Built for operational resilience in the era of AI and hybrid cloud

Every year we see the challenges they face become more complex as they struggle to keep up with emerging technologies like generative AI and customer expectations rise.

For highly regulated industries, these challenges take on a whole new level of expectations as they navigate an evolving regulatory environment and manage requirements for privacy, resiliency, cybersecurity, data sovereignty, and more. Organizations in financial services, healthcare and other regulated sectors must place a much greater emphasis on risk management, not only to meet compliance requirements but also to maintain customer trust.

To achieve this, it is important for businesses to focus on operational resilience with the goals of maintaining stability, maintaining market integrity, and protecting confidential business and customer data.

Operational Resiliency Priorities

In our view, the core of operational resilience is the assumption that disruption is inevitable and that organizations must put measures in place to absorb and adapt to any shocks. This includes cyber incidents, technology failures, natural disasters, etc. As our reliance on technology and third and fourth parties increases, there is a growing expectation that organizations must continue to deliver critical business services in a safe and secure manner, even during major disruptions. This means actively minimizing downtime and reducing gaps in your supply chain to remain competitive.

This differs from long-standing industry disaster recovery practice, where companies traditionally return to normal operations within a few days of an event using defined recovery point objectives and recovery time objectives. Although still an important practice, preference for traditional disaster recovery approaches is decreasing across industries, especially among regulators. This applies to federal banks in the UK (Bank of England’s Significant Third Party Framework), Europe (Digital Operational Resiliency Act), Australia (APRA CPS-230 Operational Risk Management) and Canada (OSFI – Operational Resilience and Operations). It said the agency is considering updates to its operational resilience framework and approach for critical business services and third-party service providers.

With the growing adoption of hybrid cloud and generative AI, data and applications are everywhere: across multiple clouds and vendors (SaaS/Fintech), on-premises, and even at the edge. For this reason, it is more important than ever for businesses to ensure their cybersecurity and resilience strategies integrate across their entire IT assets, regardless of location.

To do this, companies must first prioritize their most critical business services and develop workload and data placement strategies to determine which applications and data should reside in specific environments based on specific security, resiliency, and data sovereignty requirements.

According to the 2024 IBM X-Force Threat Intelligence Index, attackers are increasingly moving from ransomware to malware designed to steal information. IT assets, including partners.

Partnerships are essential for companies to remain competitive and take advantage of new entry points, but they also need to ensure that third parties think the same way they do and regulators about security, resilience, and governance.

Regardless of your industry, it’s clear that trust and security must be at the foundation of where your workloads and data reside. But how can companies keep these priorities top of mind, especially when collaborating with third and fourth parties?

We take an industry-specific approach to accelerate digital transformation.

According to IBM research, hybrid cloud is now the dominant architecture adopted by enterprises, but it is the industrial cloud approach that is critical to a hybrid cloud strategy. Over the past few years, IBM Cloud® has continued to innovate and significantly improve its enterprise cloud platform designed for regulated industries. This purpose-built approach allows our customers to leverage cloud services, SaaS providers, and fintechs to build and deliver world-class solutions for their customers, while also enabling third-party third parties to leverage cloud services, SaaS providers, and fintechs with consistent levels of security, resiliency, and compliance. and manage fourth-party risks. .

Several years ago, we took a strategic step to address the needs of customers in regulated industries with the first industry-specific cloud platform designed to meet the needs of the financial services sector. It includes a set of highest-level operational, resiliency, cybersecurity and regulatory standards with industry-informed, built-in controls. By meeting the rigorous standards for financial services, it can be used seamlessly across other industries, including insurance, government, healthcare, manufacturing, and telecommunications, providing continuous, centralized security and risk management.

To support our customers’ transformation journeys, we continue to partner with leading industry organizations to better address risk and help organizations leverage the cloud with confidence. One of the industry’s leading forums is the IBM Financial Services Cloud Council. The committee currently consists of a network of more than 160 CIOs, CTOs, CISOs, and risk and compliance officers from more than 90 financial institutions, working together to develop secure and compliant adoption. Cloud and Gen AI.

We’re also working with industry-leading organizations like the Cloud Security Alliance to advance hybrid cloud security and Gen AI adoption for enterprises. Ongoing engagement with regulators around the world, private-public sector collaboration through organizations such as the Financial Services Sector Coordinating Council (FSSCC), and engagement with the Financial Stability Board Third Party Risk Group are also important to practical and consistent industry development. -A broad approach to common challenges.

Shared understanding and ownership

As companies continue to balance the complexities of innovation, risk, and resilience, we believe they will work toward a common, risk-based understanding of the core principles that underpin effective operational resilience. While it is important for companies to take ownership of their operations and prioritize their actions and investments based on the impact on themselves, their customers and market stability, this cannot happen in a vacuum.

IBM is committed to helping our customers on this journey. We believe that all of us – businesses, trade bodies, policymakers, regulators and cloud providers – must come together to achieve the same important mission: accelerating the digital experiences that power the world in a secure, resilient and compliant way.

Read to learn more about cloud adoption within financial services.

Read Central Banking and Cloud Services: The New Frontier