Few areas are more important in financial services than operational resilience. The Bank of England has given firms until 2025 to demonstrate it is “a major consideration in their investment programmes.” Europe’s Digital Operational Resilience Act (DORA), meanwhile, will apply from January 2025 – and calls on banks, insurance companies and investment firms to demonstrate IT resilience to severe operational disruption.
At a Chatham House rule event on March 12, convened by The Stack and sponsored by Dynatrace, senior industry leaders joined a panel discussion and networking dinner to discuss the IT and organisational challenges ahead, as banks grapple with complex hybrid infrastructure, rapidly evolving regulatory requirements and pressure to innovate.
Citi’s Supratim Ghose, Global Head of Core Banking Platform Modernization, Architecture and Integration; HSBC’s Jyotsna Chandrani, Global Head of Change Risk Assessment; and Morningstar’s Neil Davidson, CTO, EMEA, led a panel moderated by The Stack’s Ed Targett.
They touched on the “resilience” created by the stability of “legacy” systems and challenges around their modernisation; the importance of value stream mapping; and the challenges created by a reliance on fragmented monitoring tools and manual analytics strategies.
As one speaker put it: “In a big organisation with a global footprint, getting a single view of a taxonomy across the entire organisation is important but very challenging – particularly if an end-to-end process is not necessarily defined properly or standardised.” (A common challenge.)
Another speaker noted that a cloud migration had offered an “opportunity to really take a fresh look at resiliency and bake it into our new cloud-native deployments, in cloud native architectures” – but that achieving a single view of hybrid infrastructure remained tough.
In a fireside Q&A, one attendee referenced the British Library’s recent post-mortem of a ransomware attack, which emphasised the need for a “significant culture change needed to fully embed cyber security at the heart of [its] technology rebuild” and candidly captured the challenges around securing and building resilience into its “unusually diverse and complex technology estate” – a characteristic many banks certainly share.
Dynatrace’s Martin Bradbury, who leads the company’s sales for financial services clients in the UK and Ireland, then joined the panel.
He highlighted the unified observability and security company’s ability to provide automated discovery and mapping of applications and their infrastructure components across very diverse landscapes – helping users identify where systems or applications are struggling and how to improve resilience; often before they impact customers. (“There’s nothing worse than being notified by a customer when something has gone down” as a panellist agreed. “It’s a horrible feeling when they spot it first!”)
As Dynatrace’s chief executive earlier highlighted to The Stack, Dynatrace offers out-of-the-box insight into things like Istio/Envoy service mesh communications as well as Kubernetes services from all of the hyperscalers. Its offering also provides insight for vastly different older on-premises systems. He emphasised to us that whilst companies and, indeed, engineering teams might be building tidy self-serve capabilities – whether that’s using native observability capabilities of the platforms they’re using, or things like OpenTelemetry, OpenTracing, OpenMonitor, OpenCensus, etc. – a common outcome is highly fragmented insights into the different components that make up a modern application.
As Dynatrace’s Martin Bradbury put it at The Stack’s event: “When I, as a banking customer, log in with that mobile app, apply for a mortgage, or try to buy an insurance policy, what I care about is the outcome and actually, that's what the business cares about, as well.
“But typically within their organisation the authentication process, the login journey, the customer identity processes and all the tools around those are very siloed; visibility is often actually very poor and not joined-up. With organisations moving to the cloud and microservice-based architectures, that complexity is getting worse.”
He highlighted Dynatrace’s recent “State of Observability” report which notes that 87% of technology leaders say multicloud complexity makes it more difficult to deliver an outstanding customer experience – and that 83% of technology leaders say replacing manual issues tagging with automated dependency mapping is essential for operational resilience.
Powerfully, he emphasised, all this data flowing between the different parts of an application or banking system, is also valuable in its own right – not just for supporting observability purposes. That’s why Dynatrace’s platform integrates not just security, but business analytics that can help identify process anomalies (helping organisations spot credit card payment errors, product outages, and non-IT process issues for example).
It can, now, even help report IT carbon footprint at the data centre and host level, by translating utilisation metrics like CPU, memory, disk, and network I/O into energy consumption in kWh and CO2 equivalents; with many delegates at the event flagging that energy efficiency and emissions reductions were also priorities, this capability drew some attention.
Operational resilience and planetary resilience? That’s worth fighting for.