When Deutsche Börse embarked on its cloud journey in 2016, it approached the migration as a way to create growth and business innovation, rather than as merely an IT enhancement. Chief information officer and chief operating officer Christoph Böhm first spoke to McKinsey about that journey in early 2020. In this follow-up interview, Böhm goes into greater detail about various aspects of the company’s ongoing migration, such as how it created a migration pipeline, made organizational changes, and measured success. Speaking with McKinsey’s Harald Kube and James Kaplan, Böhm also explains why migrating to the cloud was the next logical step in enabling innovation and growth. What follows is an edited version of their conversation.
Focusing on the business benefits of cloud
McKinsey: What was the starting point and core motivation behind your cloud journey?
Christoph Böhm: We believe that time to market and scaling technical services are crucial factors for our growth and innovation strategies. Many recent technologies, such as blockchain, big data, machine learning, and artificial intelligence, can only exist in a meaningful way on a public cloud.
We realized that a cloud ecosystem offering these services on demand and at scale was strategically important to us and provided far more than efficiency gains through elasticity. To maximize those benefits, we’ve partnered with innovative hyperscaling market leaders that offer a wide range of services in full compliance with local regulations.
Retiring legacy systems
McKinsey: What was the state of Deutsche Börse’s IT environment before the cloud journey began?
Christoph Böhm: We had several hundred business IT applications on a diverse technology stack, ranging from microservices and Kubernetes-based applications to legacy systems running on the mainframe. We benchmarked them against risk and business value to clearly understand the need for change. It became clear that our corporate IT needed a revamp, and end-of-life-cycle workplaces, a largely customized back-end enterprise resource planning (ERP) system, and workflows running on older systems like Lotus Notes were flags for a full rehaul.
The importance of transformational tone from the top
McKinsey: Can you elaborate on leadership’s support throughout the journey?
Christoph Böhm: A transformational journey like ours ideally starts with the right tone from the top. That’s why we’ve been very transparent and clear on the target, economics, and key milestones ahead of us. This was instrumental in helping our core management team to quickly grasp the opportunity and fully understand the importance of the journey—not only regarding new ways to operate IT but also with respect to opportunities on the business side.
We identified dedicated leadership support at the team level as one of the big transformational success factors. To no one’s surprise, we found that engineers and technicians like facts and figures, so we launched a “do the right things” campaign to measure user satisfaction for all IT services and to maintain positive momentum.
Creating a Cloud Center of Excellence
McKinsey: How was the cloud program positioned within the organization, and how was the program funded?
Christoph Böhm: At Deutsche Börse, cloud is a key part of our Compass 2023 growth strategy. All the new technologies that we are exploring and fostering, such as machine learning, big data, automation, and distributed ledger technology (DLT), are business focused and delivered by integrated business and IT teams.
To highlight this importance, we created a Cloud Center of Excellence, which onboards strategic cloud service providers (CSPs) and also helps to enable our cloud journey and the cultural change—such as new ways of working and finding the talent we need—that necessarily comes with it.
Our business cases are centrally funded and managed by this Cloud Center of Excellence. We also established a new chief technology officer (CTO) function that supervises the Center of Excellence and focuses on automation and big data, as well as enterprise architecture and group data—all tightly aligned with the technology strategy.
We support our Cloud Center of Excellence with a mix of internal and external resources and are constantly hiring new talent. Furthermore, our IT structure is well integrated into our business product organization and built for agile development and business-focused cloud transformations.
Choosing cloud partners by business area
McKinsey: What factors were most important in helping you decide on CSPs?
Christoph Böhm: We decided after careful evaluation, as we pursue a multicloud strategy. Due to our rich portfolio, we wanted the ability to have the best of all worlds, so we decided to work with a set of market leaders based on a broad catalog of criteria such as capabilities, reliability, and financials.
We developed a dedicated process to determine the best strategic fit and initial positioning for each business area. Based on this process, we defined strategic cloud partners for each of our business areas, with all corporate IT cloud services provided by two CSPs.
Creating a risk-based migration pipeline
McKinsey: Can you talk about the rollout of the cloud program? Were specific use cases prioritized?
Christoph Böhm: On the workload side, we started our cloud journey with development and test activities and less critical workloads, followed by the first business-critical workloads early in 2021. We analyzed our application landscape and cloud readiness to create a cloud-migration path, using a systematic three-step approach to sequence our rollout (exhibit).
For example, after the assessment of the information-security and data-protection risks, system development and testing were rated low risk. They also received a favorable rating regarding their cloud fit, as these workloads benefit from elasticity and shortened development cycles from on-demand services. So development and testing workloads were put into our first priority bucket when creating the cloud-migration pipeline.
We also invested massively in cloud training for the DevOps teams to ensure that we would benefit from agility at an early stage in the journey. Currently, around 30 percent of our total compute capacity is cloud based, with multiple workloads, including several critical applications, running in the public cloud.
Improvements in developer productivity
McKinsey: Since you brought developers into the cloud journey early on, have you seen any benefits in developer productivity postcloud?
Christoph Böhm: First, we established a single DevOps stack as a groupwide standard, allowing for automation via a control plane and for native container support out of the box, based on OpenShift. This had a hugely positive impact and helped to simplify and automate the software-delivery process.
We also centralized our source-code libraries on GitHub, which further supported our DevOps approach. The early phase of the COVID-19 pandemic demonstrated the power of the DevOps model, as productivity wasn’t impacted at all when we flipped into fully decentralized operations.
Another core benefit of workloads in the cloud is the time to market. We can scale out and deploy services and systems in minutes, rather than days and weeks. Scale also lets us react more or less instantly to changing demands, such as peak volumes in business simulations of portfolio services, allowing us to massively ramp up capacity on demand.
Integrating security into the journey from day one
McKinsey: As security is an ongoing concern, how did the cloud IT team engage with cybersecurity and privacy functions?
Christoph Böhm: Our information-security and data-protection teams, as well as other second lines of defense, such as IT risk, have all been part of the journey from day one. The security requirements have been integrated into the work process by design, not as an afterthought. We put special focus on information security and data protection during the development of our cloud-adoption model.
Furthermore, our information-security and data-protection teams joined the contract negotiations with our partners to make sure all our requirements were fully met. And lastly, we have weekly update meetings that include the control function in a business-as-usual mode.
Financial, technical, and regulatory hurdles
McKinsey: How did you overcome challenges during this journey?
Christoph Böhm: In terms of challenges, positive ROI and ambitious payback times in business cases become difficult when the cloud transformation is broken down into small silos. It can even lead to step cost increases on the legacy side when you can’t scale down after migrating small parts of the infrastructure. That’s why business cases work best when migrating larger parts of the system and decommissioning entire rows of infrastructure in a data center.
But it’s not only about making sure to capture efficiency potential and improved time to market; it’s also about exploring business propositions by embarking on an enhanced set of technical capabilities and functionalities. We addressed this important element with all relevant stakeholders in several ways, such as joint workshops to identify opportunities systematically.
On top of that, a modern infrastructure also presents new challenges from a regulatory perspective. Achieving regulatory compliance took longer than expected on topics such as audit rights. We initiated a collaborative cloud audit group in 2017 to comply with these regulatory requirements, and we brought in other financial services players to streamline compliance with this requirement when working with CSPs and to learn from the early delays.
Maintaining budgetary transparency and measuring performance
McKinsey: Cloud economics and governance has become a widely discussed topic as public-cloud spending rapidly increases. What measures have you put in place, and how have they evolved over time?
Christoph Böhm: Each division has its own cloud-usage budget. FinOps (financial operations) techniques help us to ensure full transparency—at all times and across all services, CSPs, and users—about the costs for each department across all clouds with a single click. We’ve also implemented a consistent charge-back system.
In addition, we established key performance indicators (KPIs) for our cloud adoption. These include the number of new cloud-based services, time-to-market improvements, cloud readiness for low-latency workloads, high-performance computing, user-survey improvements, service maturity, and operating-expense improvements.
For instance, on agility and service levels, we’ve experienced an 80 percent reduction in development and testing deployment time, and a 95 percent reduction in customer-ticket support time.
We attribute these numbers to the implementation of software as a service (SaaS) solutions in our customer-care sales and services processes. The resulting service improvements boosted user acceptance enormously, along with high security and compliance standards, supported by the cloud-governance framework.
Get on the cloud, now
McKinsey: Any advice for peers going through their own cloud transformation journey?
Christoph Böhm: First, cloud adoption is happening now, and it is accelerating. You must have the ability to implement a cloud strategy, and to do it well. This includes being very clear on your partner setup, since it involves a strategic ecosystem for innovation and growth.
Second, don’t forget to critically review your cloud road map and execution capability continuously. Lastly, always focus on your defense. Cybersecurity becomes even more important when opening up to more external services and service providers.