>> Announcer: From theCUBE studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. >> Hi everybody, this is Dave Vellante, and back in 2013, when it was becoming pretty obvious that the cloud was going to have a major impact on our industry, the IT industry, I wrote at the time that the way incumbents were going to have to compete was to really go into vertical markets and build ecosystems for their own clouds, and that's exactly what IBM did late last year, when it announced a major partnership with Bank of America in the financial services cloud, and guess what, Hillery Hunter is back in the house, she's the vice president and CTO of the IBM cloud, and an IBM fellow, Hillery, great to see you again, thanks for coming back on. >> Thanks so much for having me again, always a pleasure to be here. >> So we had an awesome conversation, I think we got into the FS cloud a little bit, but as I was saying, you guys announced last year, Bank of America, but let me start here. Why does the industry need a financial services cloud? >> Yeah, you know, it's key that we ground ourselves in that question of why a financial services cloud, and I think it really goes back to the sensitivity of the workloads and the data that that industry stewards. The financial services industry stewards the data of millions and millions of customers, and they are heavily regulated because of that, and they handle very high value transactions, and being able to take that context and translate that into what does it mean to do high value transactions, sensitive data, consumer data computing, also with all those benefits of elasticity and the value proposition of different deployment locations, is really what financial cloud is about. And those needs of that industry are a little bit different, the regulations are higher, the bar and data protection is higher, and the need to interlock across workload characteristics and the cloud deployment is a bit different. And so, we are bringing what we know about that industry to bear in the context also of cloud computing. >> Okay, so you're making some new announcements, there's some hard news here, but I want to know, if you're an executive, or business leader in the financial services industry, what's in it for me in these announcements? >> Yeah, what's in it for you is that we are moving into the next phase of financial services cloud in making the policy framework that has been developed through an enormous amount of work available to additional industry participants, and we're also moving into a phase of global expansion, and so being able to take this value proposition of an end to end considered secure and confine environment for financial services, out to more players in the industry, out to additional geographies and deployment locations, it's an exciting moment because everyone's really not looking just for a cloud, but they're looking for a choice of deployment locations, they're looking to move more workload to the cloud, and this is really about providing a cloud solution that more workload can move to, not just the first couple phases of analytics and things like that, but also moving into more transformation of the core of banking and the core of banking business, so it is about getting more workload to the cloud, getting that done faster, and getting it done at a net improved security and compliance posture. >> Got it, so I want to ask you about some learnings, now you're the double whammy of learnings here. When you announced the collaboration with B of A, obviously one of the top banks of the world, you've obviously made some progress since then, but the other part of that whammy was COVID. So what did you learn from the collaboration with B of A, and have you guys, how have you expanded your thinking BC, from before COVID, versus AC, after COVID? >> Yeah, you know, the initial motivation for this program was about having trust and transparency in public cloud, and having a public cloud suited also to sensitive and even core banking workloads. We have seen this conversation and the need for it and the urgency for it only pick up since COVID. A lot of things in the world kind of took a pause, but cloud computing really accelerated. We're seeing that businesses need to digitally transform their banking, so core banking transformation is a very hot topic. They need to deal with elasticity, we worked with banks during COVID that were having to suddenly stand up their national equivalent of the Payroll Protection Program. Banks that had to suddenly have three times the elasticity, because all of a sudden consumers were interacting with them purely digitally. And cloud can enable all of those kind of things, and so COVID has really accelerated the motivation toward banking in the cloud, and also toward core banking transformation, which is at the heart of setting a very high security bar in public cloud, to be able to also enable those kind of workloads. >> Yeah, so many changes as a result of COVID, I mean the volume of loans, like you said, everything was digital. I know a lot of older people that always still like to go into the bank, that like to see people, and they knew people and people knew them, well they had no choice but to go digital, so that's huge, if you didn't have a digital solution, and cloud is fundamental in that equation. But let's get into it a little bit more. We talked a little about this at IBM Think, but what are the key attributes that make the IBM financial services cloud suitable for financial services, is it the certifications, I wonder if you could add some color there. >> Yeah, so the key elements of the financial services cloud program are number one, a policy framework, which is a set of controls that are customized to the financial services industry, so this isn't about some existing standard, this is a customization of controls and security for the financial services industry, and that's a major element of what we're announcing right now. In addition to the policy framework is also the way that the different elements of the industry and of regulatory expertise are coming together, so this cloud, and these public cloud offerings, were co-developed and co-designed with IBM Promontory, with IBM Security Services that work with banks, with our anchor partner, and moving forward, we'll be advised by an advisory council of CSOs who have that day to day experience with security and with regulations. And so that is also a very unique context for not this being just a point in time with a policy framework, but being an ongoing initiative that will stay up to date, as security concerns and as regulatory concerns change. And the third aspect is a really unique set of technologies that make all of that possible, so you have to define how the cloud is going to be secure, and then you have to actually do it, and the unique capabilities that we have in IBM public cloud that have enabled this program include a number of things, but amongst them, the industry's highest standard for data protection, with our FIPS-140-2 Level 4 based key protect service, it includes capabilities that we'll be releasing through our acquisition of Spanugo around cloud security and compliance posture management, mapped back to that context of financial services. And so it's really three things, it's a policy framework custom and optimized for the financial services industry, the forward evolution of that through industry expertise, and participation of multi parties in that, and then core technologies that enable folks to accomplish that security posture through data protection, through cloud security posture management, et cetera. >> I forgot about the Promontory, you guys made that acquisition several years ago, that's a nice little feature of the FS cloud. But I want to ask, how hard is it to get these certifications? I mean it's obviously not a layup. Lot of work, lot of time, my reason of my question, is this a moat for you, as you guys start to scale? How difficult is it? >> Yeah, so we have been putting in the time and effort, and so that's why this is an exciting moment for us with the initial work product of this effort. And so our intention really is not for that to be a moat, but for us having traversed the moat, to now have a bridge there through the methodology that we built, through the control framework that we built, for others to now get across that moat. And so this is really about taking what is an extensive amount of work, and an extensive amount of expertise, IBM Promontory, you just mentioned, but they monitor over 70 regulatory obligations in over 20 jurisdictions globally, right? I mean this is a tremendous depth of expertise, and so having crossed the moat, and having built the bridge across it, this is where we can then help others to save time in this process of adopting public cloud for further workloads. >> You've mentioned workloads, you've talked about core financial workloads, but maybe give us a little insight on what type of workloads are the most suitable for the financial services cloud, because let's face it, most of the hardcore mission-critical workloads haven't moved, actually probably none of 'em have moved to the cloud, you kind of referenced that before. Ginni Rometty talks about that all the time. But what are the right workload strategic fits for your cloud? >> Yeah, you know you mentioned Ginni Rometty, and so I'll take a quick note there from some of the language that you'll hear her use, she talks about, there was chapter one of the cloud journey, and stuff that was on less sensitive data, analytics, some things on public information, were certainly done, also in finance and also in regulated industries in the cloud. And she talks about chapter two, chapter two being mission-critical workloads. And this program really is the definition of chapter two for the financial services industry. It is the enabling expertise, the enabling control set, the enabling security technologies, the enabling cloud services, for that chapter two, right, for that next layer of adoption of things that had been kept behind the firewall, had been kept in a private cloud context, can now be considered also for public cloud. And so easing that adoption, streamlining that process, et cetera, is really what we're looking to accomplish. >> I mean obviously IBM, huge presence in the banking community, is this really for just big banks? What about the ecosystem, what do you got in there for ISVs and SaaS providers? >> Yeah, you know, you asked me a question at the beginning here about COVID and what's happened, and I think, the transformation of ISV providers to become SaaS providers, the expansion of their capabilities being needed in payments and digital client experiences and such, also for regionals and second and third tier banking institutions and such, is as much of what is happening right now as anything else, amongst the first tiers, because there's just as much pressure for transformation and digital consumer experience, and other things like that, also in the regionals and second and third tiers. So part of our announcement is around the ecosystem of partners that we have now for the financial services cloud program. And that includes ISVs and SaaS providers that are servicing many different types of needs of institutions large and small, so we're seeing those that are servicing core banking, and payments, those that are servicing analytics use cases for this industry, and even HR function, just because of that concern about stewarding data well for these industries and those first tier banks, and so that transition to digital, that drive to infuse AI capabilities, the need to transform core banking, is something that's very much also happening within the ISV and SaaS providers, and we're thrilled with the wide variety of partner base that we're seeing develop there within our ecosystem for this program. >> I was talking to a CIO friend of mine several years ago, and he said to me, "You know, this idea of lifting and shifting, "it's fine, you get little cost savings, maybe, "but unless you change your operating model "and you drive an innovation agenda, "you really aren't going to get the type "of telephone number returns from cloud "that you would want or expect." So my question is around innovation, and we've said many times in theCUBE that the new innovation cocktail, it's not Moore's law anymore, it's the combination of data applying machine intelligence and then the cloud, and the reason why the cloud is important is scale, okay, there's maybe a little bit of cost as well, but it's also innovation. It's the ability to attract people into an ecosystem, and that resonates with line of business. If your cloud is just about making IT's life better, well that's nice, but what's in this announcement and in this initiative for the line of business? >> Yeah, it is all about the workloads. I always say that to me the cloud journey is about, number one your platform, which is the thing onto which you modernize. It is what are you going to get out of moving to containers, what are you going to get out of moving to microservices, how does that help all of those cloud metrics that you mentioned? But number two, it's about the workload, right, which workloads are we talking about, how will they deliver, how will those workloads be able to because of cloud deliver not just TCO but improvement in customer experience, how will those workloads be able to meet elasticity, resiliency, cybersecurity concerns, changes in the way the workforce is working these days, et cetera. And from the line of business perspective, there is a tremendous need to consume, for example, fintech-based innovation. But a lot of folks have struggled to move past POCs because of concerns about security and compliance, for those deployment scenarios, and so being able to bring the ISVs and SaaS providers, and then also fintechs into an ecosystem with a prescriptive and proactive security and compliance context is really what we're all about here. And that will enable a flourishing of adoption of innovation. >> You know, I always love to talk about the competition on these episodes. But I want to ask differentiation, how different is this, can I just go to any cloud supplier and get this, will I eventually be able to, what's IBM's differentiation, Hillery? >> Yeah, so you want to think of it that, in financial services, you are concerned, and you have to be concerned about everything. You have to be concerned about things into the details of the cloud itself, you have to be concerned about things that are related to the behavior and the permissions of your developers in that environment. Financial services cloud really has to be an end to end, soup to nuts conversation, and so this is a program of our public cloud, where end to end, we can stand behind and provide trust and resiliency and this policy framework, end to end within an environment that can be trusted for mission-critical workload. And so when we look at differentiation, our investments are in bringing together IBM's expertise all the way going back to regulations and security consulting that we've been doing for decades in this industry, applying that to that cloud context, taking capabilities that are developed all the way down into the transistors, investments we've made even into the silicon around how cryptography is done, bringing that into the cloud context. And so having brought those things together into our public cloud context, that's how we're able to solution this in a different way, because it really is end to end about the expertise, from all of that regulatory advising, that security context, all the way down into the silicon and the transistors, and I think that's a very unique value proposition, as a cloud provider, it's a tremendous opportunity for us to bring together those pieces. And to continue to be a trusted partner to these companies that we have long been a trusted partner of. >> Now of course you guys have a relationship with VMware, you were the first, actually, to announce a VMware cloud relationship. And so let's say, okay, I got some VMware workloads, I move 'em into your FS cloud. Make sure that I've got the security and compliance checked. Six months down the road, so I've done that sort of first step, what's next for me, is that the end, or are there other things on my journey? >> Yeah, so absolutely, I mean VMware is part of what we are solution financial services clients to, but also cloud-native, and OpenShift, containerization, that modernization journey, is an ongoing journey for everyone, and so to your point of what's next, we're seeing a continual conversation of balancing lift and shift and modernization across workloads, and there are different reasons at different points in time, for people to consider that. I think the key is that they trust where they are taking that data, and whatever the form is that the workload goes, it needs to be in the context of that trust around the data in a security context, and so we're absolutely seeing everything, honestly, from financial services institutions looking to engage with us, also in our new research innovation lab, where we're engaging directly with financial services clients that are trying to work through this differentiation, is it virtualization, is it containerization, is it even serverless? What is the right and most effective balance of how workloads are programmed and run for the next generation of banking. >> You know, Hillery, I've been doing a lot of interviews in the last decade, and it's been interesting to see the ascendancy of cloud, of course, but also the change in perception, particularly in financial services, in the early days of cloud, cloud was an evil word. The C that should not be named. And so I want to understand if I'm, and of course COVID has also changed the perception, because if you weren't digital and you didn't have cloud, you couldn't really transact businesses as well, you didn't have that business resiliency. So, what if I'm a financial services person now, okay, I'm through the knothole, I want to get started, where do I start? >> Yeah, well call us first, but past that, I think that the conversations, the first conversations that we're having with our clients are, number one, do you have an architecture? So is cloud not just a place, like I like to say, but is cloud a plan, is there an architectural plan to enable you to have consistency, for example, in your developer experience between your private cloud environment and your public cloud environment? Architecturally are there those foundational choices around common services about being able to deploy capabilities in one location, and develop them in another, et cetera. All those value propositions of what we have been creating around OpenShift and Cloud Paks in our public cloud, and consistency across different environments and such, I think that's the first thing to start with is architecting a cloud, not accidental usage of multiple environments, but architecting use of multiple environments. And then I think the second conversation is to make a security and compliance plan that is going to be robust enough to withstand even the intense scrutiny of a regulated industry CCO and risk team, and so that's the other foundational conversation that we're having with our clients, and helping them with, so we can provide services and reference architectures, and all that other kind of thing, to enable them to stabilize planning on both fronts, both architecturally for what cloud means in its entirety, not just a cloud, but in its entirety, all clouds, multicloud, hybrid cloud, et cetera. And then secondly, then, a comprehensive security plan for that public cloud choice, and that's what we're really locking down with this policy framework, is bringing standardization on that for public cloud. >> Well, lot of innovation for the financial services community, which is again your wheelhouse. I wrote a piece right around Think that IBM's future rests on its innovation agenda, and I'm glad you brought up the notion of private, public, and then the whole hybrid thing, because I see OpenShift as a key, and RedHat as a key enabler of that across whether it's cloud, on-prem, edge, across multiple clouds. That's an ambitious agenda, as somebody who's responsible for cloud. That is something that is real innovation, and really differentiable I think, in the marketplace, and probably pretty expensive to build out across all those different platforms. >> Yeah, it is, but I think on the word innovation, my mind, as an IBMer, goes to the IBM research division. Thousands of researchers globally, and they've very much been a part of this journey with us. The journey with us on containerization, the journey on workload modernization from monolith to microservices, the journey of our public cloud, and now also very much a part of our work in financial services, so our research division is this incredible gift and asset that we have, that is working with us also on our cloud security and compliance posture management, that security and compliance control center that we're talking about in this announcement, et cetera, and so them being a part of this innovation stream for us is a really exciting part, again, of bringing together all these different pieces that IBM has to offer in this space to make it all stack up, to be a cloud for financial services. >> I got a couple of little housekeeping items before we close here. This is announced for the US first, right? What about other regions, first of all, is that correct, and what about other regions? >> That's correct, and we are also announcing additional participation of global banking partners as well in this announcement. And so this is also again our initial public statement of our expansion past the US. >> Last question, so just give us a glimpse of the future, where do you want to be in a few years, thinking about let's say three years down the road, what's that outcome look like? >> Yeah, you know I think that three years from now, we would love to see that people are able to make a decision, going back to your question about the line of business owners, make a decision about what they're trying to accomplish with a workload, and not be held back by security and compliance concerns in terms of putting that workload where it needs to be, where it will be most efficient, and where it can be embraced by a set of cloud capabilities that enable it to move in a competitive pace forward, infusing AI into everything that is done. Leveraging the latest in technologies, and serverless computing and all these other kind of things that can facilitate a line of business delivering more value so that cloud really continues, but also realizes its promises in that chapter two version of the story, also for regulated industries and also for their mission-critical workloads. >> Well Hillery, good luck with this, I mean congratulations on the progress that you've made, really since you guys announced this late last year, and really excited to see this start to take off, and you're a great guest, love having you on, thank you so much. >> Thanks so much for having me, pleasure talking to you as always. >> All right, cheers. And thank you everybody for watching, this is Dave Vellante for theCUBE, and we'll see you next time. (calm music)