Connect with us

Banking & Payments

HSBC goes cloud-first

Find out why, and how, the bank is migrating sensitive customer and market data to cloud vendors.



Some geekery for our financier readers: a byte is a unit of memory size, usually defined as a group of eight binary ones and zeroes (bits) that operate as a unit in computing.

A petabyte is a unit of information equal to one thousand million million, or 250, bytes.

A petabyte, then, is a lot of data. It represents billions more ones and zeroes than can be processed on a P.C. or an iPhone.

HSBC now has 169 petabytes of data on its servers. A year ago it only had about 100 petabytes.

“This is what made us go to the cloud,” said David Knott, U.K.-based chief architect of the bank’s I.T. “Managing that much data takes a lot of effort and computing power. We found we were spending more time managing the infrastructure for data than we were using the data to figure out what our customers wanted.”

Darryl West, the bank’s global chief information officer, now based in Hong Kong, is blunter: “We have a cloud-first strategy.”

Fast calculation

For example, the bank has moved global liquidity reporting processes to vendor cloud. Daily reporting took up to 14 hours a day on its proprietary servers but now takes less than three hours on Google Cloud. The bank’s consumer payments app, PayMe, took six hours to process certain usage analytics reports on-prem; now it takes two minutes.

Knott said: “We can now calculate our end-of-day liquidity position prior to start of business, meaning the business can respond to situations (both crisis and opportunity) much more quickly.”

We have a cloud-first strategy

Darryl West, HSBC

This is just the beginning.

HSBC worked with cloud vendors Google, AWS and Microsoft to help them be able to manage issues relevant to financial institutions, such as scalability, data location and security. “It would be great if everyone got behind the cloud movement, because it makes the industry safer,” West said, speaking at a conference organized by Asifma, a capital-markets industry association (DigFinwas a media partner).

A change in strategy

This is a departure from other banks, such as BNP Paribas, Citi and Standard Chartered, which have told DigFin they are committed to using on-premise cloud, that is, their proprietary servers. They are using third-party vendors only for generic data.

Banks have been reluctant to outsource to vendors because they fear lack of control over data, the risk of a security breach, concentration risk with a single vendor, and the potential of regulatory crackdowns on where data is located.

HSBC was no exception but its team decided about two years ago to embed itself with several vendors to help them upgrade their capabilities to meet the needs of global banks.

What is cloud computing?

At its most basic, cloud computing is pretty elemental: it’s disks (hard drives), servers, and cables, housed in a building. It’s the same for on-prem, except vendors spread the hardware around and lease it to multiple clients. On top of this sit a software layer that lets users (a bank, a corporation) consume the data being computed on these servers, and a service layer to provide users with databases, identities and security.

It’s then up to users deploy their own applications, using their own data. But whereas other forms of outsourcing involve handing over a full stack to a vendor (the end-to-end data, servers, apps, and even the humans), cloud lets users retain the data, the applications and the people. That also means users such as banks retain the intellectual property around how the outsourced service works.

The cloud lets me balance design goals

David Knott, HSBC

Knott says HSBC decided to embrace vendor cloud because it resolved tensions between cost and flexibility, among other problems.

On-prem, the DIY of computing, requires a bank to decide whether to buy the extra hardware to accommodate its highest level of computing needs. Banks with on-prem servers face similar tradeoffs between security and innovation, or resilience and speed. But vendor clouds don’t have these problems: because users pay only for what hardware processing they consume, they can cut costs when needs subside.

Vendor risks, rewards

HSBC rolled out its PayMe app on Microsoft’s Azure cloud service. Doing so meant that the I.T. and business teams are alerted when PayMe computing hits certain thresholds, giving the bank the ability to decide whether to run, say, a particular analytic.

“The cloud lets me balance design goals, rather than keep them in tension,” Knott said.

Working with vendors does, of course, entail risk. But so does doing everything in-house. HSBC operates on the principle that a vendor shouldn’t increase its operational risk exposure.

With cloud, risks come in two varieties. First is technical: things break. Banks have a playbook for handling routine failures of hardware: contingency plans and backups. But most banks tend to have just two major data centers per region (as per regulatory norms). HSBC has two centers in the U.K. and two in Hong Kong; were either location to see both centers go down, the bank’s operations would be severely impacted.

The same is true of cloud vendors, but their servers are plentiful and globally distributed; vendors tend to move client workloads around as a matter of course, to mitigate the impact of a building or a broader location suffer disruption. They are far more resilient.

The second risk is vendor exposure. With classical outsourcing, any client is at risk of becoming locked in and dependent upon a technology vendor, to the extent that it can’t risk a commercial breach.

Knott says this is true in cloud computing too. But this is not unique; banks are reliant on, say, Intel for chips or Microsoft for its Windows operating system. These also have vulnerabilities that affect banks, such as when Windows was afflicted by malware such as WannaCry. The only thing banks can do is patch the holes.

The bank moves

So, Knott reasons, the same will be true with cloud, but at least HSBC can use multiple providers; moreover as vendors’ own protocols become more compatible, it’s feasible for a bank to migrate among them, albeit slowly.

HSBC currently divides workloads. It puts most big data, analytics and machine learning processing with Google. It splits new digital customer-facing app computes between Google and AWS. It uses them plus Microsoft for taking on legacy applications that HSBC is gradually moving from proprietary to cloud servers.

HSBC worked with Google and other vendors to upgrade their data protection, so the bank can now understand where its data is (for both regulatory and security purposes), and to ensure only the bank can see it. The solutions it worked out with vendors around multiple layers of private keys (to encrypt or decrypt data) are now available to the wider marketplace.

“We still have a large on-prem infrastructure,” said West, the CIO. “Over the next five to 10 years, that infrastructure will shift. Cloud is a massive opportunity.”

DigFin direct!

Register to receive DigFin's newsletter

  • Hauptseite
  • Grocery Gourmet Food
  • HSBC goes cloud-first