No Need for Basel to ‘Sex Up’ Storage

Ghost-written article for Geoff Love, Business Development, Storage Area Networks, Cisco Systems EMEA.
Published in Storage magazine, UK, August 2003.

Mention ‘storage’ to a non-IT person and you’ll inadvertently conjure up images of a garage, cobweb-ridden attic, or dusty, crate-filled museum basement. Even in business the image isn’t much better – a storeroom on the top floor, filled with little-used filing cabinets. Sadly the image of storage in IT terms hasn’t been that different until developments over recent years with the realisation that data (voice and video) is one of most valuable commodities within the business. Storage now plays a core role in protecting and managing the digital assets of an enterprise to ensure operational productivity. Storage Area Networks, ‘SANs’, in particular have helped to change the image of storage from that of the redundant cyber-filing cabinet into something more flexible, more dynamic, that can positively impact an organisation’s bottom-line. The much talked about Basel II Accord, which builds on original directives from 1998 and, whilst late in the game, brings a political stamp of approval to what many financial organisations were considering or already in the process of implementing anyway.

However, as Samuel Johnson once said, “Change does not come without inconvenience, even from worse to better”, and financial institutions falling under the scope of the Basel Accord now have a lot to think about. There is work to be done in terms of improving reporting mechanisms and public disclosure. Most of all, the introduction of operational risk as a part of the criteria on which organisations are assessed brings a host of new scenarios that not only need to be planned for, but also budgeted for.

Basel Brushes Up Legislation
The impact of the original Basel Committee on Banking Supervision was significant. In general, financial organisations were advised to put aside capital to counter two issues. Firstly, the adverse effects of changes in financial market prices, which included currencies, interest rates and liquidity amongst others. Secondly, under the umbrella of ‘credit risk’, the scenario where the value of a bank’s position is adversely affected by a change in the credit quality of a counter-party i.e. default, or by the bank being downgraded by a credit agency.

The new accord dwarfs the former one in terms of implications for day-to-day business. Senior IT staff will need to take a strategic view of risk management, aligning the business needs of the enterprise with the technologies required to enable adequate reporting, data collation, exceptions monitoring, and compliance reporting. From an IT perspective, the new regulatory environment will require a common risk methodology across the enterprise which, in turn, is based on common definitions and report formats. It includes ‘operational risk’, where a bank must literally brainstorm, anticipate, and allocate budget to contingencies against anything from a simple missed deadline that impacts revenue, to terrorism or an Act of God. The deadline for senior management to do this isn’t until 2006, but much of the IT-related work will need to be commenced before this year is out.
AXA Technology Services, for example, is already reaping the benefits of IP technology. During the summer of 2003 it began deploying Cisco SAN technology as part of a global consolidation of its ‘IT Competency Centres’. To give some sense of scale AXA has the challenge of storing information pertaining to the many insurance products and financial services it provides to over 50 million individuals and businesses around the world, totalling $65 billion in annual sales. Its business depends on the quality and security of this information, which no doubt it considered when choosing to move towards SAN.

Yet despite such complexities, this shift of information strategy has been relatively straightforward for AXA. It established a storage-over-IP infrastructure without incurring much incremental cost, because it already had an IP network in place. The beauty of IP is that in allowing voice, video and data all to run over a single network, the addition of SAN functionality was relatively uncomplicated.

As well as cost this is an important demonstration of how businesses can, in real terms, address the Basel II stipulations that information must be relayed to storage sites located beyond specified distances from organisations’ main sites. Moreover, it is noteworthy that this can be achieved without additional expense to a company’s existing IP or Fibre Channel networks. In fact, different such networks are no longer separate as Fibre Channel over IP (FCIP) can easily link Fibre Channel storage area networks (SAN).

Dealing With Operational Risk
Here storage, SANs and networking in general comes into its own. Delve into the detail of the Basel II Accord and the factors that financial organisations need to consider include failure of key vendors to fulfil contracts, data entry error, model or system mis-operation, hacking, lack of integration, utility or systems outage and, of course, natural catastrophe, vandalism, or terrorism. In short, those organisations already moving from a traditional ‘points of risk’ approach to one covering extended supply chains, viewing IT security in a non-compartmentalised manner, and planning safeguards will be ahead of the game. Little wonder then that almost 40 per cent of UK banks consider enterprise-wide, data warehouse development a high priority, and 20 per cent consider implementing an integrated collateral management system similarly urgent.

One of the likely impacts of Basel II will be a massive increase in data storage. While Basel is an affirmation of what financial organisations should, and have been doing anyway, it is shifting the focus away from hardware-based resilience and simple backup solutions to end-to-end IT architectures that are resilient to data corruption or loss. The nature of this vertical sector means that SANs are ideally suited to multiple enterprise environments, especially those that have multiple locations globally, need to integrate with other organisations, and have business-critical systems, some of which being customer facing. The security and reliability of the network becomes paramount as more business critical information is held electronically.
These are some of the reasons why Euronext.Liffe, the derivatives business of Euronext, used Cisco to network its London and Paris data centres, backing up information to each other – despite being 650 kilometres apart.

SANity Check for CEOs, CFOs and CIOs Alike
Financial organisations responding to Basel or their own objectives to contingency plan may well look outside their organisation for help.

Using focus groups to identify ‘hot’ issues which cause the most headaches for IT managers, Cisco found three main areas of concern: the sheer task of managing large, disparate islands of storage from multiple physical and virtual locations; dealing with the complexity of maintaining scheduled backups for multiple systems or preparing for unscheduled system outages; and the inability to share storage resources for utility. In addition, IT managers complained of a shortage of qualified professionals to manage storage, and went on to admit confusion over the choice of storage technology alternatives. Further pressure is being brought to bear as IT budgets are continually restricted, and the IT department is put under more scrutiny than ever before.

One common concern is that as Basel II comes to fruition, the financial services sector will have less time, little money, and in some cases insufficient expertise to cope in-house. Worse still, in some cases different teams manage networks and storage, which is against the flow of networking evolution. At the same time, IT industry opinion is that direct attached storage is on the way out, and that SANs trump them anyway in terms of lowered cost of ownership, increased return on investment, and the ability to provide CRM, ERP, or even the basic e-mail function.

Spice Up Your Organisation with Basel II
Basel will not create panic in the financial services sector. It is not a reason for stomachs to churn, nor a dictatorial directive coming from ‘bureaucrats in Europe’. In most cases it will enforce banks’ existing or intended risk management strategies, but it is also an opportunity. Following a methodology to ensure compliance with Basel will be surprisingly satisfying. Assessing the current capability of an organisation’s network and identifying the weak points is something that is probably already completed. It might also be advisable to plan for significant increases in data storage requirements, and for a redesign of data warehouse and associated security issues. Again, this is part of best practice that IT managers will probably want to do anyway. Compliance with Basel also allows organisations to standardise their networks onto single integrated IP infrastructures, using SANs to enable them to maximise network and information management.

Given these benefits, perhaps it’s no surprise the market for SAN-attached storage in 2005 is expected to exceed US$22 billion – three million terabytes of data. Total cost of ownership of a SAN is typically less than half that of a traditional direct-attached solution, and backup and recovery applications can be much easier managed in a SAN environment. Then consider the perils of downtime that Basel is designed to help financial organisations avoid. In the specialisation of financial brokerage, unplanned downtime can cost an organisation US$6.5 million per hour, not to mention damage to other important areas such as reputation and brand. Basel will offer financial organisations validity for their risk management process, a chance for in-house IT staff to improve their lot, and a reason for the IT industry to get excited about what used to be one of its least glamorous specialisations.