Fintech & Insurtech 2019: Open Source in Banking & Interview Acrevis Bank

Open Source in Banking in the “Fintech & Insurtech 2019”

Article by Markus Speth, CMO, VSHN – The DevOps Company and David Kilchenmann, Key Account Manager, Puzzle ITC.

Open Source in the banking world

Open Source has become indispensable in many areas. One of the most important advantages of Open Source software is the gained speed and flexibility, which are essential not only for Fintechs, but also for traditional banks. A strong community is the backbone of successful Open Source projects, which in most cases are now considered to be more future-proof and cost-efficient than paid software or proprietary developments. Many open source projects such as Linux, Git, MySQL, Docker and, most recently, Kubernetes would hardly be conceivable without the Open Source concept.

The example of Kubernetes is very easy to illustrate: Kubernetes is an Open Source platform for automating the deployment, scaling and management of container applications and the de facto standard in cloud orchestration. Kubernetes (“K8s”) has a vast and rapidly growing ecosystem and supports a number of container tools, such as Docker. Kubernetes orchestration is supported by leading cloud platforms such as Amazon AWS, Microsoft Azure, IBM Bluemix and others. That means Kubernetes is a platform with countless expansion possibilities and not a ready-made product off the shelf.

Without the support and cooperation of all these companies and the voluntary cooperation of developers all over the world, such an accomplishment would hardly be possible or even unimaginable.

Why Open Source in Banking & Finance?

But why should a traditional bank opt for Open Source? Doesn’t security fall by the wayside with Open Source? With Open Source I have no guarantees whatsoever and receive no support in an emergency! These or similar statements are often made against Open Source. But in addition to the cost aspects, there are a number of arguments in favour of using Open Source in the banking or insurance environment or other regulated industries.

Without a doubt, one of the most important advantages is speed. The importance of speed and flexibility, the ability to react quickly to market and customer requirements, is not only crucial for Fintech or Insurtech start-ups, but also for traditional banks and insurance companies. In the low-interest environment and in the face of rapidly growing digital competition, traditional companies must constantly reinvent themselves in order not to miss the boat. But what about security?

More eyes – more security

For the following reasons, security in open source projects is usually classified as higher than in proprietary individual software:

  1. a security vulnerability is usually detected more quickly by a community of countless developers.

  2. vulnerabilities are fixed or patched faster because the source code is freely accessible.

In addition, there are many IT companies that test, harden and support various open source technologies and “refine” the software, so to speak. Red Hat does this for example with OpenShift, the Kubernetes distribution with additional features and enterprise support.

Open Source in 2019

Open Source is a market worth billions. This is proven not at least by the takeover of Red Hat by IBM: 34 billion US dollars for a company that specializes in Open Source software. Or the change Microsoft has undergone: in 2001, former CEO Steve Ballmer described Linux as “cancer” and Open Source users as a “gang of communist thieves”. Since then, Microsoft has become more and more open to Open Source and is now one of the largest supporters and contributors to Open Source, which has had a positive impact on both Microsoft’s image and share price.

In summary, it can be said that open source has become an integral part of every industry. The use of Open Source as well as the contributions continue to increase, in particular also within strongly regulated industries or authorities and offices, as can be seen in the example of the Swiss federal government with the “Guideline Open Source Software in the Federal Administration”.

DevOps, Cloud Native and Open Source

A modern IT must react flexibly and quickly to changing requirements without neglecting the security aspect. Software development and operations must work together to be agile and adaptable. DevOps, Cloud Native and Open Source software are the enablers of modern IT.

How the regional bank Acrevis reinvents itself through Open Source

Mona Brühlmann, Head of Digitalization at Acrevis Bank

Thanks to open standards, Acrevis is prepared for the changes in the digital world – because nothing is more secure than change. Mona Brühlmann, Head of Digitization at Acrevis Bank, explains why Acrevis relies on Open Source.

Interview: Marc Landis

In which application areas does Acrevis use Open Source software?

Mona Brühlmann: Acrevis uses Open Source for all customer-oriented digital offers such as onboarding, online mortgage or new customer portal. For the new digitization platform, we rely 100 percent on Open Source. Be it the security layer with Modsecurity and Keycloak, the delivery layer with Gitlab CI and Jenkins, the core of the platform with Red Hat AMQ or the foundation of the solution, the container platform “APPUiO”, based on Red Hat OpenShift. In the future, more and more software will be deployed on the APPUiO platform, including more and more Open Source software.

What were the challenges in building the digitization platform?

Our idea was to start small with the platform and grow with the requirements. Among the challenges were well-known ones such as costs and timelines, coordination with the various suppliers and among the individual suppliers. In addition, short decision paths, adherence to compliance requirements, differentiation from existing IT solutions and internal communication were also important to us. State-of-the-art interfaces were to be provided for the users of the platform to accelerate the connection of new Fintech start-ups to the bank. As a service provider or supplier to a bank, new features must be made available quickly and suppliers must be able to use them independently of other suppliers. The release cycle of several months should be eliminated and new features should be able to be used at any time. For the technical know-how in this area as well as for the implementation and operation, we were searching for a partner who we found with “APPUiO”. The two IT experts from Puzzle ITC and VSHN supported us in various areas, from compliance clarifications to set-up and operation of the container platform.

Why did you choose Open Source?

Operating costs were an important factor, but not the only one. It was especially important to us not to create dependencies on suppliers. Every supplier already uses Open Source components today, but this is often not communicated to the customer. The trend in IT is towards Open Source. In addition, Open Source components in the digitization platform are much more stable and faster than proprietary technologies.

To what extent are there still reservations about Open Source in the banking world today?

Banks are still looking for the supposedly secure way and are often unwilling to find the courage for something new. Compliance and security are often cited as reasons. Another major barrier is the fact that behind many Open Source projects there is a community and not a company that checks and applies security patches or offers appropriate support. However, technology companies such as Red Hat, which provide guarantees for Open Source technologies, are exactly filling this gap. The reservations of the banking world are certainly partly understandable, but if you take a closer look at Open Source, you will very quickly see that Open Source is also the future for banks.

Here you can find the complete article in the Netzmedien special publication Fintech & Insurtech 2019.

VSHN and Open Source

You can find our understanding of Open Source here.