Deutsche Bank calls in AWS, Microsoft and Google to tout for cloud biz: Come in to tender, deal value unknown
Deutsche Bank has reportedly invited bids from Microsoft, Google, and Amazon to pitch for cloud services and other project work as part of a major tech investment scheduled over the next two years.
The request for proposal and contract award is being managed by Bernd Leukert, Deutsche's head of technology, data and innovation, a former SAP board member that was most recently in charge of SAP's Digital Business Services unit. He joined the bank in September.
"Deutsche Bank is committed to taking greater advantage of the opportunities offered by the cloud," a Deutsche spokesperson told us.
"To help us evaluate our options, we have started a tender process with several cloud providers. As is customary in such processes, we will not comment on the details – but we expect to be able to complete the process in the coming months."
The wider tech overhaul is seeking to reverse years of falling revenue and mounting losses, marked by regulatory problems and a collapsing share price. Deutsche Bank's revenues have fallen from €33.5bn in its fiscal 2015 (PDF) to €23.165bn (PDF) in 2019 and it has lost €14.5bn in those five years. The organisation has faced $18.3bn in regulatory fines since 2008.
Deutsche Bank, according to Reuters – which initially revealed the talks with the three cloud vendors – is struggling with a sprawling, outdated tech infrastructure, not helped by the buys of Morgan Grenfell and Bankers' Trust in 1990 and 1999 respectively. Some of the company's basic processes are still thought to be analogue.
Microsoft, AWS and Google are understood to have been on site at Deutsche Bank's HQ in Frankfurt as of last week to generate proposals designed to fix its tech estate and will include a series of projects. The tender is expected to take three months.
Deutsche Bank has not confirmed that it is buying a public cloud service from Microsoft, AWS or Google, and all three offer both public, private and on-premise services.
The looming agreement with one of the major cloud providers comes half a decade after Deutsche Bank signed a 10-year outsourcing agreement with HP's Enterprise Services wing to modernise its systems. The bank planned to keep IT architecture, app development and infosec in-house. The initial idea was to deploy HP's Helion private cloud to procure data centre services on demand, including storage, platform and hosting. However, HP took Helion out back in January 2016 and it hasn't been seen again.
HP split into HP Inc and HPE in 2015, with the latter housing Enterprise Services, which was then spun off and merged with CSC in 2016 to form DXC Technologies. DXC declined to comment when The Register asked whether the new deal would impact the old one, a 10-year private cloud deal that still has five years left to run.
TechMarketView analyst Jon C Davies said of the move: "Several major SITS (software, IT service) providers, including TCS, HCL, DXC and HPE, are actively involved at Deutsche Bank and are likely to play a role in any future cloud orchestration."
He added: "In 2018, Deutsche Bank suggested that around two-thirds of its applications could be migrated to the cloud to drive improved efficiency, security, resilience and reporting. It's no surprise therefore that the 'three wise men' of public cloud have been flown in to accelerate the transformation. Perhaps it is a surprise that they have not been more heavily involved in the project already. However, in light of the sheer scale and complexity of the German bank's IT estate and the many business challenges it faces, perhaps it had other fires to fight first."
If the CIA can do it...
Sid Nag, Gartner veep of the Technology and Service Provider Group, said that Deutsche's decision to go cloudy is unsurprising in light of similar moves by other banks in recent times. Last year, Santander teamed up with IBM to move some of its systems onto the cloud, as did TSB parent Sabadell.
"There was a time when banks worried about going onto public cloud, but most of the issues around security, governance, and compliance have been dealt with now," he said.
"The CIA is running their operations on the cloud. If the CIA can do it, I'm sure a bank can do it."
Gartner's Nag told us that most big data leaks are not the fault of the public cloud providers, but the customer which is using them for certain workloads or applications.
However, the project at Santander hasn't gone as smoothly as initially expected. A report by Forrester found that a lack of understanding of tech at higher echelons, coupled with simple inertia, had led to half of its "digital transformation" efforts either stalling or failing outright.
Industry: Cloud Computing
- DevSecOpp- Security design / review consultant. SC Clearance. London
CH7838 London £70,000 DevSecOpp- Security design / review consultant. DevSecOpp- Security design / review consultant will ensure that newly created, public facing apps are secure by design and by default by aligning them to current / best practice security policies and standards into the design phases. The individual must have a technical software / application development background with specalist experinece in secure architecture design. (Frameworks, processes, best practice etc) Practical experience translating and ensuring that the OWASP top 10, ISO27001, HMG frameworks requirements are reviewed and embedded into project designs which are implemented is essential. Experience working projects through a full development lifecycle is key. You will work along side the design and project teams to idenitfy and mitigate risks throughout the design phases. This is a permanent role. SC clearance is essential as is the ability to get to the London office. (When appropiate #covid) Security DevSecOps consultant. To arrange a discreet call book via https://calendly.com/chris-holt/devsecopp--security-design-review-consultant
- SPLUNK SOC Analyst level 3, London.
SPLUNK SOC Analyst level 3, Must be able to commute to the City of London. Onsite role. Security clearance needed. The SPLUNK SOC Analyst level 3 must have current experience working within a SOC environment with specific experience using a range of tools and techniques to investigate security incidents. Current experience with Splunk is essential. any additional experience Individuals with Elastic Security SIEM are highly desirable. Any of the following certifications are desirable Splunk Phantom certified admin, Splunk Core Certified Power User / Advanced, Splunk Certified Enterprise Security Admin, etc The role will include, but not be limited to working with sophisticated information security tools, investigating security incidents, incident management, technical escalation, process improvement, research into the latest threats, reporting etc The individual MUST currently be living in the UK and be able to achieve UK security clearance. (SC) This is a permanent role To arrange a call with Chris Holt https://calendly.com/chris-holt/arranged-call-with-chris-holt-elastic-siem-engineer-soc Chris.Holt@dclsearch.com
- ISO 27001 & Business Continuity Security Specialist, End User
- United Kingdom
CH7828 ISO 27001 & Business Continuity Security Specialist, End User, £70,000 United Kingdom ISO 27001 & Business Continuity Security Specialist needed to join a Cyber team within an end user. The ISO 27001 & Business Continuity Security Specialist will have end to end responsibility for the information security and Business Continuity management system. ISMS/BCMS. Both from an information security and technical security perspective working alongside the CISO. Experience must include, but not be limited to; a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling to achieve compliance. ISO 22301, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. Experience taking a company through accreditation is highly desirable Experience managing internal stakeholders, technical teams and external third parties essential Flexible working, very occasional travel to London office This is an exclusive role to DCL Search & Selection. Looking to interview immediately. https://calendly.com/chris-holt/iso-27001-business-continuity-security-specialis
- PCI- DSS Security Consultant, End User
PCI- DSS Security Consultant needed to join a Cyber team within an end user. The PCI- DSS Security Consultant will have end to end responsibility for PCI - DSS and its continuing certification. Both from an information security and technical security perspective working alongside the CISO. Experience must include, but not be limited to; a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling to achieve compliance. PCI objectives / 12 key requirements, OWASP top 10, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. PCI Cloud compliance, specifically someone with experience taking PCI-DSS from on premise into the cloud is HIGHLY desired. However, someone with Solid PCI experience with a strong technical background which include Cyber / Secure by design etc would be considered. Experience managing internal stakeholders and external third parties essential. Flexible working, but with the ability to get into London. This is an exclusive role to DCL Search & Selection. 1st stage interviews to happen the week of the 14th September Arrange a call with Chris on https://calendly.com/chris-holt/arrange-a-call-chris-dcl-pci-compliance