When it comes to data storage and retrieval, banks are faced with a bigger challenge than simply keeping increasing amounts of storage for compliance reasons. Tony Reid, director of solutions marketing for Hitachi Data Systems EMEA, talks to Paul McNamara about some of the key issue.
At the end of the day it's all about costs and margins and making sure that the bank does the right thing for the right price. When it comes to technology, this means calculating the value of each bit of data stored and paying the correct price. And that isn't easy as the volume of data that banks need to keep increases. No longer is this an issue simply for the IT guys - it is of primary concern also to CEOs and CFOs. Hitachi Data Systems (HDS) is one of the companies that sells both hardware and software and build solutions around them.
Do you have a division that focuses strictly on servicing banks?
We are not vertically focused like that - but certainly over 50% of our business over the time I have worked for the company has been from the banking sector. The majority of large banks across Europe use equipment of ours and so we have a pretty good idea of where they are headed with their business. Clearly different industry sectors have different concerns and these manifest themselves in different themes that emerge when we talk to them.
What are some of the themes that banks are worried about?
Compliance and the issues surrounding compliance on their IT infrastructure is one of those. Three or four years ago banks were worried about the volume of data that they were generating, where the data was stored, and how they manage it. And HDS, along with many of our competitors, built huge shared storage resources that could be farmed out to the different business units within the bank in order that they could consolidate those resources and make it more secure and reduce the cost of storing an managing that data.
Is this no longer the number one priority?
It depends how far down the road the bank has gone in consolidation - but it is still pretty high up there in the list of things they are worried about. What is changing it is the realisation that the kind of data that is being generated now falls into two different categories. There is the very structured data that banks generate as part of their banking databases. And then there is the unstructured data that comes out of things like email systems, and back office systems, word documents, PDFs, scanned images for account payable and all that kind of thing, which is now starting to grow in volume at a faster rate than the more structured stuff and probably requires a different method of storing and managing.
In the sense that the retrieval is by its nature more ad hoc?
Yes. It can be more difficult to identify the document, they are not indexed in as structured a manner. Because of the volumes of the data often the cost of the storage infrastructure needs to be limited and the requirement of the way that this data has to be stored might be different from the traditional data. So for example, some of those records may need to be kept for a number of years if they relate to certain transactions. The data is unlikely ever to be looked at - but it needs to be securely stored in a place where we can be sure that the data can't be changed.
Now the customer doesn't want to spend a fortune on a large-scale storage environment for that kind of data but they do need to be satisfied that it will meet the requirements of whatever regulator is specifying those rules.
Do you sell them a big black box and leave them to it - or do you manage it for them?
We can do both. In some countries now we are seeing a demand for more of a managed services type of implementation. So we could even buy back the customer's existing assets and then re-supply them back to the customer on a service level basis. So we would define a number of service levels that matches the particular application or data requirement and then sell those back to the customer at a certain rate per month so they only end up paying for what they use.
You mentioned before that banks have certain themes they come to you with. What are some of the others?
Disaster recovery and business continuity - and we should probably separate those two things.
Disaster recovery was a theme that emerged around 10 years ago across most of the European banks. In some countries it was treated more seriously than others. I think most countries have come up to a similar sort of level now. At the same time that was happening, the technology that allowed relatively easy replication of data from one location to another location over some distance was emerging. One of the themes was to use technology to replicate data out of region in the case of some disaster like terrorism or natural disaster.
That disaster recovery theme has continued and is still important in just about every banking organization. The theme has bent a little towards business continuity.
Whereas disaster recovery focuses on the site that houses the data and what happens if it somehow 'goes away', business continuity is more focused towards the application itself and how can we make the application that is generating revenue for the bank or supplying service to the customer - how can we make that application available 100% of the time and what technology do we need to implement underneath that to make it happen.
Both of these themes are evolving all over again as compliance comes into this. From the storage perspective there's probably two key areas that compliance exposes for us. One is record retention - therefore large scale data and where we place those records and so on, much as we have spoken about already. The other area is risk. Just about all of the regulations have some description of how operational risks within banks should be identified and reduced or mitigated. One of the issues around this is how you quantify the risk? How do you put a value against it? If you can't put a number on it then it is difficult to build a business case to remove the risk. And that is fundamentally what business continuity is about. Trying to asses the risk that an application is exposed to - put a value against it so that we can determine which risk should be addressed first and how much money it is appropriate to spend on trying to remove it.
So in essence having a core system that is solid and reliable and properly backed up is a key part of managing risk in itself?
Absolutely. And an awful lot of organizations either have that in place or are moving along in that direction. But that doesn't remove the risk of re-evaluating the risk and that is part of the ongoing process of remaining compliant.
What other themes come up when speaking to banks?
Well there's a buzz around the industry at the moment about email for all the reasons we've discussed already. It's unstructured data. It's generating huge amounts of data. Often email is involved in commercial transactions and therefore may be exposed to some of the regulations we have already spoken about. And it dramatically affects end-user productivity. For instance if I need to send a report or an invoice via email and I can't because the email system is too clogged, then that could cost the organization money.
Are banks in this region as conversant with what is required as banks elsewhere?
I haven't noticed any real difference. The banks I have had a chance to speak to understand the issues pretty well. Or rather they understand the issue they are concerned about as well as other countries. I do find that in banks everywhere - including North America - there is an element of hiding from some of the regulatory issues. So for instance banks are pretty well versed in understanding credit risk. They have tended to build departments and systems that help them analyse the credit risk that they are exposed to if the want to be compliant with Basel II. If they want to take best advantage from Basle II they will probably need to extend their credit risk system significantly, and there are IT challenges underneath that.
Bu the operational risk side of things is still a bit alien to them and there is an element of heads being buried in sand. And that is why we talk to people about quantifying risk so that we can raise this issue to the forefront.
What do you see as being the next development for banks in this area?
There is a new buzz in the marketplace around the concept of life cycle management, and that comes out of the growth in the area of unstructured data and making sure that this data is stored in the right place using the right cost structure so that it is still available when it is needed. And that is difficult to do at the moment. The industry does not have the technology available to do all of the things that we would like to be able to do although there are a lot of development efforts in that area. How do we identify the value of a piece of data? Once we have identified the value of the data we can make sure that it is stored in the most appropriate way available. So when we store that data in the most cost effective way - we will reduce IT costs.
The other 'what next' is that IT is starting to pay more attention to the 'real' end user - not just the business manager - but the admin. clerk who has to move the data from one place to another. And there is great value to be had there too.
© Banker Middle East 2004
