General

Fintech & Insurtech 2019: Open Source in Banking & Interview Acrevis Bank

11. Nov 2019

Am Beispiel von Kubernetes ist das ganz leicht zu veranschaulichen: Kubernetes ist eine Open-Source-Plattform zur Automatisierung der Bereitstellung, Skalierung und Verwaltung von Container-Applikationen und der De-facto-Standard in der Cloud-Orchestrierung. Kubernetes (“K8s”) hat ein riesiges und schnell wachsendes Ökosystem und unterstützt eine Reihe von Container-Tools, wie etwa Docker. Die Orchestrierung mittels Kubernetes wird von führenden Cloud-Plattformen wie Amazon AWS, Microsoft Azure, IBM Bluemix und anderen unterstützt. Kubernetes ist also eine Plattform mit unzähligen Erweiterungsmöglichkeiten und kein fertiges Produkt ab der Stange.

Ohne die Unterstützung und Kooperation all dieser Unternehmen und der freiwilligen Zusammenarbeit von Entwicklern auf der ganzen Welt wäre diese Leistung kaum möglich oder gar nicht erst vorstellbar.

Warum Open Source im Banking & Finance-Umfeld?

Warum aber sollte sich eine traditionelle Bank für Open Source entscheiden? Bleibt mit Open Source nicht die Sicherheit auf der Strecke? Mit Open Source habe ich ja keinerlei Garantien und erhalte im Notfall keinen Support! So oder ähnlich lauten oft die Aussagen, die gegen Open Source ins Feld geführt werden. Aber neben den Kostenaspekten gibt es eine Vielzahl von Argumenten, die für den Einsatz von Open Source auch im Banking- oder Insurance-Umfeld oder anderen regulierten Branchen sprechen.

Einer der wichtigsten Vorteile ist ohne Zweifel die Geschwindigkeit. Die Wichtigkeit der Geschwindigkeit und Flexibilität, der Möglichkeit des schnellen Reagierens auf Markt- und Kundenanforderungen, ist nicht nur für Fintech- oder Insurtech-Start-ups entscheidend, sondern insbesondere auch für traditionelle Banken und Versicherungen. Im Niedrigzinsumfeld und angesichts der stark wachsenden digitalen Konkurrenz müssen sich Traditionshäuser laufend neu erfinden, um den Anschluss nicht zu verpassen. Aber was ist mit der Sicherheit?

Mehr Augen – mehr Sicherheit

Aus den folgenden Gesichtspunkten wird die Security in Open-Source-Projekten gewöhnlich als höher eingestuft, als in proprietärer Individualsoftware:

  1. Eine Sicherheitslücke wird von einer Community mit unzähligen Entwicklern in der Regel schneller erkannt.
  2. Sicherheitslücken werden schneller behoben beziehungsweise gepatched, da der Quellcode frei zugänglich ist.

Zudem gibt es viele IT-Unternehmen, die das Testen, Hardening und Supporten verschiedener Open-Source-Technologien übernehmen und die Software sozusagen “veredeln”. Red Hat macht dies beispielsweise mit Openshift, der Kubernetes-Distribution mit zusätzlichen Features und Support für Unternehmen.

Open Source im Jahr 2019

Open Source ist ein milliardenschwerer Markt. Das beweist nicht zuletzt die Übernahme von Red Hat durch IBM: 34 Milliarden US-Dollar für ein Unternehmen, dass sich auf Open-Source-Software spezialisiert hat. Oder der Wandel, den Microsoft durchlebt hat: 2001 hatte der damalige CEO Steve Ballmer Linux noch als “Krebs” bezeichnet und Open-Source-Nutzer als “Bande kommunistischer Diebe”. Seither hat sich Microsoft mehr und mehr gegenüber Open Source geöffnet und gehört heute zu den grössten Unterstützern von Open Source, was sich sowohl positiv auf das Image wie auch auf den Aktienkurs von Microsoft ausgewirkt hat.

Zusammenfassend kann man durchaus behaupten, dass Open Source aus keiner Industrie oder Branche mehr wegzudenken ist. Die Nutzung von Open Source wie auch die Contributions nehmen immer weiter zu, insbesondere auch innerhalb stark regulierter Branchen oder Behörden und Ämtern, wie am Beispiel des Bundes mit dem “Leitfaden Open-Source-Software in der Bundesverwaltung” zu sehen ist.

DevOps, Cloud Native und Open Source

Eine moderne IT muss flexibel und schnell auf sich ändernde Anforderungen reagieren, ohne dabei den Sicherheitsaspekt zu vernachlässigen. Softwareentwicklung und Betrieb müssen zusammenarbeiten, um agil und anpassungsfähig zu sein. Dev­Ops, Cloud Native und Open-Source-Software sind die Enabler einer modernen IT.

Wie sich die Regionalbank Acrevis durch Open Source neu erfindet

Mona Brühlmann, Leiterin Digitalisierung bei der Acrevis Bank

Article by Markus Speth, CMO, VSHN – The DevOps Company and David Kilchenmann, Key Account Manager, Puzzle ITC.  

Open Source in the banking world

Open Source has become indispensable in many areas. One of the most important advantages of Open Source software is the gained speed and flexibility, which are essential not only for Fintechs, but also for traditional banks. A strong community is the backbone of successful Open Source projects, which in most cases are now considered to be more future-proof and cost-efficient than paid software or proprietary developments. Many open source projects such as Linux, Git, MySQL, Docker and, most recently, Kubernetes would hardly be conceivable without the Open Source concept.

The example of Kubernetes is very easy to illustrate: Kubernetes is an Open Source platform for automating the deployment, scaling and management of container applications and the de facto standard in cloud orchestration. Kubernetes (“K8s”) has a vast and rapidly growing ecosystem and supports a number of container tools, such as Docker. Kubernetes orchestration is supported by leading cloud platforms such as Amazon AWS, Microsoft Azure, IBM Bluemix and others. That means Kubernetes is a platform with countless expansion possibilities and not a ready-made product off the shelf. Without the support and cooperation of all these companies and the voluntary cooperation of developers all over the world, such an accomplishment would hardly be possible or even unimaginable.

Why Open Source in Banking & Finance?

But why should a traditional bank opt for Open Source? Doesn’t security fall by the wayside with Open Source? With Open Source I have no guarantees whatsoever and receive no support in an emergency! These or similar statements are often made against Open Source. But in addition to the cost aspects, there are a number of arguments in favour of using Open Source in the banking or insurance environment or other regulated industries.
Without a doubt, one of the most important advantages is speed. The importance of speed and flexibility, the ability to react quickly to market and customer requirements, is not only crucial for Fintech or Insurtech start-ups, but also for traditional banks and insurance companies. In the low-interest environment and in the face of rapidly growing digital competition, traditional companies must constantly reinvent themselves in order not to miss the boat. But what about security?

More eyes – more security

For the following reasons, security in open source projects is usually classified as higher than in proprietary individual software:

  1. a security vulnerability is usually detected more quickly by a community of countless developers.
  2. vulnerabilities are fixed or patched faster because the source code is freely accessible.

In addition, there are many IT companies that test, harden and support various open source technologies and “refine” the software, so to speak. Red Hat does this for example with OpenShift, the Kubernetes distribution with additional features and enterprise support.

Open Source in 2019

Open Source is a market worth billions. This is proven not at least by the takeover of Red Hat by IBM: 34 billion US dollars for a company that specializes in Open Source software. Or the change Microsoft has undergone: in 2001, former CEO Steve Ballmer described Linux as “cancer” and Open Source users as a “gang of communist thieves”. Since then, Microsoft has become more and more open to Open Source and is now one of the largest supporters and contributors to Open Source, which has had a positive impact on both Microsoft’s image and share price.

In summary, it can be said that open source has become an integral part of every industry. The use of Open Source as well as the contributions continue to increase, in particular also within strongly regulated industries or authorities and offices, as can be seen in the example of the Swiss federal government with the “Guideline Open Source Software in the Federal Administration”.

DevOps, Cloud Native and Open Source

A modern IT must react flexibly and quickly to changing requirements without neglecting the security aspect. Software development and operations must work together to be agile and adaptable. DevOps, Cloud Native and Open Source software are the enablers of modern IT.

How the regional bank Acrevis reinvents itself through Open Source

Mona Brühlmann, Head of Digitalization at Acrevis Bank

 
 
Thanks to open standards, Acrevis is prepared for the changes in the digital world – because nothing is more secure than change. Mona Brühlmann, Head of Digitization at Acrevis Bank, explains why Acrevis relies on Open Source.
Interview: Marc Landis
In which application areas does Acrevis use Open Source software?
Mona Brühlmann: Acrevis uses Open Source for all customer-oriented digital offers such as onboarding, online mortgage or new customer portal. For the new digitization platform, we rely 100 percent on Open Source. Be it the security layer with Modsecurity and Keycloak, the delivery layer with Gitlab CI and Jenkins, the core of the platform with Red Hat AMQ or the foundation of the solution, the container platform “APPUiO”, based on Red Hat OpenShift. In the future, more and more software will be deployed on the APPUiO platform, including more and more Open Source software.

What were the challenges in building the digitization platform?

Our idea was to start small with the platform and grow with the requirements. Among the challenges were well-known ones such as costs and timelines, coordination with the various suppliers and among the individual suppliers. In addition, short decision paths, adherence to compliance requirements, differentiation from existing IT solutions and internal communication were also important to us. State-of-the-art interfaces were to be provided for the users of the platform to accelerate the connection of new Fintech start-ups to the bank. As a service provider or supplier to a bank, new features must be made available quickly and suppliers must be able to use them independently of other suppliers. The release cycle of several months should be eliminated and new features should be able to be used at any time. For the technical know-how in this area as well as for the implementation and operation, we were searching for a partner who we found with “APPUiO”. The two IT experts from Puzzle ITC and VSHN supported us in various areas, from compliance clarifications to set-up and operation of the container platform.

Why did you choose Open Source?

Operating costs were an important factor, but not the only one. It was especially important to us not to create dependencies on suppliers. Every supplier already uses Open Source components today, but this is often not communicated to the customer. The trend in IT is towards Open Source. In addition, Open Source components in the digitization platform are much more stable and faster than proprietary technologies.

To what extent are there still reservations about Open Source in the banking world today?

Banks are still looking for the supposedly secure way and are often unwilling to find the courage for something new. Compliance and security are often cited as reasons. Another major barrier is the fact that behind many Open Source projects there is a community and not a company that checks and applies security patches or offers appropriate support. However, technology companies such as Red Hat, which provide guarantees for Open Source technologies, are exactly filling this gap. The reservations of the banking world are certainly partly understandable, but if you take a closer look at Open Source, you will very quickly see that Open Source is also the future for banks.

Here you can find the complete article in the Netzmedien special publication Fintech & Insurtech 2019.

VSHN and Open Source

You can find our understanding of Open Source here.

Markus Speth

Markus is VSHN's CEO and one of the General Managers.

Contact us

Our team of experts is available for you. In case of emergency also 24/7.

Contact us