Banking Frontiers

Know Your Software

Edited excerpts from a web panel discussion on software assurance, a topic of critical relevance, held in associatio­n with CAST Software:


Today, software is taking more and more decisions and even human decisions too are conveyed through and executed through software. Software knows more about the organizati­on than any single individual. Yet, how much does the organizati­on know about the software on which it runs? Knowing the health of the software is a precursor to knowing the health of the organizati­on. In the light of this emerging dependency, Banking Frontiers organized a panel discussion among CIOs of leading BFSI organizati­ons to have a better understand­ing of the core issues.

With disruptive technologi­es challengin­g the traditiona­l banking model, banks and BFSI organizati­ons which used to earlier ride on human knowledge for customer informatio­n, are now completely dependent on machines and software. This naturally leads to the question – do these financial entities know their software well?

Though banks and NBFCs have taken the step in the right direction, it is imperative for them to understand the apps and the software. There is also an urgent need for them to understand t he extent of personal data that can be stored and shared in such apps and software.

Sunil Jain, Sr VP, Business Systems and Technology at HDFC Life, said: “We are more software dependent, not just for employees, but also for our customers. There are several tools which are available for 360 degree-view of them. We have, in the past, done several exercises, one of which is migrating the entire content to the cloud. That forced us to take a call on some of the old software and retired them.” KRC Murty,

Sr Vice President and Head IT Apps – RTB at Kotak Mahindra Bank supplement­ed this view: “The software understand­s the organizati­on better than all the teams managing the software. However, it is not correct to say that the organizati­on does not know the setup and mentality or the expertise and informatio­n. Definitely, every organizati­on needs to have visibility of the applicatio­ns it is running. There are mechanisms in place to see the entire applicatio­n in a single dashboard.”

Digital transforma­tion or modernizat­ion also raises the question of escalating costs and also whether to develop the app in-house or bring third party apps into the system.

Sanjeev Kumar, CTO at Pine Labs elaborated: “For the homegrown software, if something goes wrong, you don’t have anybody else to fix it. In case of third-party software, you need to know what kind of software it is. How much is manageable in-house? How much can be supported in warranties? What is the life cycle? How much control do you have? For this, there has to be process-like software for tracking software. So, you are aware that a certain software is completing its life cycle. There has to be a matrix for the software itself.”


Software monitoring the life cycle or a third party announcing the sunset of a running software is chaotic or triggers the panic button. There are examples in the banking industry - Base24 is one such. That leads us to the critical point of having software intelligen­ce in place.

Nilkant Iyer, Sr VP & Country Manager-India at CAST Software pointed out: “Typically the software intelligen­ce tracks the end life of an applicatio­n to help mitigate the risks associated with it. What you cannot measure, you cannot improve. So how do you measure different parameters for open source or third-party software, where you have no control on the associated risks? Is there a way to capture vulnerabil­ity in that case? Is there a way to measure cloud readiness? Which software to be moved to the cloud? How can I build a strategy, which is agnostic of the cloud provider? We worked on these areas to capture the intelligen­ce metrics to be able to build an ROI to see how systems are now and what it should be in the future.”

The cost of moving and maintainin­g the cloud is probably higher than on premise. Knowing your software is important and from an organizati­onal perspecti v e , i t has t o be i deall y metrics-driven.


Legacy software and legacy platforms have been a bone of contention in various large institutes because these software are used in large size operations with huge business dependency. Organizati­ons, at times, are scared to move from one applicatio­n to another for the fear of failure. Besides this, scalabilit­y, concerns about uptime etc also play a significan­t role in decision making on modernizat­ion.

Mahesh Patel, President at AGS Transact Tech, explained: “A l arge

number of banks are still running on the same solution because that’s the trusted solution for them. A change is possible only if there are upgraded features and projects cost effectiven­ess. Technologi­es or platforms have moved to open source or much cheaper systems. Cost is definitely an angle. The question is whether an alternativ­e is available with same stability, scalabilit­y and security or not.”

Time taken for decision making, evaluation, and implementa­tion will have a direct effect on the modernizat­ion process.

KR CM ur ty opined:

“The time taken is humongous. The most critical part is planning and executing. There are many products available. How do you choose the best for the organizati­on? Mostly, the non-critical nonbanking database applicatio­ns are being moved to the cloud. I will not want to move any applicatio­ns, which have critical client related data, into the cloud as of now because of a) strategy b) regulatory controls. There will always be some applicatio­ns in an organizati­on, which is a white elephant. There are times when vendors don’t keep up to your expectatio­ns, and that is when you know that it is time to move to a new product.”

Added SunilJa in :“Major transforma­tions need to follow a phased approach. In one of the techniques which we did, we replaced the core services into micro services, and then slowly establishe­d it.”

“Source code can capture resiliency of the applicatio­n, agility, technical debt and cloud readiness. And these are metrics, which are fairly easy to capture. When you marry the facts, the qualitativ­e informatio­n enables you to make those decisions. The primary thing is for digital transforma­tion, securing the budgets as the Board may not sanction extra budgets,” explained Nilkant Iyer.

While AP I gateways allowed organizati­ons to collaborat­e and helped them to understand new technologi­es, the industry which drove the core banking systems are now talking about platform banking as the next step.


“Picking up a product and getting it customized to your requiremen­ts is the fastest way to implement. In case if you plan to develop an app internally, it is time consuming and by the time you deliver the product, it is already obsolete.

This is the reason behind organizati­ons looking for third party apps,” said KRC Murty.

Mahesh Patel was in complete agreement with

Murty. “Whenever there is a new requiremen­t, we look at readymade products, which offer scope for customizat­ion. In the entire developmen­t lifecycle, the most challengin­g aspect is testing - not just functional testing, but also nonfunctio­nal testing, which is more important. Through non-functional testing, one can g au ge scalabilit­y, security and stability.”

The organizati­on requires a clearer picture like an MRI scan of the entire layer of applicatio­ns to probably fast-track the requiremen­ts to be agile and adaptable to the environmen­t. When migrations happen, typically the business wants everything in place at the earliest. At the same time, the tech team is forced to meet the expectatio­n of both business team and the CFO who asks them to keep costs under control.

Nilkant Iyer put forth a key point: “When one buys a software, he would know everything about the financials, the customers and the competitio­n. What they don’t know is tech debt. What are you acquiring in terms of technical liabilitie­s?”


Integratio­n of a new app always had its set of hurdles and concerns attached to it. Especially when it comes to third party API integratio­n, evaluating applicatio­n resilience is key.

KRC Murty added: “We started the API journey 3 years ago; we have a dedicated website where all partners collaborat­e with us. We also use some legacy applicatio­ns. There will always be challenges. You need to work around how to do i t . Luckily, we don’t have t o o much o f legacy systems. But there are some products which are not able to keep up with the pace of the current requiremen­ts.”

Sanjeev Kumar said: “On t he payment side, modernizin­g the apps includes the services exposing the API, in the UI side consumer apps, merchant apps, etc. This is where most of the changes will lie.”

Getting a total 360-degree macro perspectiv­e still remains a wish for all the CIOs or all the technology heads. The clearer the vision is, the easier it becomes to strategize the future moves in the technology space.

I t c a n hel p t he o r g a ni z a t i o n reduce the cost and the time taken to implement.

 ??  ?? KRCMURTY
 ??  ?? SUN
 ??  ?? SA
 ??  ?? NIL
 ??  ?? MA L

Newspapers in English

Newspapers from India