Why is Ubuntu Linux the leading choice to replace CentOS for financial services?
Kris Sharma
on 17 October 2024
Tags: centos , developers , financial-services , Finserv , HPC , Open source , OpenStack , Security , Support , Ubuntu
Financial services are powered by technology. The customer experience is increasingly driven by data, with tailoring of products and services to reflect individual behaviors and preferences. All of this rests on a foundation of secure, stable technology that can support agility and flexibility to adapt to customer needs, whilst at the same time remaining compliant.
Financial services organizations using CentOS as their foundation for innovation watched as CentOS 8 retired in 2021, followed by CentOS 7 in June 2024. However, a recent study revealed that nearly a quarter of organizations across industries are still using CentOS.
Sound familiar? It’s no secret that financial institutions are amongst the most cautious when making major technological changes. This makes sense given the sensitivity of their work. In fact, despite the transition to the cloud being well established, 60% of financial institutions report that their legacy tech stack is too costly and inadequate. As with all legacy systems, the now unsupported CentOS will begin to show its age. As a result, the burden of maintenance upon your developers to keep it running will only grow.
In this blog, we’ll run through the benefits Ubuntu offers as an alternative to CentOS, in the context of financial services.
Ubuntu offers a smooth migration experience
When it comes to change management, it’s often the journey (and not the destination) that makes people nervous. Financial institutions are well aware that there are better options out there than their legacy tech. The problem is that many see the cost of implementing these options as not worth the risk. In the same vein, it’s understandable that when dealing with services that operate 24/7, to service customers globally, the concept of moving from a Fedora-based system to a Debian-based system may raise some eyebrows.
The silver-lining to switching from CentOS after EoL is that you can learn from other enterprises who have already made the change. The changes needed to switch from CentOS to Ubuntu are extremely well-documented. Canonical, the publisher of Ubuntu, has published a step-by-step guide for system administrators and enterprises looking to switch to Ubuntu. This guidance is based on the real experiences of our customers. Additionally, customers who have already made the switch, including Pentera and New Mexico State University, have shared their stories of how Canonical’s enterprise-grade support made their transitions to Ubuntu seamless.
It’s worth noting that the Ubuntu community has assisted many migrations from Fedora-based systems over the years. The chances are that any questions you have about packages, dependencies or issues have already been answered.
Whilst no migration is guaranteed to be without bumps in the road, Ubuntu’s wide support base works hard to make it accessible to users from all backgrounds, whichever system they are migrating from.
A stable landing zone
We’ve talked about the journey – now let’s examine the destination. One of the original attractions of CentOS was its stability. Its point release system provided a stable base which financial institutions valued, given that updates would not bring unexpected changes. With all the work that goes into a migration, it’s important that your chosen solution does not require a burdensome level of continual maintenance.
The good news is that Ubuntu follows a regular release cadence. Long-term support editions are released every 2 years, with standard support for 5 years in every instance. This support cadence extends to anywhere you are using Ubuntu in your stack. From bare-metal and workstations to Kubernetes Clusters and edge devices.
With an Ubuntu Pro subscription, you can extend long-term support for up to 12 years, through enterprise-grade support that offers you full maintenance patching for over 30,000 open source packages. This frees your developers to spend more time on activities that drive business value, and less on upkeep and compliance.
Security and compliance is in Ubuntu’s DNA
There’s no skirting around the fact that security is one of the biggest factors preventing financial institutions from catching up with other industries in terms of technologies. This is with good reason: breaches harm customers, damage reputations and result in punitive measures.
However, this is equally true of outdated technology. The risk of an attack increases by 47% once software reaches end of life. Once you factor in that 59% of cybersecurity professionals at large report feeling burnt out and that the sensitivity of the data at stake in financial institutions is higher than other industries, financial institutions begin to look like fertile ground for a security incident.
Ubuntu releases have security baked into them by default, through pre-configurations that minimize attack surface and keep protection up to date:
- Minimized attack surface
- Read-only data sections
- No open ports
- Password hashing
- Disable legacy TLS
- Auto-enablements that keep protection up to date
- Automated patching
- AppArmor (a security module that restricts permissions)
This provides a solid foundation which developers can build upon in order to meet strict compliance requirements.
Given the importance of controls and policies that govern access permissions in compliance frameworks, it’s important your OS empowers security teams to make changes dynamically. Ubuntu, like CentOS, makes use of industry recognized open source standards for identity management. Ubuntu supports advanced identity management features that conform to OpenID Connect authentication protocols, making identity management on Ubuntu interoperable with your wider ecosystem. You can choose to use Ubuntu’s Authd, an authentication daemon that integrates cloud-based identity providers. Alternatively, you can integrate with Microsoft Entra ID (formerly known as Azure Active Directory). However you choose to implement your identity management protocols, Ubuntu provides the enterprise-grade tools for the job.
In addition, with an Ubuntu Pro subscription, your developers can access automated hardening tools for compliance frameworks. This includes ISO 27001, PCI-DSS, FIPS-140 and the Cyber Resilience Act. As financial institutions provide services to a range of other regulated industries, choosing Ubuntu is a sign of commitment to the most rigorous security standards.
Interoperability for cloud computing
Whilst assessing alternatives to CentOS, compatibility will be high on your list of considerations. As organizations continue to shift towards cloud computing for workload deployment, data management and machine learning, it’s important to ensure a layer of interoperability amongst these systems. Whilst traditionally, financial institutions have relied on on-premise infrastructure (also known as “private clouds”), organizations are increasingly adopting hybrid-cloud approaches. This approach allows greater scalability and flexibility in workload deployment.
Open source systems, like CentOS and Ubuntu, are able to provide interoperability between public and private clouds. This is because they are both open source systems and not tied to any specific vendor. However, Ubuntu brings considerable advantages over other OSes in this regard. Through Ubuntu Server, financial organizations can deploy workloads at scale across both public and private clouds, be they OpenStack clouds, Kubernetes clusters or databases. With a single OS, you can harmonize your approach across your cloud stack.
Additionally, Ubuntu is the #1 guest OS on public clouds. There are certified Ubuntu images available for AWS, Azure, Google Cloud, Oracle and IBM Cloud. As public cloud vendors become more attuned to compliance requirements and attempt to capture more regulated markets, the importance of public clouds as part of a hybrid-cloud strategy will continue to grow.
Artificial intelligence at scale
With the importance of AI in finance continuing to grow, the ability to harness customer data to provide a truly tailored experience, as well as to spot potential fraud or predict surges in demand (to name just a few applications), financial services institutions are integrating machine learning models into their tech stacks.
This ties in to cloud computing, given the importance of clouds when deploying AI workloads. Kubernetes is the orchestration platform that is most widely used for deploying AI workloads, with it projected to reach 90% enterprise adoption by 2027. Given that AI is one of the fastest evolving enterprise technologies, continuing to use an OS that has reached end of life will limit your opportunities, as incompatibilities and lack of maintenance are likely to cause model failure.
By contrast, Ubuntu is the reference platform for Kubernetes, meaning that Kubernetes is built on Ubuntu. By choosing Ubuntu as your OS, you’re empowering your developers to run your AI/ML lifecycle on a single, integrated stack. This enables you to maximize your resources, avoid wastage and most importantly, simplify operations for your developers.
Learn more about Ubuntu for financial services
Since CentOS reached end of life, financial institutions will need to make decisions about how to deploy their resources. Do they choose to invest considerable time and effort in keeping a legacy system running? Or is it time to switch to a new system that empowers them to face future challenges with future-facing technology?
To discuss a change to Ubuntu, click the link below to share your information and begin a discussion.
Talk to us today
Interested in running Ubuntu in your organisation?
Newsletter signup
Related posts
6 facts for CentOS users who are holding on
Considering migrating to Ubuntu from other Linux platforms, such as CentOS? Find six useful facts to get started!
Join Canonical in London at Dell Technologies Forum
Canonical is excited to be partnering with Dell Technologies at the upcoming Dell Technologies Forum – London, taking place on 26th November. This prestigious...
Needrestart local privilege escalation vulnerability fixes available
Qualys discovered vulnerabilities which allow a local attacker to gain root privileges in the needrestart package (CVE-2024-48990, CVE-2024-48991,...