It is hard to understand global payments without understanding SWIFT. For over 40 years, SWIFT, Society for Worldwide Interbank Financial Telecommunication, has secured financial messaging for banks, corporates, brokers, and treasuries in over 200 countries. For example, if you have ever requested a funds transfer from your local bank’s branch or website to a friend or relative who has a different bank in another country, chances are those payment messages went through the SWIFT network.
Today, I would like to talk about how Google Cloud is collaborating with SWIFT for SWIFT to offer our joint customers the SWIFT Alliance Connect components in the cloud and how Google Cloud products support SWIFT’s security and operational requirements to reliably process core financial messages. SWIFT recently announced the launch of a new solution, Alliance Connect Virtual, which enables their customers to connect to the SWIFT network directly from the public cloud. Alliance Connect Virtual is a new network connectivity solution that enables SWIFT customers to deploy traditional physical hardware based SWIFT VPN connections as virtual appliances in the public cloud. Typically, organizations require either hosting SWIFT infrastructure hardware on-prem or in co-locations or consuming SWIFT services from external third-parties.
Launching Alliance Connect Virtual marks a major milestone in supporting our customers’ journey to the cloud,” says Sophie Racquet, Head of Alliance Connect and Digital Connectivity Product Management at SWIFT. “Whether in the cloud or on-premises, our community will be able to experience the same level of security, reliability and availability, and attest their CSP compliance too. We’ve received overwhelming positive feedback from our pilot customers so far and I’m looking forward to our phased launch throughout 2022.
For this initiative, Google Cloud is creating a reference implementation of SWIFT components on Google Cloud to help mutual customers satisfy SWIFT security and operational requirements, increase operational efficiency, and accelerate adoption of cloud for their core payment applications. We expect the SWIFT on Google Cloud reference implementations to be generally available (GA) later in 2022 in parallel with SWIFT’s GA launch of the Alliance Connect Virtual products. Some of the many reasons why customers should consider SWIFT on Google Cloud as their preferred solution include:
1) Google Cloud’s security principles focus on a secure-by-design infrastructure, built-in protection, and global network that assists customers in keeping their organizations secure and compliant. Data is encrypted by default, at rest and in transit, to prevent access by any non-authorized entities.
2) Google Cloud currently has 29 cloud regions, 88 zones, and 146 network edge locations connected via our private, software-defined, high-performance network across 200+ countries, helping our customers better serve their users around the globe.
3) Google Cloud’s serverless, highly scalable, and cost-effective multicloud data warehouse, BigQuery, enables customers to dynamically increase data from bytes to petabytes, with zero operational overhead. Customers can quickly gain business and operational insights about financial messages with real-time predictive analytics while relying on robust security, governance, and reliability controls for high-availability.
4) Google Cloud’s AI platform provides customers with one unified experience to create, deploy, and manage models over time, at scale. It is built with groundbreaking ML tools that enables customers to deploy models faster with MLOps pipeline tooling including configurable management of data and models.
5) Google Cloud is reducing environmental impact with the cleanest cloud in the industry. Google is carbon neutral today and runs smart, efficient data centers that are twice as energy efficient as a typical enterprise data center.
Now that you know some of the reasons customers choose Google Cloud, let’s explore some of the customer challenges we aim to solve by moving SWIFT components to the cloud.
- Reducing data center operational costs is one of the key business drivers when customers migrate applications to the cloud. Customers want to run their technology on faster, more scalable, and more affordable infrastructure than their on-prem environments. Virtualized SWIFT components like the SWIFT VPN enable customers to run on optimized virtualization platforms and help customers avoid separate license agreements with hosting providers. These are all part of a customer’s broader cloud modernization and data center migration initiatives.
- Customers must deploy SWIFT components in secure and reliable infrastructure to process sensitive financial messages. SWIFT has created the Customer Security Controls Framework (CSCF) which consists of mandatory and advisory security controls for SWIFT users to meet those requirements. A few examples would be the principle of least privilege for physical, network, and application permissions to restrict unauthorized access; encrypting credentials and data in flight and at rest; and providing redundancy and fault tolerance for a highly available platform. These controls evolve over time to combat new and evolving threats and to implement new developments in cybersecurity.
Once customers are confident they can satisfy SWIFT’s security requirements and virtualize the components in a cloud environment, they can accelerate their adoption of cloud native services for their core platforms. This opens up the opportunity for customers to leverage new big data and machine learning technologies to help gain new insights and further analysis of the messaging data. Let’s see what the SWIFT components look like on Google Cloud.
The SWIFT on Google Cloud solution is a packaged, hybrid solution that’s a combination of SWIFT software in Google Cloud and SWIFT hardware components in a colocation facility. The solution can be broken into two logical components: SWIFT VPN or Alliance Connect Virtual and the corresponding SWIFT applications.
Alliance Connect Virtual is the secure VPN communication to and from the SWIFT network to the SWIFT Alliance Gateway (SAG) and SWIFT applications. It leverages the SWIFT VPN virtual appliance on Compute Engine virtual machines with Cloud KMS as the trusted key store to support FIPS 140-2 Level 2 compliance. Cloud Interconnect provides a high throughput and reliable network to Google colocation and partner peering exchanges.
The SWIFT applications include both message processing and business analytics products from SWIFT. Google Cloud provides Bare Metal Solutions (BMS) for hosting the SWIFT Alliance Message Hub (AMH) Oracle database and Hosted Private HSM for the SWIFT HSM requirements. Both services provide low-latency VPC connections for the applications.
The entire architecture includes private VPC networks with stateful firewalls for egress/ingress traffic between SWIFT applications, SWIFT VPN, and the SWIFT network. The SWIFT product and package you purchase will determine the final configuration and architecture.
Google Cloud continuously invests in secure-by-design infrastructure across the cloud stack to protect our customers. Our use of a private fiber network means that customer data spends less time on the public internet, reducing vulnerability. Customers own their data, and control where it is stored, processed, and transmitted. In addition, Google Cloud addresses the requirements of financial sector laws like FFIEC (US) and EBA (EU) and is audited against international standards like ISO 27017 and ISO 27018.
Google Cloud strives to be the best for big data analytics, artificial intelligence, and machine learning among cloud providers. Our fully managed, serverless approach addresses performance, scalability, and availability requirements for data platforms and analytics. With no infrastructure to manage, customers can easily leverage products like BigQuery to analyze gigabytes to petabytes of SWIFT message data in minutes, not months. Customers can create risk-based models on the data running high performance computing (HPC) simulations or mitigate the risks of financial crime using fraud prediction and anomaly detection with the Vertex AI platform.
In addition, sustainability is becoming increasingly important to more organizations and Google has invested deeply to become the cleanest cloud in the industry. Google has matched 100% of the energy consumed by our global operations with renewable energy since 2017 and maintains a commitment to carbon neutrality. Every workload you run on Google Cloud has zero net carbon emissions.
As you can see, Google Cloud’s collaboration with SWIFT enables our customers to deploy SWIFT components on Google Cloud and supports customers’ security goals. Migrating traditional on-prem financial messaging platforms like SWIFT to Google Cloud increases overall operational efficiency and accelerates the adoption of cloud services. If you’re eager to learn more about how Google Cloud is teaming up with SWIFT, please reach out to your Google Cloud sales representative or partner manager. You can also learn about our solutions for financial services customers here.
By: Chris Page (Solution Architect, Google Cloud)
Source: Google Cloud Blog