Alisa Melnikova, the general director of SberTech, rather casually stated that “the company she heads by the end of the year has become the largest developer in the Russian Federation software with a revenue of 15.2 billion rubles (an increase of 46%) and a staff of 6,515 people against 5,300 people in 2014 ".
"SberTech" stirred up the IT market
SberTech is a subsidiary of Sberbank and is developing and implementing software for this bank. Many IT companies in Russia have long disliked this vendor. There are several reasons for this. Firstly, such major integrators as CROC or Lanit now supply Sberbank with only hardware solutions and are strictly removed from software.
Secondly, SberTech, like a vacuum cleaner, pulls programmers out of the market, offering them substantially better working conditions. There is not a single IT company in the Russian Federation and Belarus that would not have lost its employees because of him. There is not a single bank from which top managers of the IT block would not go there.
Thirdly, after the commissioning of the English Channel project (a paperless middle office based on the Pega PRPC platform for 40 thousand users) at the end of 2015, HP, Canon, Xerox and other printer suppliers got a big grip on them. If earlier once a week a whole truck of paper was delivered only to the central office of the bank in Moscow, now there is enough of a Gazelle. And then only for signing contracts with clients.
Priority is given to open-source and own development
And, finally, what is of interest to software developers, SberTech has completely switched to open-source and its own development. With the help of this set of tools, in the near future, it is necessary to solve three super-tasks: the creation of a unified front-end system (EFS) for the development of customer service channels, a business development support platform and the launch of a data factory based on BigData technologies.
The conference on February 6 was devoted to a more detailed analysis of the ESF project. Why did Sberbank need to conduct it? Why should the bank's top officials speak on it in front of programmers? The answer was given by the top manager of Sberbank Vadim Kulik in charge of IT and risk management of the bank.
According to him, the bank has long become the guinea pig of Oracle corporation. They do not have such a large installation of this vendor's database with such a load on the front office anywhere else. With such a load and scale, "such a number of cockroaches" crawl out of this database that it is not clear who should pay money to whom for licenses.
As a response to this and many other challenges, SberTech began to develop its own competencies. These are both our own developments and the purchase of startups. For example, this is GridGain, which specializes in the development of software for processing large amounts of data in RAM in real time (In-Memory Computing technology, IMC).
At the same time, GridGain is developing an open source distributed computing platform in Java, distributed under the LGPL and Apache 2.0 licenses. This fact, as they say, makes it possible to successfully and with minimal financial investments "import substitution", for example, such a proprietary German solution as SAP HANA. So, if fintech startups have something to show, they urgently need to look for where Sberbank is located.
As for the front, the chosen path of unification and centralization of all the numerous products into one, both for our own operators and for customers with a user-friendly interface for all devices. On the scale of Sberbank, this is truly colossal work. Until recently, a change, for example, in the discount rate of the Central Bank of the Russian Federation in all systems took up to 3 months. With such a pace, you can easily lose in the competition to the same Tinkoff Bank.
Sberbank is equal to Amazon or Google
The task is to achieve almost online launch of products to the market thanks to the EFS and the same online reaction to market changes thanks to BI and BigData based on the SOA integration bus in contrast to traditional banking ABS and ERP. This, according to top management, puts Sberbank in a row not with financial institutions, but with technology giants such as Amazon or Google. At least in Russia. At the same time, one should not forget that the bank is vulnerable to Western sanctions - therefore, the emphasis is on its development. And therefore the approaches “ Tinkoff Bank"They don't quite suit him.
This fact makes SberTech turn on the “vacuum cleaner” in a new way and look for programmers who mentally correspond to these challenges. As the speakers noted, IT specialists working in banks are blinded and do not want unnecessary changes. Therefore, the eyes of recruiters turned to Yandex and the like.
But there, too, they are not bastard, they are ready to keep specialists at any cost. Therefore, SberTech is ready to consider candidates for junior positions, opens its own school for training Java and JavaScript programmers (not a word was said about PHP). We talked a lot at round tables about interface developers and layout designers. It turned out that there are practically no tough specialists in this area on the market in the Russian Federation, especially in mobile.
The conference lasted a whole day with many round tables. There is no way to describe everything briefly, the conference organizers promised to post a video of the event for everyone interested. And it was all about ESF! But in parallel, two more megaprojects are developing, about which it was written above. It looks like SberTech can catch up with large American vendors at such a pace.
This subsidiary structure of the bank, as usual, began to implement all IT projects of the bank and planned to go out to work for open market... But it all went wrong. The information technology foundation of the "largest bank in Eastern Europe" needs a complete overhaul. Founded in 2011, the company has not lived up to expectations in 7 years.
You can, of course, try to argue with numbers. To say that it is now the largest IT employer in the country. More than 10 thousand programmers! We can say that the revenue has grown over the past year. But this is a clear indication that the bank began to spend even more on IT, without improving the quality of services.
General Director Alisa Melnikova left the company in June last year. But it didn't really help the company. Over the entire existence of the subsidiary and extremely important for Sberbank, so many problems have accumulated that they all together are already starting to drown the head one.
1. Too many people
This reason is the result of a mixture of the gigantomania of the Soviet era and the desire of specific top managers to have budgets and power. But another reason is that the right hand does not understand what the left is doing. Remember Gref's gorgeous saying about programmers?
“Programmers are not needed today. We have a huge number of programmers with whom we are fighting,” said German Oskarovich.
Half of the ministries and most of the companies on the market yell and chase with a net after overvalued and extremely necessary for the digital economy "builders", which should be programmers, and Gref decided to fight them. Who are we going to realize the future with? Why do companies need so many people? The same VTB or "Alpha" with Tinkov spend much less human resources on the implementation of exactly the same or even better characteristics. At the same time, people are lured out of the market with double salaries and promises that they will definitely change the world here. But in fact, it turns out to be a completely different story. On paper, it takes 200 programmers and several months of hard work to put a button in a CRM.
2. No breakthroughs
EFS, PPRB and FD. The company is proud of this and publishes it openly on its website. Let's take a look at a specific example. EFS - Unified Frontal System. What it is?
The Unified Frontal System is aimed at increasing the level of comfort for Sberbank customers when receiving services, as well as at the convenience, speed and efficiency of the employees of the branches who are engaged in customer service. ESF is cross-channel based. Wherever the user comes from - through an application, a browser on a home computer, through a call to a call center or office - he can continue serving through any channel from the moment where the last interaction in any of the channels ended - the system should recognize the client's profile ... In addition, the ESF, due to its own API, allows partners to enter the system, as well as to integrate with third-party sites.
But a bunch of services can do this today! What prevented you from finishing Bitrix24 or a huge number of other systems in order to implement what is written above? This is not some kind of space. This is reality. Well, yes, Sberbank is large. But not the only one in the world. It could be possible to spy on others in order to do the right thing. Exactly the same with the rest of the projects. For a breakthrough, absolutely lean nonsense is issued. And some of this "nonsense" has not even been created yet, but exist only on paper.
3. Trite boring
One of the reasons why "holy agile and scrum" don't work is because they are implemented by specific people. At Sbertech, on condition of anonymity, several colleagues from the company confirmed that sometimes they simply do not understand what they are doing and how it will change the world. All these 10 thousand programmers are not needed by the bank in such quantity. So they are idle. For our money.
4. Imposing extremely strange functions on the company
Here is the scandal with an analyst from Sberbank CIB. Dispersed the entire structure. And now Gref announced his intention to replace analysts with "artificial intelligence".
Well, nonsense! But many listen with open mouths. And they expect Sbertech to do everything now. So many programmers! But just as 9 women won't have a baby in a month, so here - well, you won't be able to replace analysts with a computer or a neural network this year. And now imagine what are the strategic risks for the parent company.
5. Permanent failures in the work of the parent company
What can we say, even if at the SPIEF a whole cloud of insiders spoke out loudly about massive disruptions in the work of Sberbank on the forum. Which is just a shame. The company, by the way, did not confirm this, but did not deny it either, which indirectly proves the correctness of the rumors. But regular failures, blocking of accounts for the transfer of 666 rubles and similar stories are another evidence of the impotence of managers. Yes, it was difficult, yes, there was an ordinary savings bank. But no one spared you money and time for transformation. The hopes were that you would be the best in the world. In the meantime, it turns out that you have not justified our hopes at all.
Sberbank is successfully implementing strategic initiatives aimed at building a technology platform and transforming into a technology company by the end of 2018.
Strategic program "Reliability 99.99"
Sberbank has done a great job to ensure the high reliability of its systems. Among the important milestones of this work - the organization of geo-reservation of services of the contact center of Sberbank; creation of the core of a new highly reliable local area network; work of client services when performing transactions in online stores, transfers, issuing loans, servicing through remote channels in Stand-In mode 24 × 7 during incidents and technological work. Downtime of critical automated systems of the Yuzhny Port data center does not exceed 1.6 hours per year. This data center is certified according to the Tier Certification Operational Sustainability, Uptime Institute, GOLD level.
Highly critical services for transporting data between Sberbank's automated systems have been switched to 99.999% functioning mode, that is, the downtime of the system is no more than 5 minutes per year. This ensures the continuity of the provision of basic services to private and corporate clients.
In the Sberbank Online system, a pilot block has been allocated for employees, in which new versions of Sberbank Online are tested before large-scale replication, which minimizes risks and shortens the implementation time.
IT Organization Transformation Program
Sberbank introduced through manufacturing process and resource planning, thanks to which control over the launch and implementation of projects has increased, the average duration of projects has been reduced from 30 to 18 months. New process implementation of non-design tasks allowed to reduce the time of their implementation by 1.9 times. The satisfaction of internal customers has increased, which in the field of the implementation of the IT component of projects has grown 3.8 times, in the field of implementation of non-project tasks - 3 times. Sberbank has completed the transformation of its IT organization. A platform for technological transformation has been created.
Technological Transformation Program
Agile transformation has begun at Sberbank, which consists in the transition to an agile development method called Sbergile. Sbergile teams are provided with basic automation, an iterative service development process has been developed.
Sberbank has created a unified process for managing operational and IT production, incidents and technological standards.
The number of functions supporting client operations has been reduced by 13%. The regional centers for support of client operations in the cities of Khabarovsk and Voronezh were transformed. IT operations are supported in all time zones.
Business Development Support Platform (18+) program
The platform is designed to become a universal constructor for creating business applications.
The performance and scalability of the In-Memory Data Grid architecture has been practically confirmed, in particular, a high performance of 35 thousand transactions per second has been achieved. A single information space has been created, where data on 100 million customers have been successfully uploaded. Mechanisms for audit, authorization, data access and batch processing have been developed. The most important services for business have been introduced: a unified customer profile of the Retail block, a unified catalog of products and tariffs in terms of deposits and bank cards, dynamic pricing. The first food factories were launched: P2P transfers, merchant acquiring, deposits.
The Program team received the status of developers of the open-source community of the Apache Software Foundation. Projects of the Program were given the opportunity to develop open-source components of the technological stack of platforms.
Single frontal system program
The goal of the Program is to create a uniform standard across all customer service channels.
The main emphasis of the Program in 2016 was placed on the growth of active sales to private clients through the contact center, increasing the loyalty of corporate clients through the service of remote account reservation without a visit to the Sberbank office, and reducing the cost of services of external contact centers for corporate clients.
From the technical point of view, for this, a unified library of interface components of basic system services was created, which are used to create a user interface. The use of the library allows to increase the speed of developing screen forms by 30–35% and reduce the cost of their development by 15–20%. A number of open-source components have been developed, which are presented for reuse for free access to the Internet community. A pipeline for automatic assembly of applications has been implemented, and the technology of automatic deployment of the system to all environments is being piloted. The use of DevOps technology will lead to a significant reduction in time-to-market and will allow products to be brought to the market many times faster.
Functional remote opening accounts, salary projects, corporate cards ported to a new digital enterprise platform. This is the first step towards the transition to the Unified Frontal System.
A mobile workplace for a direct sales agent has been created, which will allow planning meetings and optimizing travel routes, taking into account geographic location clients.
The program is fully implemented according to the Agile method. It takes eight weeks from idea to opening. More than 90 Agile teams work under the Program. In 2016, the best team of IT professionals and business experts was formed. The team has over 1,000 employees from Sberbank business units and 17 Sberbank-Technologies competence centers. To attract the best specialists, Sberbank held an open day and an international design hackathon.
Data Factory program
The goal of the Program is to provide the Group with conditions for achieving a competitive speed of launching new products to the market, monetizing data, increasing the speed of making management decisions, and reducing the cost of data ownership. The program combined activities to create data services and develop infrastructure, taking into account current trends in the construction of corporate data warehouses and analytical platforms.
Key projects of the Program:
- client profile "4D" - increases the completeness of information and the depth of the history of the corporate client;
- "Bulk personalization" - increases the efficiency of the processes of the same name in the retail business by quickly obtaining reliable information about customers based on data;
- "Boutique conveyor" - increases income from CIB customers by reducing the time frame and increasing the efficiency of decision-making in terms of customer information;
- project "Geomarketing 2.0" - provides external clients of Sberbank with information on the economic potential of individual geographic locations.
Within the framework of the Program, the performance of the analytical data warehouse has been increased. A new most important element of the architecture has been created - a data cloud - this is a distributed data storage for subsequent processing, where the first data of the largest Sberbank systems - the Unified corporate system and the Unified loan portfolio - are loaded. Launched an area of data experimentation and model hypothesis testing for business users. Sberbank managed to reduce to 10 days the time for one-time data delivery at the request of Sberbank divisions (previously, the period was more than four months).
Centralization 3.0 program
The goal of the Program is to complete the centralization of the landscape by significantly increasing economic efficiency IT assets. In 2016, within the framework of the Program, 682 non-target automated systems (with a plan of 410) and two data centers were decommissioned. An additional 270 non-target systems and seven data centers are planned to be phased out in 2017 and replaced by IT equipment.
From this conversation, you will learn what exactly Sberbank-Technologies, the subsidiary IT-company of Sberbank, is engaged in, which Telegram channels should be read by Application Security specialists and why during training one should not forget about practice.
INFO
Sberbank Technologies (SberTech) is an IT subsidiary of Sberbank, founded in 2011. It all started with a team of 500 people. These were mainly IT specialists of Sberbank, who moved to work in a separate IT structure.
Today the staff of SberTech is about 11 thousand people in sixteen cities of Russia. In these cities, key development centers are concentrated, in which regional teams of IT specialists gather: Moscow, Saint Petersburg, Novosibirsk, Innopolis and so on.
SberTech develops and implements software, as well as supports the existing IT systems of Sberbank. At the moment, Sberbank is the only client of the company.
Artem Bachevsky, Head of IT Systems Development in the Application Security Department
Tell us what SberTech does, what projects are you working on now?
Currently, the key project is the development of a new technological platform for Sberbank. It transforms the business model into an ecosystem. This ecosystem will ensure the provision of non-financial services, the connection of partners and contractors, will be able to process large amounts of data in a short time, and will allow for high system performance.
Let's take a closer look at non-financial services. What projects are we talking about?
Such projects already exist now, as the ecosystem has been developing since 2016. Full transition to the new technological platform is planned by 2020. Sberbank is striving to move away from providing only financial services and is actively acquiring partners. For example, Sberbank-Real Estate ( LLC "Real Estate Center from Sberbank" is part of the Sberbank group of companies. - Approx. ed.), "Sberbank-Insurance", Internet service for finding doctors DocDoc, and so on. Thus, the transformation into an ecosystem is carried out. Companies such as Alibaba, Amazon, WeChat follow a similar path.
“Ecosystem” and “technological platform” are nice words, but I would like to hear more specifics. What is the essence of your platform, what exactly are you developing, and why are these technologies outstanding?
The new platform consists of three key programs.
Business Development Support Platform- a universal tool for creating business applications. The bank must turn into a Marketplace that brings together a variety of tools to achieve the goals of its clients. This requires a foundation - a new platform: scalable, flexible, reliable and open, capable of changing in real time. Used in development the latest technology distributed computing in memory and applications with large amounts of data in real time - In Memory Data Grid.
Data Factory program is designed to improve the quality, reliability and availability of data for analysis. Bank employees will be able to fully engage in the analysis and interpretation of data without additional labor costs for their collection and reconciliation. Big Data provides work with supermassive data to monetize information and behavioral analysis of customers and employees, to adjust strategies for working with different segments.
Unified frontal system- cross-functional platform, Sberbank's own development. Platform tools provide a seamless cross-channel experience across all products and services. The technology stack maintains high performance, reliability, and user safety. In addition, due to its own API, the ESF allows partners to enter the system, as well as integrate with third-party platforms.
Now let's talk about security. Artem, tell us what your department is doing?
Our division deals with Application Security - application security. The department is relatively young, about two and a half years old.
Our main duty- ensuring the security of applications. Basically, these are automated systems that are critical for the bank, but also new mobile and mission critical developments fall into our area of responsibility.
Now the department employs fifteen people. They can be roughly divided into three teams: the penetration testing team, mobile penetration testing, and internal development. The team brought together employees with different technical backgrounds, mainly different areas of information security, but there are also guys from IT management and development. Together with our colleagues from Sberbank, we increase the security of the developed AS, maintain a reasonable compromise between business needs, user convenience and the ever-growing risks in the field of software development.
We achieve all this thanks to the strong expertise of Sberbank and SberTech employees, as well as the mature and fundamental SDL (Secure Development Lifecycle), which takes into account modern trends and approaches (Agile & DevOps) in the field of software development.
The team of web pentesters is engaged in the implementation of various practices, analysis of their results and the conduct of the pentest itself. The mobile pentest team is doing the same, but for mobile applications. Mobile applications the bank has a lot, this is not only Sberbank Online, there is also Business Online, corporate services and so on.
How is this infrastructure built, did you mention SDL?
We try to build the infrastructure in such a way that colleagues who are “in the context of the code” help us in parsing scan results, code reviews and writing rules for SAST (static application security testing). As part of the initiative to deliver continuous value for the client, we ensure application security by introducing Sec context into DevOps, which is being built at Sberbank and SBT, and without the involvement of teams, this is simply impossible.
The practice of involving developers through security champions has proven itself very well. Security champions are employees in development teams interested in professional development in the field of information security to improve the security of the system, reduce the risk of vulnerabilities. This is achieved by increasing the level of competence of the AS development teams in matters of information security, replicating the development practices of secure applications, and reducing the life cycle of an information security defect.
We also regularly conduct various awareness programs and trainings. Once a quarter, we hold general awareness for all comers. We have a training on immersion in secure Java development. The point is that it is the target programming language at the bank, so the focus is on it. Exactly the same targeted dives exist for Android and iOS.
Approximately how many hours of training do your developers get per year?
In the field of security, about forty hours a year.
What do you think is the role of education today? Every day something new appears, how to keep up with it?
We teach the basics and do not immediately strive to turn the audience into cybersecurity experts. At this stage, it is enough to involve them in the topic and lay down the basic knowledge. Let's say, in the context of Java, these will be the practices of secure web application development, because in this area a lot is locked on web security.
What does a specialist need to do to always "stay on the cutting edge"?
At a minimum, I recommend subscribing to thematic Telegram channels in order to stay in trend and understand your interests in the profession. Personally, I read HackerNews, Habrahabr and Hacker. You can fork something on GitHub, try it out, evaluate it, and then possibly implement it. You don't have to dive into the topic as deeply as possible, but you definitely need to constantly try something new.
Also, in my opinion, it is good practice to participate in various CTF and bug bounty programs. Some skills can be purchased in CTF, and bug bounty allows you to legally "feel" the security of interesting systems.
Of course, studying is good, but training alone, in my opinion, will not go far. After all, without practice, training is worthless, and real work is the first thing behind any real experience.
You are absolutely right. Tell us about your trainings and awareness, how does it happen?
We try to implement various activities and gamify development processes. For example, at the ZeroNights 2017 conference, we presented a CAPTCHA-CTF. It was an interesting competition, where each challenge is a captcha with a logical or programmatic error in its implementation. We invited the conference participants to find these vulnerabilities, which allow solving many captchas in a short time.
The task was simple: it was required to "solve" twenty captchas in ten seconds, without actually solving them. Participants did not have to type all this by hand, they had to, for example, implement SQL injection so that nothing would depend on the entered value. For example, in one of the tasks the captcha could be solved probabilistically - if you keep typing the answer "5", then with a probability of 25% the captcha will be passed.
What is the task of such a competition? Few people implement captchas on their own today. After all, there is a ready-made and relatively reliable reCAPTCHA (if it is correctly implemented), but you can make a mistake in implementing this mechanism. If someone nevertheless decides to implement his own captcha, then participation in such a competition will leave much less chance of vulnerabilities, since a person could see many mistakes during the competition. Moreover, these problems apply not only to captchas: there are many other mechanisms where you can make similar mistakes.
Does SberTech have centralized training, for example, programmers are trained?
All employees have opportunities to learn: external (courses and events), internal (meetups, hackathons, regular exchange of experience within teams and departments). Internal and external experts speak at meetups: for example, one of the last was devoted to quantum computing together with IBM.
For students and novice specialists, SberTech conducts free schools on mobile development for iOS and Android, Java and BPM. Based on the results of their studies, we invite the best students to work.
Let's move on to practice and your stack. Tell us what it consists of.
We try to find vulnerabilities as early as possible, so we have been using SAST (static application security testing) and DAST (dynamic application security testing) from the moment we wrote the first line of code. Based on one popular SAST product, we are building a solution that adds Security to DevOps for many automated systems developed by SberTech. We are now implementing OWASP ZAP in DevSecOps, which will enable us to develop even more secure and reliable applications.
We are also looking for known vulnerabilities in public components. For this, a utility was created that aggregates the results of other similar tools (OWASP dependency check, Retire.js), and also scans the source code, isolating the components used from it, which are then checked against public vulnerability databases (NIST, CVEdetails).
As a result of manual analysis of bugs, we have accumulated a certain set of data with expert judgment, and we trained a model (such a hype machine learning now), which determines the chance of a vulnerability to be true positive. This model helps a lot, because it deals with ranking at the very least. Let's say the OWASP dependency check has a very low false positive rate, but it gives very few results. Our utility has a higher false positive rate, but thanks to the ranking and much more results, we sometimes catch vulnerabilities that were not previously detected by other tools.
For systems, where applicable, we use fuzzing - we build a model of the intruder, a model of threats for all systems. We also conduct a code review, namely its critical sections. And of course we do penetration testing.
We do not leave developers alone with bugs, but go through with them completely life cycle bug, we advise on how to fix it, we test it after editing.
And I'll tell you a little more about the development within our department. At some point, we realized that SDL process management is impossible without Secure Apllication Lifecycle Manager. Taking into account the specific specifics of the bank (many automated systems, each of which has its own "zoo" of technologies and practices), it was obvious that you need to write something of your own.
Therefore, we have created a product in which all the processes of SDL implementation and maintenance of process continuity, data flow management (information security and related) are concentrated. It stores all the data accumulated as a result of various practices and allows you to manage them, automatically "roll" some actions for their smooth replication. It also distributes bugs to various issue trackers, provides interfaces for analyzing bugs for our tools. All this ensures the construction of the SDL and effective interaction with teams.
Sberbank is creating a new flexible platform that transforms the bank into a technology company. The bank plans to open access to elements of its platform through the API, as well as partially publish the code of its developments, Senior Managing Director, Chief IT Architect of Sberbank Sergey Ryabov said at the FinCore 2017 forum. FutureBanking provides excerpts from this talk.
Charles Darwin's saying is that it is not the strongest species that survive, nor the smartest, but the one who responds best to change. We have set the possibility of rapid change as a key goal of our technological strategy and as a basic requirement for building a new platform.
The general approach to building the platform can be summarized with three letters "R": Rationalize- rationalization and optimization of the current architecture, Rearchitect- creation of a new platform, Rethink- rethinking the scale and creating an ecosystem. We are a bank, but at the same time we look at other markets. In the strategy, we stated that we will enter new markets, such as healthcare, the car market, and now we are working in the real estate market and not only in terms of mortgages.
What are the key requirements for the construction of our new platform?
1. Customer centricity. Most of the services and a new approach to customer service require us to know the maximum about the client. This is not only what is in our core systems, it is also what is around.
2. Unified information space. This is an approach where information is available to our decision systems in real time.
3. Flexible mechanisms for configuring complex products and STP processes. We strive to move as far as possible from human participation where possible; use mechanisms such as monitoring our processes and automatic fault management.
4. A very important block is the open API. Accordingly, APIs permeate all components of the platform. We open external API for our partners and contractors.
5. Machine learning mechanism. We try to build it into our platform components, and gradually build it into our decision making system.
6. Maximum reliability 24x7. We are a huge backbone bank, reliability is our everything. Therefore, we spend a lot of effort to ensure that the information system is as reliable as possible.
7. Horizontal scaling on low-end equipment. Our current information systems are stable, powerful, and large, but we operate at large high-end ones. Many vendors have already curtailed some of their product lines focused on the maximum high-end, moving to the mid range, to other architectures. We are also trying to get away from this, to reduce the cost of ownership.
8. Use of open source technologies. Yes, we are a large bank, we have our own groundwork, we know how to work with traditional architectures, but we began to gradually switch to open source.
9. Storage and processing of data in memory. We had a lot of discussions about whether to use this technology or not. On the one hand, these are great risks, on the other, the greatest opportunities for the speed of data processing. At the last Gartner Symposium conference in Barcelona, discussions were held with architects and leading analysts on how to build information systems, what are the opportunities and limitations.
What is a platform, how we represent it
First, we built the core of the platform and some of the key services that we refer to as the business hub (decision-making system, unified customer profile, product catalog). But now we are moving in several directions, including because we are big, it is much more difficult for us to swing.
The platform consists of several architectural layers. Below is the technology core.
From "Lego blocks" you can collect some of the other layers. These are actually reusable components,
which are used at other levels.
The heart of the new platform is the business hub. These are such blocks as the Unified Client Profile,
product catalog, decision-making system. These are the new solutions that we are building now,
which enable flexible customization of processes and products.
Above we have a Unified Frontal System. It is important to provide an omnichannel experience for our customers.
The big block is food factories. This includes loans, deposits, and other traditional products. But at the same time, we are making new complex products, for example, a combination of insurance and loan products.
Any businesses can be created on the platform components
Our goal is to make the platform flexible and customizable so that we can embed new components there. We have already talked about API and componentization, a service approach at all levels of the platform. It is very important. The platform provides the ability to integrate and customize at all levels.
What are the key technologies we use
Here are just a few of them:
1. Storage and processing of data in memory. We cooperate with the GridGain company, we are going through a rather difficult path, because the other side of the speed of work is the reliability of the system. Some of the elements that are missing in this product, we actually implement from scratch. It is difficult, the terms are shifting somewhere, but we are going down this path, because the effect is great scalability.
2. Horizontal scaling on low-end servers. Our entire assembly is x86 machines.
3. Open source. It hurt enough, too. We started to switch to open source several years ago, to learn. In the integration layer, we use solutions such as Kafka, ZeroMQ. We use the open-source Activiti solution as a BPM solution. We use WildFly as our application server.
If you talk to large companies, then most of them publish all their decisions. For example, we studied the experience of Alibaba. Our strategy also includes this. But this requires a certain maturity of ours as an organization. We are now at the beginning of the road, but we will definitely publish, because it will give completely different opportunities.
I spoke about the decision-making system - the core and heart of our platform. This part is painful to open from the very beginning. We're going to open the parts, starting with the non-mission critical components. Our task is to be able to open the code of a certain component so that the community can modify it. We now have a rather cautious approach.
What is a Unified Frontal System, how do we build it
The main requirement is the implementation of omnichannel frontal scripts. The complexity here is less technical, more organizational. I am sure that in many banks the structure of the organization is such that one person is responsible for remote channels, another person is responsible for branches and branches, and a third person is responsible for the call center and the network. And, of course, when we talk about the omnichannel scenario of customer service, then it should be used as much as possible in all channels. To ensure this, it is important to agree at the level of all responsible persons.
We have a wide range of tools. We are actively using React technology now. There is also Angular. These are two alternatives. We settled on React.
The integration layer creates an isolation of the front system from the back office and our other information systems... The main challenge is to ensure that customer service across channels is consistent. This is our targeted approach. We started the program two years ago, now we are entering the replication phase. There is functionality for offices and a contact center. The next year will be quite actively devoted to remote channels.
Business hub
Historically, each client of Sberbank lived in its own automated
banking system... Now we are moving away from this approach, we are moving as much as possible to online
client profile, to the master system.
Other important components of a business hub are the product catalog; decision making system;
execution of end-to-end processes; and an integration layer built on Kafka and ZeroMQ.
Accounting services are separated using the accounting engine paradigm, that is, grocery accounting
separated from accounting.
Data factory
This is a new strategic program. We made a big bet on Hadoop and related technologies. There are certain limitations, but we are trying to overcome them. We use classic solutions. We also implement solutions from Teradata.
What is important for the platform is that we must learn to push data efficiently enough from the level of food factories to the analytical level in order to do very complex analytics that we cannot do online.
Working with the team
A large vector of changes in the bank is associated with building close cooperation between business and IT within the framework of Agile implementation. We call it Sberjile. On the one hand, we hear each other, on the other, this approach introduces more heterogeneity, because the teams run in parallel, they need to be synchronized somehow. V in this case architectural control is very important. But without a shared focus on building a new platform, we're not going anywhere. Having taken a new goal, we must correspond to it.
The platform is the basis for building an ecosystem
A big direction in our strategy is related to the development of ecosystems. These are the services of our subsidiaries and our partners that we need to develop. The general idea is to give a quick start to those sites that will be included in the Sberbank ecosystem.
A quick start can be given, among other things, by the core of the platform, because some of the elements can be reused. We are talking about such services as identification, data exchange, API. These are the blocks that everyone will need. On the other hand, if it is a new business, then the elements of the platform will help to create a solution faster.
I would like to end with a quote from Mahatma Gandhi that "the future depends on what you do today." So let's do it. We are going this way.