Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
FINANCIAL SERVICES
CONTENTS
Introduction Mission-Critical Policy Issues Business Case Brocade Deployment Scenarios Brocade Financial Services Solution Set Next Steps Page 3 Page 4 Page 8 Page 9 Page 11 Page 11
INTRODUCTION
The mission-critical, data-intensive regulatory burden for financial services is increasing dramatically, faster than growth in the overall data universe. By enabling financial services to proactively cut the cost and risk of efficiently responding to the regulatory flood, Brocade makes a significant contribution to regulatory risk management efficiency, reputation and operating cost reduction.
This trend is stimulating demand for more financial service sector applications to deliver real time risk assessments, reporting and audit trails, particularly as the industry extends the number of risk policies to be managed. Simultaneously, regulators are demanding more immediate data so the financial institutions reputation is continuously at stake. It is no longer possible for the data centre to simply react. Then of course the institution must deal with the business-as-usual data driven requirements for lower operating cost, improving customer relationship, increasing online trading, 24x7 continuity and preparing for yet more mergers or acquisitions due to market, competitive or regulatory changes.
External Auditor General Counsel Chief Risk Officer Compliance Officer Head of Internal Audit Chief Operating Officer Chief Information Officer Network Management Executive
30% GRC Data Data Volume Growth Governance, Risk and Compliance (GRC) Data
A lack of real time reporting across markets has been detrimental to surveillance related to illegal activities.
Source: SEC 17CFR Part 242: Consolidated Audit Trail
The Dodd Frank Act in the USA has motivated the Securities and Exchange Commission (SEC) to highlight the increasingly close relationship between efficient risk management and the regulators requirements for vetting by using real time electronic audit trails. There is a similar trend with European regulators which is further complicated from a data centre perspective, by business performance issues such the growth in high frequency or automated trading globally around the clock.
The growth in these new regulator assessment and reporting requirements is fuelling demand for more sophisticated business intelligence so that risk and compliance policy owners are more able to draw insight from applications and data sources to support decision making and deliver more robust data governance. As the new regulatory environment is not yet fully operational in many European countries, a financial service data centre will have to move into a GRC-ready mode that is flexible, secure, available and scalable. GRC-reactive is not an option.
Brocade GRC-Ready means for network, server platforms, virtualisation and storage, that the rigid physical connections between applications and data are being replaced with more flexible Brocade virtual relationships and shared resource pools. Enhanced data mobility, protection, and security are now essential to preserving data governance, data integrity and fulfilling regulatory requirements. The successful and sustained management of GRC policy risks will influence the financial institutions share price, customer loyalty, competitive advantage and cashflow, with further potential to influence reputational risk as was clearly demonstrated during the recent financial crisis. Similarly, today a regulators onsite assessment will set the risk level for a financial organisation and so determine the frequency of future reviews which are a major drain on management and resources.
An estimate of the cost for the new EU AIFM Directive suggests between 1.3-1.9bn in regulated firm compliance costs for the first year and up to 985m every year thereafter, with IT infrastructure costs a significant component.
Best practice risk management policy based upon standard frameworks is subject to continuous improvement through monitoring, assessment, reporting and enhancement which usually means more capacity and responsiveness is required by the data centre.
For financial firms covered by this new EU ruling, this is an immediate opportunity for the data centre to become GRC-Ready rather than just react to this individual demand, which would become progressively more costly and make the future uncertain from a risk and reporting perspective as new requirements or further regulatory enhancements are approved. A key aspect of the Brocade VCS technology is to enable financial organisations such as hedge funds or private equity firms moving into more widespread GRC policy execution, to execute Information Lifecycle Management in a GRC-Ready framework as the means to continuously monitor, assess, report and improve governance.
Integrated Risk Policy Management Content Processes Infrastructure Network Integrated Data Centre Solution GRC Policy Lifecycle Practice, Procedure and Reporting IT Processes and Controls
The regulators recognise that the data centre will play a significant role, showing how dependent risk policy has become upon immediate electronic data availability. For example, part of the EU MiFID2 enhancement includes the requirement for electronic trading systems to introduce a new concept of organised trading facility and regulation of crossing systems. Similarly Basel III capital adequacy rules are stress tested on the raised limits, for example, on a Tier #1 capital threshold at 7%, which requires the data centre to provide information that will allow continuous monitoring of changing conditions or execute what-if scenarios in addition to managing day-to-day operations. In addition to data availability for risk management, Basel III and EU MiFID2 have storage requirements for risk legacy data for up to five years, so integrating the Brocade SAN with Brocade VCS technology supports the mandatory archive demand.
EU Solvency II Progresses
EU regulators are now requiring insurers to demonstrate ahead of the 2012 deadline that the EU Solvency II Directive for enhanced risk management and capital adequacy is being implemented using the Internal Model Approval Process (IMAP) outcomes. However, for most insurers this has been a difficult process as the broader aspects of risk management under Solvency II were not formalised as policies or the integration of policy with data centre information access has been complex revealing underlying issues with data quality or availability. The experience for insurers is similar to that of hedge funds and private equity firms with the EU AIFM regulation which has demanded a significant step forward for risk policy with immediate access to the relevant control and reporting data. As with Basel III, there is stress testing for capital adequacy and, simultaneously, the insurance industry is completing productivity improvements using, for example, Electronic Claim Files (ECF) as the means to significantly improve efficiency and reduce risk over paper-based systems. Clearly, the combined impact of Solvency II with claims process productivity will mean a new strategy for the data centre to get ahead rather than be reactive, which will be costly and raise risk.
Anti-corruption policy implementation is said to be the largest single work item for financial corporate General Counsel and legal departments in 2011.
The challenge is to establish an anti-corruption policy and robust monitoring system which will draw more detailed data from financial corporate processes that have not previously had this degree of attention starting with new bribery risk indicators in conjunction with a monitoring and reporting system. This is further evidence of the dramatic growth in GRC-related data being generated in support of the new policy wave. Figure 3. Data Centre Power Consumption
Power Boards
Electricity Supply
BUSINESS CASE
Taking the combination of regulatory demands in financial services together it becomes clear that the data centre strategy for maintaining a sustainable cost effective response needs review. A core competence of Brocade VCS technology is the efficient operation of mission-critical, data-intensive business processes where the business case is based upon Brocade enabling data centre management to become ready for new GRC policy challenges, within a constantly changing virtualised environment, by being adaptive rather than simply reactive to each demand.
A Brocade VCS technology GRC-Ready environment has an integrated approach that will deliver benefits in risk management responsiveness and lower operating cost. Integration and consolidation are key elements within a GRC policy: it has been suggested that data centres addressing individual regulatory demands will spend upto 10 times more on the IT solution than those that take a more integrated approach.
Brocade VCS Technology: An Integrated, Consolidated and Virtualised GRC-Ready Data Centre
Risk Management Data Security Complex to manage and unreliable Data Centre Backbone continuous data protection and data encryption Tiered storage for information lifecycle management and business policy alignment Fewer elements reduces continuity risk; virtualisation for higher resiliency Flexible virtual server and storage relationships with shared resource pools Prioritisation for Quality of Service delivery using adaptive networking Virtual machine mobility to optimise resources and respond to change
Data Governance
Business Continuity
High risk
Prioritised Response
Rigid physical connections for server platforms and storage Time consuming
Inflexible
Operating Cost Asset Leverage Restricted Maximised inter-operation between new and existing data centre assets Consolidated using blade server and storage virtualisation plus optimised performance and availability of upper layer business applications and related data. Disproportionate to footprint; virtualised server and storage raises efficiency and capacity yet reduces footprint Fully optimised data centre space Fully enabled server, storage virtualisation reduces power
Consolidation
Storage Capacity
WAN
Aggregation
Core
Access
LAG
VCS Technology
Servers
1 Gbps Servers
10 Gbps Servers
Brocade VCS Technology Deployment Scenario 2 10 Gbps Top-of-Rack Access For Blade Servers Ready For VCS Technology
This deployment scenario is similar to Scenario 1 but for blade servers, where the blade modules can be set switch or pass through. This deployment within a blade server environment provides low-cost, first stage aggregation for high density blade servers without stress on existing aggregation while reducing cabling out of rack. This blade server deployment scenario provides high-density access with flexible subscription ratios supporting up to 4 blade servers per rack with 2:1 subscription.
WAN
Aggregation
Core
Access
LAG
VCS Technology
2-switch VCS Technology at ToR
Servers
Brocade VCS Technology Deployment Scenario 3 1/10 Gbps Access: Collapsed Network
As the Ethernet fabrics scale, the networks can flatten, since fabrics are self-aggregating. In this deployment scenario, VCS technology is used in the Data Centre LAN and separate fibre channel connections are made to the SAN. The collapsed network approach provides a flatter, logical, more simplified two-tier network design with Ethernet fabrics at the edge. This deployment will offer greater layer 2 scalability/flexibility and an increased sphere of virtual machine mobility leading to seamless network expansion as the requirements grow. In this optimised multi-path network, Spanning Tree Protocol (STP) is not needed, as all paths are active which results in an architecture with no single point of failure.
WAN
MLX with MCT or other core
Core
LAG
Edge
SAN
Servers
10 Gbps Servers
Brocade VCS Technology Deployment Scenario 4 1/10 Gbps Access; Collapsed Network (Clos Fabric)
This final deployment scenario shows two ways the fabric can be configured using a Clos Fabric architecture. In this design, there are switches used to create the fabric that will not have edge ports, but the fabric is still managed as one logical chassis, flattening the network and resulting in a simplified design and maximum performance/availability. By scaling out the VCS technology edge fabric a flat, self aggregating network will result that, through the Clos Fabric Topology, allows for flexible subscription ratios. Each VDXTM product managed as a single logical chassis leads to a drastic reduction in management whilst at the same time, Data Centre Bridging (DCB) and equal cost path capabilities for multi-hop Fibre Channel Over Ethernet (FCoE) and enhanced Internet Small Computer System Interface (iSCSI) will enable a smoother path to network convergence.
12 ports 48 ports
per switch
vLAG
12 ports 36 ports
per switch
10
The previous generation classic Ethernet data centre model of static IT processes and slow incremental growth has been displaced by a new GRC-Ready Brocade VCS technology strategy that demands rapid response to changing needs and the ability to quickly accommodate growth of new applications and data. Figure 8. Brocade VCS Technology
To simplify administration, these advanced services can be automated via policy-based rules aligned with upper-layer application requirements. Through the Brocade One TM strategy, the rest of the Brocade portfolio integrates with existing Brocade fabrics and extends their value by providing:
Consolidation
Secure Computing Unmatched Simplicity Investment Protection Non-Stop Networking Application Optimisation
For server platforms and storage, rigid physical connections between applications and data are being replaced with more flexible virtual relationships and shared resource pools. Enhanced data mobility, protection, and security are now key to preserving data integrity and fulfilling regulatory requirements. By combining enhanced connectivity with advanced storage and application-aware services, the Brocade VCS technology is centrally positioned to coordinate new capabilities in both server and storage platforms and thus to maximise data centre productivity.
Advanced application services on Brocade VCS technology will help ensure that applications and data receive the highest level of resiliency, security and data protection.
Storage
Server
Policy-based Automation
Source: Brocade Optimised Data Centre Consolidation with Server Virtualisation and Brocade VCS Technology To minimise disruption as part of GRC policy and cost, the Brocade VCS technology is designed to operate with existing storage and network fabric assets, while providing enhanced services where needed.
NEXT STEPS
Brocade Financial Services Expert Briefing
Brocade subject matter expertise is available as a free briefing directly, or in conjunction with an approved consulting and systems integration firm, to enable risk, compliance, audit and IT executives in financial services to align business and governance policy objectives to a more dynamic, secure and available data centre.
11
2011 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, BigIron, DCFM, DCX, Fabric OS, FastIron, IronView, NetIron, SAN Health, ServerIron, TurboIron, and Wingspan are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, Extraordinary Networks, MyBrocade, VCX and VDX are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government. Brocade Communications Systems Inc does not have the skills to create risk management and compliance policy and therefore will not take any responsibility for making an organisation compliant or risk averse. This is the responsibility of the organisations risk, compliance officers and board of directors working with expert advisers.