When I started in Investment Banking IT, at Salomon Brothers, we were pioneers. Often the first financial and often commercial users of many things. Sun workstations, Cisco routers, Mosaic browsers, all docs in HTML, Oak before it became Java, Perl and yes even Windows 3.1……
Seems so long ago. But we invested in the latest and actively sought it out as a competitive advantage – and it worked well.
Now the banks are generally stuck in their legacy silo’s and very encumbered by their lack of ability to change. Security which is the “big thing” in many organisations, is laughably compromised by the sheer age of the tools that they are using.
One bank I was working in a while back were so proud that they were not hit by Shellshock, and I was quite surprised. Until I dug around and found that all their external facing kit was so old it was pre-bug….
A lot internal debate and energy in the banks remains around storage, server farms, licensing of product vs open source etc. All with charges maintained at artificially high levels internally to encourage change, but the cost of the change outweighs the charges, and the required change is seemingly always pushed to the application owners, who have bigger fish to fry than getting off old stuff.
The use of Cloud for both server capacity and storage is being approved by regulators for non-core functions, but most banks are nowhere near ready.
In five to ten years time, it will become increasingly hard to actually buy kit to run in data centres, instead of just purchasing Cloud infrastructure, but the banks will be on eBay buying boards to keep their kit running..
Half the core applications at peoples desks are running on what are deemed End-User Applications. Many of these are critical to the running of the organisation. Which delays the roll out of desktop upgrades, as most are in Excel, and too difficult to upgrade to later versions and macros.
Internal networks are 10-15 years old, and the kit facing external connections still running legacy kit against very slow connections. Across the banks we have worked in the last several years, the Internet connections are worse than most of us have in our living rooms. This prevents the effective use of Cloud or SAAS or Virtual Desktops or even dynamic VPN technology.
The industry need to look at SAAS solutions for non-core functions sooner rather than later. They need to centrally invest and manage programs to upgrade infrastructure, and not give it up to the Systems Integrators to avoid responsibility, but own it themselves.
It would be good to see the banks at the forefront, moving to Mac’s for their desktops, shift EUC to compute farm based web services applications, move to an integrated Cloud based environment for areas allowed by the regulators, implement low or zero footprint SAAS style applications to replace legacy, and upgrading their networks to current kit for internal and external connections.
If this is not happening soon, the security and vulnerability of many institutions will remain a real and growing concern, until it is too late, and they are no longer a going concern.