You don't get much bigger in the financial services industry than UBS. The global investment bank and wealth management company operates in 50 countries around the world, has 60,000 employees and in 2013 saw pre-tax profits hit over $4.5 billion. Given this, it will come as no surprise that technology is critical to the delivery of its global services and that there is marginal room for error. Group CTO, Corey Voo, was speaking at a diginomica affiliate partner's event this week in London, 451 Research's European Hosting & Cloud Transformation Summit, where he gave a real insight into the limitations of true public cloud for organisations of this calibre.
He explained that UBS is about to embark on its third generation cloud deployment – what is essentially a highly virtualised, on-premise infrastructure. It was interesting to hear Voo say that although UBS has been dabbling with public cloud at a software level,in terms of core infrastructure and systems, he doesn't see the company getting anywhere near even a hybrid model for at least the next couple of years. Some of this is down to data privacy – although there are problems with integration and migration (which will be addressed later on).
“Our first generations of cloud were private, on premise. Our third generation will also be private. One of the reasons for that is that we are very concerned by data privacy, it isn't just about security anymore, it's about data privacy. Back in the good old days when we had co-locations, hosted services, etc. - when I chose as an IT provider to place data into a third party data centre, I didn't have to ask the question, am I allowed to place that data in that third party data centre? Today I have to ask that question, so data privacy is becoming a key point.”
Voo also said that UBS has trialled a global infrastructure-as-a-service provider but that the inconsistency in performance across different geographies wasn't acceptable. He also said that cloud companies aren't yet ready for the complexity of applications that are used by global organisations such as UBS, which have been tweaked and personalised for many years.
“If I am building a mission critical application there are ways of treating that application from a design perspective, that have matured over generations, over years of architectural design, engineering and so on. Trying to achieve the same thing in an external cloud environment is nearly impossible today.
“Simple things like, we did an experiment where we placed one half of one of our applications on one European cloud instance of a cloud provider and we placed the second half of the application on a North American instance of the same cloud provider – we couldn't connect between the two and the footprint of both installations were different. The North American cloud installation for this provider was two generations old, the European installation was one generation old. So the European one took less resources, the North American one took more resources.”
Regulation is stifling our global servicesWe at diginomica have been following the ongoing data sovereignty debate for many months now, which has only intensified as the Snowden/NSA/PRISM revelations continue unfold. European data regulators are seeing red and wanting to pull out of the US, cloud providers are increasingly having to build in-country data centres at significant costs and CIOs, or whoever is making the decisions, are having to get a firm grip on where their data sits. This is no different for Voo at UBS.
However, he isn't happy with the where things are headed and said that by regulators putting in stricter controls, this is 'slowing down the concept of globalisation'.
“You've got countries like Germany promoting a European internet, companies advocating not using US cloud providers because of the fear of the NSA snooping on them etc. That type of fear and paranoia is permeating across the broad business base as well and our business people are beginning to ask those questions as well – such things like, is it possible to remove yourself of US technology? Which for a company like us is ludicrous, it's just impossible.”
Ludicrous indeed and quite a challenge when you are running a global business. Voo went as far as to say if things continue down this path, offering a seamless experience to UBS customers, no matter their location, could become increasingly difficult.
“My response to this is, as IT providers, these are things that we have always had to deal with anyway. The fact that it has become more prioritised in terms of high level focus, is just a by-product of the media pushing it up in the mindset of people.
“But fundamentally we have a problem, because if this continues we are going to end up in a situation where an external cloud just isn't a viable option for us going forward. If the regulators are going to force us to continue building installations that are in the countries that we do business and holding the data there – we are going to be in a position where we won't be able to offer global services. It's a trend we are trying to fight against at the moment as a bank.”
The death of traditional outsourcing
Voo raised another interesting point, where he said that the traditional model of outsourcing is no longer one that UBS is pursuing. This is something I've been seeing for many months now across both the public and private sector, and although perhaps isn't particularly surprising, should serve as a word of warning to all the traditional outsourcers reading this.
In this day and age where innovation, agility and new delivery models are assessed on a regular basis – not every five to ten years – outsourcing faces a huge challenge.
“The growth in traditional outsourcing to solve complex business problems is pretty much dying out across my peergroup. [Outsourcers work by looking at] the mess we have, consulting with us over a ninth month period about how to optimise that process, and then giving us a magic solution at the end and running it for X number of years at a vastly reduced cost.
“That cost-minus model is dying out as an objective, certainly for big companies like us. We are slowly moving away from outsourcing as a model for acquiring services and moving more towards acquiring outcomes. So if I want to deploy Lync 2013 to 43,000 people I'm going to find find somebody that can deploy a standard Lync 2013 installation to 43,000 people. I'm not going to contract to a third party who is going to consult for me for six months about how to get a Lync 2013 installation to 43,000 people.”
Voo added that all of the outsourcers that have a relationship with UBS are trying to convert themselves to cloud providers and that cloud is becoming a part of their language and portfolio – because this is becoming the new-age of outsourcing. Outsourcers recognise that companies now want standardised services as a utility, rather than highly complex services that are taken out of their control run at the same level of service for ten years. It's just not flexible enough.
“Outsourcing is not a model we want to do anymore.”
A need for brokering and integration in the cloud
Finally, I was quite surprised that UBS is still at least two years off even a hybrid cloud model (for core systems and infrastructure) – let alone considering putting everything in the cloud. Yes, this is a bank we are talking about and everything is all the more conservative in the financial sector, but the problems that Voo raised weren't just about data privacy, as you might expect. His problems are around brokering of cloud services and integration – practicalities that are proving difficult to overcome.
Firstly, on the brokering front, Voo said:
“We are investigating situations where if it is economical and appropriate for us to put a particular process outside our perimeter, we will do that. But it will be on a case-by-case basis. There are big gaps in cloud solutions today – one is a cloud broker function. Anyone who has tried to do this magical thing of moving workloads from inside to outside, or between cloud providers, that's actually really hard to do today. There are different profiles, different commercial models, different tariffing – trying to solve all that is hard and we have to do that internally today. Brokerage capability in the cloud somewhere is one big gap.”
And on the integration point, he said:
“Today I manage some secure gateways out to the internet, and they are very large and very complicated pieces of installations. The problem is that those connections are a finite resource for me. If I'm going to go to the cloud fully, we are going to have some kind of integration capability in the cloud environment.
“We don't have that today and I'm forced to build that – you end up with this weird model where I'm trying to connect between two disparate cloud providers, and the interconnect point is me. It's my data centre, so I have to move all the data from one cloud provider into my data centre and back out to the other cloud provider. That's kind of dumb. We will go hybrid when it's ready, but it's not ready yet and I don't see it being ready for another two years or more.”
I found Voo's insights fascinating. More than anything they provide a reality check for anyone who thinks that all big companies are fully invested in the cloud and on their way to putting core systems outside their four walls. Yes financial services firms are a different breed, but there were two other companies speaking alongside UBS today – one a global law firm and the other a life sciences company in the UK – and both of them echoed his sentiments. Both are are currently operating a private cloud, on-premise - hardly stuff of the future.
Not to say that these companies aren't trying, they want to get there. But it just seems that there are a number of factors at play that make it very difficult for them – everything from data restrictions, to privacy concerns, to a lack of practical cloud tools that make migration and integration easy. All of the companies said that they are dabbling in fringe software-as-a-service tools, which is good, but in terms of putting the core things in the cloud, it seems that's still a number of years off for some.