Blockchain, FinTechs or Banking 4.0: The digitalization of banks, financial service providers and insurance companies is marching on. According to a study from Google, more than 80 percent of finance providers worldwide use the cloud to achieve a competitive edge in this dynamic environment. This enables them to be more productive and implement innovative business models more quickly. However, there are also challenges: for example, mapping the regulatory provisions of the European Banking Authority (EBA) in the cloud.
Financial processes must also run securely and reliably in the cloud. Regulatory authorities – on a national and international level – want to make cloud usage secure and transparent by means of various guidelines. According to a Google study, the goal of the authorities, among others, is to standardize checks in the course of an audit. In addition, standards for the introduction and operation of cloud solutions, reporting, and technical training for supervisory personnel are a key concern here.
Are public cloud providers, in particular the large hyperscalers, actually complying with their service level agreements (SLAs)? Even minimal deviations can cause significant damage, for example, if critical real-time financial transactions malfunction for several seconds and the international securities trade comes to a standstill. To guarantee the security and soundness of the European banking system, the European Banking Authority has consequently decided to more stringently regulate the outsourcing and use of cloud services. In Germany, the EBA guidelines are incorporated into the provisions of the Federal Financial Supervisory Authority (BaFin).
The supervisory authorities have stipulated that regulated companies must show evidence of independent SLA monitoring for their cloud services within the scope of financial audits. This means that they must be able to monitor the level of compliance with SLAs for the hyperscaler cloud resources they use. "Independent," in this case, means that the SLA monitoring may not be provided by the affected provider.
To remove the burden from banks, financial service providers, and insurers, T-Systems offers independent SLA Monitoring as a managed service, including for multi-cloud environments. We ensure that regulated companies can execute their audits successfully because they can guarantee that all outsourced workloads and applications subject to the SLAs of hyperscalers are being monitored.
Today, many of our customers from the finance and insurance sector are already using SLA Monitoring from T-Systems. Only recently, a major German financial marketplace decided to adopt the solution. The securities specialist operates a majority of its workload on the Google Cloud Platform and Microsoft Azure. To make sure it is equipped for its next audit, it wanted to have the capability of monitoring compliance with SLAs by hyperscalers transparently and round the clock.
While we provide SLA Monitoring via Microsoft Azure, SLAs from other hyperscalers can still be analyzed and monitored using the service. At its core, our solution is based on multiple Microsoft services: Azure Functions for data management, Azure DataFactory for data processing, Azure SQL for data storage, and Power BI for data visualization. The solution automatically queries the respective source data and provides the required information concerning availability. Which hyperscalers are hosting which resources is irrelevant here.
In order to use our SLA Monitoring, customers need a corresponding tagging strategy with which they can assign individual cloud services to their projects or employees. In addition, an Azure subscription is required through which the customer can obtain the resources for our SLA Monitoring. We are currently not offering SLA Monitoring as a standard service as, so far, we have always adapted the services to individual customer projects. Nevertheless, our goal is to provide a standard offer in future as we have identified a significant need for SLA monitoring in the finance and insurance sector.
This is what our SLA Monitoring offers all finance institutions, financial service providers, and insurers that must comply with the EBA guidelines:
the expertise of an independent, reliable partner with regard to leading public cloud providers such as AWS, Google Cloud Platform, Microsoft Azure, or Open Telekom Cloud.
