various data privacy and security regulations, such as the Gramm-Leach Bliley Act, the Sarbanes-Oxley Act, the Payment Card Industry-Data Security Standard in the US, the General Data Protection Regulation in the European Union, and others. In addition, banking stress tests, which typically focus on ensuring sufficient liquidity amidst market shocks, are now being extended to cybersecurity. In the European Union (EU), the European Central Bank (ECB) is conducting its first-ever cyber resilience stress test, evaluating how banks respond to and recover from a major cyberattack. The test spans 109 banks in the EU. While US regulators don’t yet use stress tests this way, they could, as new EU regulations are often adopted by other regions. The Federal Reserve Bank (FRB), Federal Deposit Insurance Corporation (FDIC), and Federal Financial Institutions Examination Council (FFIEC) all monitor US bank activities regarding cybersecurity preparedness. 

Next-generation CMDBs like Device42 help banking stakeholders, including IT, security, risk management, and compliance, meet current and evolving regulatory requirements that span data sovereignty, data security and privacy, system security, breach reporting, and remediation requirements. CMDBs automatically discover all physical, software, virtualized, and cloud assets; maintain a living inventory of all of these resources; and capture vital information about how the IT environment is changing. They capture vital information, including application owners, users, dependencies, traffic flows, and all changes and configurations. CMDBs further show where sensitive data, such as personally identifiable information (PII), lives and enrich insights with third-party information, such as vendor and solution names and common vulnerabilities and exposures. IT and security teams can use this information to prioritize patches and sensitive data exposure remediations, improving their organizations’ security posture. 

Meeting Scalability and Performance Requirements

Banking IT systems must scale to enable business growth and meet fluctuating customer demand in any market condition. In addition, applications and services must maintain uptime and throughput to ensure exceptional performance. While mainframes have provided scalability and reliability, they don’t allow banks to innovate fast, putting them at a disadvantage in a market that values speed and innovation. 

Over half (57%) of banks have adopted hybrid/multi-cloud strategies to create greater scalability and resilience. They can run workloads efficiently, add capacity automatically, move capacity to where it’s most needed, and gain specific functionality to run their business.

Thus far, banks and financial institutions’ progress to the cloud has been slow due to leaders’ concerns about security, risk management, and the complexity of operating multi-cloud infrastructures. However, these leaders are accelerating their path to the cloud as core maintenance costs mount and legacy programming skills become more challenging to find. Banks spend about two-thirds (67%) of IT budgets on maintaining current systems, leaving just 22% for growth and 11% for innovation. By tapping key cloud use cases and cost levers, Fortune 500 financial institutions can gain $60-80 billion in run-rate EBITDA in 2030. 

CMDBs can help IT leaders make strategic decisions about scalability and performance. IT teams can use CMDBs to identify workloads to migrate to the cloud and bottlenecks harming application performance. CMDBs integrate seamlessly with IT service management platforms like Freshservice, providing vital, up-to-date device intelligence that enables teams to investigate incidents rapidly and focus most of their time on restoring applications and services. With these insights, IT can optimize application uptime and performance.  

An international trading company uses Device42 to maintain 100% uptime, which is essential for its line of business. The IT team leveraged Device42 to create a single repository of device information, enabling it to manage its complex environment easily. 

Enabling Regulatory Reporting and Audit Readiness

Financial services is a highly regulated industry. Banks and other financial institutions must meet key regulatory requirements as described above. They are overseen and audited by different agencies. In the US, the Office of the Comptroller of the Currency (OCC), the FRB, the FDIC, and the FFIEC oversee banking operations. The European Banking Association (EBA) regulates and oversees banking operations in all member states in the EU. In addition, banks are also governed by internal requirements. 

As a result, IT and compliance teams need to meet regulatory requirements by providing accurate, near-real-time insights into their IT asset base. This information helps these teams prove compliance with data security, privacy, and sovereignty requirements and ensure cybersecurity readiness with tabletops and other exercises.

CMDBs provide detailed reporting on demand, with data, analytics, and visuals that help stakeholders evaluate audit readiness and identify and address problem areas. Reports break out assets by type (such as cloud resources and virtual machines), owner, location, vulnerabilities, changes, and configurations. IT teams can also enhance reports with custom fields such as backup location, replacement cost, and whether they are critical for disaster recovery (DR). 

IT can customize and automate these reports, ensuring internal decision-makers have the latest information on their institution’s growing asset base. By acting on reporting data, teams proactively remediate risks, reducing the likelihood of regulatory findings and fines. 

A large regional bank with $1.9 billion in assets used Device42 to prepare for an audit by the FDIC, which was required to keep its FDIC-insured status. The bank’s IT team needed to provide an up-to-date inventory of all network assets, including their locations, how they were connected, and how they interacted. The bank used Device42 to automatically generate reporting with this information, including which assets contained PII. 

Explore:

IT Discovery for Compliance: Ensuring Your Company Meets Regulatory Standards

Implementing and Managing a CMDB: Security and Compliance Considerations

Compliance Standards: An In-Depth Multi-Chapter Guide

Ensuring Disaster Recovery and Business Continuity

As critical infrastructure providers, banking and financial institutions must demonstrate to regulators that they can maintain operations and recover from major incidents, such as natural disasters, technology system failures, or cyberattacks. Regulators in the US overseeing financial sector disaster recovery (DR) and business continuity (BC) include the FFIEC, FRB, FDIC, OCC, National Credit Union Administration, and Securities and Exchange Commission. The EBA, ECB, and National Competent Authorities (member state-level regulatory authorities) oversee DR and BC in the EU. 

CMDBs map dependencies between devices, applications, and services and help teams visualize traffic flows. IT and other stakeholders can quickly identify business-critical applications and backup locations. They can use these insights to develop BC/DR plans, quantify risks, and test failovers. When disasters occur, they can rapidly identify applications and services that are in scope, notify business owners, and prioritize restorations. 

IT teams can further integrate CMDBs with ITSM platforms to provide vital data that enables experts to identify root causes of issues, address them to prevent recurrences, and continuously optimize processes. And when DR issues are due to changes or configurations, they can roll them back to restore systems quickly.  

Read:

Improving Disaster Recovery and Business Continuity With a CMDB

Integrating with Financial Applications and Systems

Bank IT environments span hybrid cloud environments with cloud infrastructure, SaaS and online business applications, cloud storage, on-premises mainframes, custom applications, and sensitive on-premises data stores. In addition, banks using a multi-cloud strategy must manage cloud assets across vendors. All of this creates significant complexity for IT teams. 

These different systems use diverse technologies and protocols, including modern APIs, legacy systems with proprietary interfaces, and mainframe environments with their communications standards. Applications may use different data formats and standards for communication and data storage. Business applications often rely on specific configurations, data flows, and business processes. 

How can IT overcome this complexity to discover, inventory, and manage assets? They can use modern APIs to communicate and exchange data seamlessly with many systems. APIs offer predefined endpoints, data structures, and authentication mechanisms and can be used to connect most modern applications. 

For those systems that can’t connect with APIs, connectors provide specialized adapters to integrate applications. They often provide pre-built functionality and connectors tailored to specific applications, such as mainframes or non-standard data sources. Connectors abstract complexities around data formats, protocols, or unique system designs, allowing legacy and modern applications to communicate. 

Device42 provides an extensive RESTful API library and custom connectors to enable seamless integration with financial systems. IT teams can use these assets to connect and auto-discover assets, ensuring they always have an up-to-date picture of asset performance and health. 

Evolving Financial IT to Meet Emerging Demands 

Industries and businesses are changing rapidly in an era of data, digitization, and AI. Banking and other financial institutions must rise to this challenge by evolving business models and IT infrastructures to support new modes of customer engagement and innovate products and services. 

Device42 provides banks and financial institutions with the data, analytics, and reporting they need to upgrade, modernize, and extend their infrastructure and networks. IT teams can leverage automated discovery, dependency mapping, and other tools to improve infrastructure health and performance while meeting security, compliance, BC, and DR requirements. 

Learn more about Device42

Share this post

Rock Johnston
About the author