Build foundations of operational resilience in financial services

In response to increasing demand and changing market conditions, financial services organizations are rapidly expanding their operations to digital platforms. This growth is markedly accelerated by the adoption of artificial intelligence (AI), and a significant reliance on 3rd-party platforms and services such as public clouds. In fact, 84% of financial firms are already using some form of public cloud, including hybrid and multicloud strategies.¹

As a result, firms’ critical operations and regulated data are now being hosted on 3rd-party vendors more than ever before. This shift often leads to increased reliance on a select few cloud service providers, amplifying the risks throughout the financial services value chain. Notably, firms relying on a single vendor increased from 35% in 2020 to 43% in 2023.²

Accordingly, digital operational resilience has become a greater concern, and regulatory agencies are responding to these challenges with new, stringent requirements aimed at making sure financial institutions can withstand and recover from disruptions. The European Union’s Digital Operational Resilience Act (DORA) and the U.K.’s Prudential Regulation Authority Policy Statement 6/21 (PRA PS6/21) and Financial Conduct Authority Policy Statement 21/3 (FCA PS21/3), set to be fully implemented in 2025,  are leading examples of this regulatory focus, pushing firms to adopt more holistic approaches to managing these risks. North American regulators, including the U.S. Security Exchange Commission (SEC), the U.S. Office of Comptroller of the Currency (OCC), and the Canadian Office of the Superintendent of Financial Institutions (OSFI), are also signaling forthcoming guidance that may further shape operational resilience requirements.³

Even so, existing approaches to operational resilience often fall short of what is needed to mitigate operational failures and disruption and comply with these growing regulations. Disruptions to services have become more frequent, with 60% of financial firms experiencing at least 1 major incident in the past year,³ underscoring the regulatory urgency. These 2 factors are pushing financial services organizations to consider new strategies for addressing operational resilience in a digital, cloud-based world.

The term operational resilience is typically used to refer to an organization’s ability to recover from incidents and events. For example, if the servers running a core application fail, your organization may invoke emergency procedures to recover lost data and restart the application on different servers. 

At Red Hat, we view operational resilience as more than just the ability to bounce back from disruptions. We believe that to be truly resilient, your whole organization must be adaptable, integrating change into normal operations as a process, rather than simply responding to events in a reactive manner. This approach aligns with current industry trends, where the focus is shifting towards proactive risk management to mitigate risks before they escalate. 

This means implementing organizational structures, operational processes, and IT that is flexible, agile, and ready for change at any moment. In addition to minimizing the impact of incidents and failures, this approach allows organizations to capitalize on new opportunities, meet evolving regulatory demands promptly and efficiently, and build long-term trust with customers and stakeholders. 

This overview discusses key considerations for building a technology foundation to support operational resilience across your organization.

While operational resilience encompasses more than just technology—organizational culture and processes are also critical—your technology stack serves as a foundation for your staff and operations. 

An effective technology foundation can help you: 

• More readily articulate your resilience to regulators and shareholders.
• Comply with existing and new regulations.
• Improve business and IT agility to remain competitive.
• Attract the next generation of technologists and customers. 

When designing your technology foundation, focus on capabilities that will support operational resilience, business continuity, and rapid adaptation of services and vendors. You should base your strategy of diversification on an open hybrid cloud and design with the core principles that disruption will happen and failures will occur.

Given the growing complexity and interdependencies in the financial services ecosystem—including increasing use of AI and reliance on a few major 3rd-party providers—the long-term success of your operational resilience and technology strategy relies on collaboration and acceptance across your organization. 

You should also be sure that all applicable teams—including application development, data privacy, security, compliance, infrastructure, and operations teams—are involved in both creating your strategy and building your technology foundation. Making sure that business leaders support the transformation is important to embedding resilience throughout the organization, and each team has unique needs that should be addressed from cultural, procedural, and technical perspectives.

The following sections detail areas of consideration for planning your strategy and foundation. 

Application portability 

A key statute of operational resilience is portability: you must be able to deploy and move applications and data across different infrastructures to deal with changing conditions. 

A consistent technology foundation, spanning on-site datacenters and public cloud environments, is critical for achieving application and data portability. Deploying a hybrid cloud platform that supports both traditional and modern applications, including AI-powered workloads, makes sure you have flexibility and scalability to mitigate risks associated with reliance on single providers. 

Open source and open standards-based hybrid cloud platforms facilitate consistent operations across a wide selection of vendors and technologies you can rely on. This provides the interoperability needed to integrate with diverse software, hardware, and cloud vendors. By using a valued ecosystem of certified partners, financial institutions can further enhance this interoperability, integrating with a broad range of trusted 3rd-party solutions to meet their unique needs and regulatory requirements.

Red Hat takes an open hybrid cloud approach to modern applications and IT. An open hybrid cloud strategy lets you architect, develop, and operate a mix of applications and deliver a flexible cloud experience with the speed, stability, and scale required for digital business. 

An open hybrid cloud inherently addresses operational resilience challenges, helping you to comply with industry regulations. With Red Hat, financial institutions can reduce their dependence on providerspecific cloud services and build their capabilities to achieve greater operational resilience, while relying on the same trusted foundation to deliver secure and efficient services on-premise and across multiple environments.

The benefits of our open hybrid cloud approach also extend beyond operational resilience. 

• A modern, open hybrid cloud environment provides the flexibility and interoperability needed to adapt to new technologies and methodologies.
• A consistent operating and application foundation unifies your on-site and cloud infrastructures to provide increased visibility into and control over resources across your environment.
• Standardized development processes, design approaches, and operating models connect disparate tools and teams across your organization to increase collaboration and innovation.
• An open hybrid cloud also includes the capabilities needed to support modern DevOps and cloud-native approaches to application development across your entire environment. 

Based on this open hybrid cloud strategy, Red Hat offers a foundation for operational resilience for financial services organizations.

Red Hat provides a portfolio of integrated products that address the pressing challenges of operational resilience. As firms grapple with the complexities of consistent application portability, managing scalability across diverse infrastructures, and meeting stringent regulatory demands, Red Hat’s open hybrid cloud solutions offer a unified foundation to deal with these issues directly. These solutions are modular, allowing you to deploy essential components immediately, expand your environment as your needs evolve, and integrate with Red Hat and certified partner products to build a resilient, compliant, and adaptable infrastructure. Each component provides key functionality:

• Red Hat® OpenShift® is an enterprise-grade application platform with full-stack automated operations to manage hybrid cloud and multicloud deployments. It lets you consistently run and move traditional and modern applications across on-site datacenters and cloud environments, including Amazon Web Services (AWS), Google Cloud, IBM Cloud, and Microsoft Azure with Red Hat OpenShift cloud services, allowing organizations to quickly build, deploy, and scale applications across clouds, and refocus on innovation with confidence. Red Hat OpenShift also supports a mix of containerized and VM workloads, for both traditional and cloud-native applications, and provides key capabilities for constructing a hybrid cloud foundation, including built-in security capabilities, observability, monitoring, logging, and service and resource management.
• Red Hat OpenShift Virtualization, included with Red Hat OpenShift, helps you create more consistency by strengthening your operational resilience strategy in the shifting virtualization marketplace. Putting VMs and containers next to each other in the same environment, it unites your teams on a single, cost-effective platform to deliver applications and services. For those looking to modernize, it lets you add VMs to container-based applications, and containerize those VMs over time.
• Red Hat Enterprise Linux® CoreOS is a specialized distribution of Red Hat Enterprise Linux, optimized for running Linux containers on Kubernetes. Through minimal system use, immutability, regular updates, and managed operations, it reduces risk and complexity for your environment. Because it is based on Red Hat Enterprise Linux, Red Hat Enterprise Linux CoreOS inherits a mature, comprehensive delivery and support model with a robust ecosystem. Included with Red Hat Enterprise Linux CoreOS, the Compliance Operator assesses the compliance of both Red Hat OpenShift’s Kubernetes application programming interface (API) resources and the nodes running the cluster. The Compliance Operator uses OpenSCAP, a collection of tools certified by the National Institute of Standards and Technology (NIST), to scan and enforce security policies.

A Red Hat open hybrid cloud foundation allows you to build naturally resilient applications and environments that support both traditional and modern workloads, from core systems to AI-powered critical services. The following practices can help you get started on your path to operational resilience. The letters that follow each Red Hat product correspond to those shown in Figure 1.

• Start by deploying Red Hat OpenShift (A) on 2 or more infrastructures—including on-site datacenters, private clouds, and public clouds—to create your hybrid cloud. This approach supports both traditional and modern, cloud-native applications. Incorporate Red Hat OpenShift Virtualization to bring virtualized applications into a unified platform, allowing you to create a consistent operating environment while using existing investments in traditional applications. This helps you modernize at your own pace, while you build your resilient digital business.
• Use Red Hat OpenShift Data Foundation (F) to create, replicate, and synchronize persistent storage across multiple environments or availability zones.
• Incorporate traditional applications alongside modern workloads, using Red Hat OpenShift Virtualization to run VMs within the same Kubernetes platform that supports your cloud-native and AI workloads. This unification simplifies management and enhances operational efficiency across your technology estate, incrementally building resilience.
• Adopt industry best practices with built-in operating system and platform capabilities to consistently configure, manage, and operate your environment via Red Hat’s integrated management and automation tools (C, D, E). Common best practices include infrastructure-as-code (IaC) approaches, implementation of source control and change management practices, and configuration of security and network guardrails. Automation of provisioning, policy enforcement, and AI-powered optimization further enhance operational speed and accuracy.
• Use Ansible Automation Platform (C) to connect your hybrid environments, orchestrate application deployment and movement between environments and availability zones, and increase overall operational speed and accuracy. Ansible Automation Platforms equips you to build additional operational layers by defining playbooks for remediation plans and digital resilient testing, bridging traditional existing infrastructure and Red Hat OpenShift and virtual infrastructure.
• Integrate your generative and predictive AI capabilities with Red Hat AI platforms (H), along with MLOps support, for building flexible, trusted AI solutions at scale across hybrid cloud environments. This integration makes sure you benefit from the same security, monitoring, and automation capabilities that support your broader operational resilience strategy.
• Use Red Hat’s management and automation tools (C, D, E) to connect to and manage native service offerings like infrastructure, developer, application, and data services. For example, you can choose to use database services from your public cloud provider and create automation playbooks to orchestrate data portability and availability between infrastructures. Red Hat OpenShift (A) also offers many services to increase consistency across dependencies and streamline movement between infrastructures.
• Customize your environment with third-party tools and services through Red Hat’s partner ecosystem (H). Open integration interfaces and partner certification let you use both existing and new development, test, operations, and security tools with your Red Hat hybrid cloud foundation. Many vendors offer certified Red Hat OpenShift operators or certified software containers to simplify installation and management.

Many financial services organizations are already benefiting from hybrid cloud foundations based on Red Hat OpenShift. For example, a leading insurance provider in Europe uses a full stack of Red Hat technology to support their public managed cloud strategy, which incorporates multiple public cloud vendors. Red Hat OpenShift allows the company to comply with local financial regulatory requirements while staying as flexible as possible to minimize migration efforts if they need to change 1 of their public cloud vendors. Their Red Hat foundation has also helped the insurance provider accelerate software development, boost employee productivity, and improve financial transparency and business agility. 

See how other financial services organizations are using Red Hat technologies.

Operational resilience is a top concern for financial services organizations that operate in a cloud-based, AI-powered world. Red Hat provides an integrated, flexible, and consistent open hybrid cloud foundation to support operational resilience across datacenter and cloud environments, helping prepare you for future change and success. 

Discover more about how Red Hat can help you boost your operational resilience.