Technology that provides security: How banks maintain sovereignty over their data

For a long time, it was considered impossible, but in the end, everyone knew it: U.S. cloud providers do not rule out sharing data from their European customers with the U.S. government if there is a legally valid directive to do so. This has already been confirmed in public hearings of some European Parliaments.

This example underlines the significance of the issue for European banks and clearly shows that the financial industry is facing a fundamental challenge: to retain control of its most valuable resource, its data. What is needed is a strategic change towards true digital sovereignty. Digital sovereignty means much more than just data protection. It is about a bank’s fundamental ability to autonomously make decisions about its data, infrastructure, and IT processes.

In addition to hybrid or private cloud solutions, a state-of-the-art multi-cloud architecture turns  out to be a suitable strategy. It offers two distinct benefits: Banks can leverage the strengths of each cloud provider and, at the same time, they can reduce their dependence on individual providers. Therefore, banks should move to a modular IT architecture that gives them the flexibility to adapt to changing requirements.

This also includes replacing outdated legacy systems for core processes such as account management, payment transactions, and back-office processing, which continues to be a major challenge for many financial institutions. That is because many banks have IT landscapes that have developed over decades and encompass various systems, interfaces, and technologies that are deeply intertwined. Therefore, a successful migration away from legacy systems requires careful analysis. IT consolidation in the cloud is indispensable and plays a crucial role here.

An important prerequisite for change is consistent standardization and platform-independent development, which precludes a focus on individual clouds and technologies. With modularity, individual components can be replaced without weakening the overall system, and it facilitates the gradual migration of legacy solutions to the cloud. This allows banks to reduce the complexity of their IT systems and expand their capacity for action at the same time.

Cloud solutions provide the option to store and process specific data within particular jurisdictions, making it easier to meet regulatory requirements. At the same time, banks retain control over the location and type of the data processing – while also maintaining global availability of their services. Additionally, banks need an exit strategy to be able to swiftly switch between providers. Users of the BSI Customer Suite, for instance, can replace their entire cloud infrastructure in a very short period of time if there is a need, potentially within as little as 72 hours. AI models, too, can be replaced in just 90 minutes.

This rapid switch is also required by DORA, the Digital Operational Resilience Act. Together with the GDPR, DORA drives the development of sovereign IT architectures. And not only does the new regulation require technical measures to be put in place, but it also necessitates organizational control over all IT processes. Banks must be able to prove at any given time where their data is located, what data is located where, and how the data is processed.

However, data sovereignty does not mean refraining from working with external service providers. Rather, it is about defining clear framework conditions for collaboration, such as with the help of contracts and technical standards. It is about the ability to make technological decisions autonomously and to maintain the capacity for action. Above all, this includes selecting a provider that supports digital sovereignty with an open and cloud-agnostic infrastructure platform.

It turns out that investing in digital sovereignty pays offs in more than one respect: Your bank will be able to respond faster to market changes and make independent decisions – a crucial asset in the context of geopolitical tensions. Investing in these capabilities strengthens your bank’s market position and ensures the retention of a sustainable capacity for action. Digital sovereignty creates trust – with customers, partners, and regulatory authorities. Those who act early will act confidently in the future.