The cloud as a strategic

ecosystem for innovation

and growth
In this interview, Deutsche Börse’s chief information officer and chief
operating officer explains how the company’s ongoing cloud journey is
defining its digital transformation.

June 2022
 When Deutsche Börse embarked on its cloud
journey in 2016, it approached the migration as
a way to create growth and business innovation,
rather than as merely an IT enhancement. Chief
information officer and chief operating officer
Christoph Böhm first spoke to McKinsey about
that journey in early 2020. In this follow-up
interview, Böhm goes into greater detail about
various aspects of the company’s ongoing
migration, such as how it created a migration
pipeline, made organizational changes, and
measured success. Speaking with McKinsey’s
Harald Kube and James Kaplan, Böhm also
explains why migrating to the cloud was the
next logical step in enabling innovation and
growth. What follows is an edited version of
their conversation.
Focusing on the business benefits
of cloud
McKinsey: What was the starting point and
core motivation behind your cloud journey?
Christoph Böhm: We believe that time to
market and scaling technical services are
crucial factors for our growth and innovation
strategies. Many recent technologies, such
as blockchain, big data, machine learning,
and artificial intelligence, can only exist in a
meaningful way on a public cloud.
We realized that a cloud ecosystem offering
these services on demand and at scale was
strategically important to us and provided far
more than efficiency gains through elasticity.
To maximize those benefits, we’ve partnered
with innovative hyperscaling market leaders
that offer a wide range of services in full
compliance with local regulations.
Retiring legacy systems
McKinsey: What was the state of Deutsche
Börse’s IT environment before the cloud
journey began?
Christoph Böhm: We had several hundred
business IT applications on a diverse
2 The cloud as a strategic ecosystem for innovation and growth
technology stack, ranging from microservices
and Kubernetes-based applications to legacy
systems running on the mainframe. We
benchmarked them against risk and business
value to clearly understand the need for
change. It became clear that our corporate
IT needed a revamp, and end-of-life-cycle
workplaces, a largely customized back-end
enterprise resource planning (ERP) system,
and workflows running on older systems like
Lotus Notes were flags for a full rehaul.
The importance of transformational
tone from the top
McKinsey: Can you elaborate on leadership’s
support throughout the journey?
Christoph Böhm: A transformational journey
like ours ideally starts with the right tone
from the top. That’s why we’ve been very
transparent and clear on the target, economics,
and key milestones ahead of us. This was
instrumental in helping our core management
team to quickly grasp the opportunity and fully
understand the importance of the journey—not
only regarding new ways to operate IT but also
with respect to opportunities on the business
side.
We identified dedicated leadership
support at the team level as one of the big
transformational success factors. To no
one’s surprise, we found that engineers and
technicians like facts and figures, so we
launched a “do the right things” campaign to
measure user satisfaction for all IT services
and to maintain positive momentum.
Creating a Cloud Center of
Excellence
McKinsey: How was the cloud program
positioned within the organization, and how
was the program funded?
Christoph Böhm: At Deutsche Börse, cloud
is a key part of our Compass 2023 growth
strategy. All the new technologies that we
are exploring and fostering, such as machine
learning, big data, automation, and distributed
ledger technology (DLT), are business focused
and delivered by integrated business and IT
teams.
To highlight this importance, we created a Cloud
Center of Excellence, which onboards strategic
cloud service providers (CSPs) and also helps
to enable our cloud journey and the cultural
change—such as new ways of working and
finding the talent we need—that necessarily
comes with it.
Our business cases are centrally funded and
managed by this Cloud Center of Excellence.
We also established a new chief technology
officer (CTO) function that supervises the Center
of Excellence and focuses on automation and
big data, as well as enterprise architecture
and group data—all tightly aligned with the
technology strategy.
We support our Cloud Center of Excellence with
a mix of internal and external resources and
are constantly hiring new talent. Furthermore,
our IT structure is well integrated into our
business product organization and built for
agile development and business-focused cloud
transformations.
Choosing cloud partners by business
area
McKinsey: What factors were most important in
helping you decide on CSPs?
Christoph Böhm: We decided after careful
evaluation, as we pursue a multicloud strategy.
Due to our rich portfolio, we wanted the ability
to have the best of all worlds, so we decided to
work with a set of market leaders based on a
broad catalog of criteria such as capabilities,
reliability, and financials.
We developed a dedicated process to determine
the best strategic fit and initial positioning for
each business area. Based on this process, we
defined strategic cloud partners for each of our
The cloud as a strategic ecosystem for innovation and growth
business areas, with all corporate IT cloud
services provided by two CSPs.
Creating a risk-based migration
pipeline
McKinsey: Can you talk about the rollout of
the cloud program? Were specific use cases
prioritized?
Christoph Böhm: On the workload side, we
started our cloud journey with development
and test activities and less critical workloads,
followed by the first business-critical
workloads early in 2021. We analyzed our
application landscape and cloud readiness
to create a cloud-migration path, using a
systematic three-step approach to sequence
our rollout (exhibit).
For example, after the assessment of the
information-security and data-protection risks,
system development and testing were rated
low risk. They also received a favorable rating
regarding their cloud fit, as these workloads
benefit from elasticity and shortened
development cycles from on-demand services.
So development and testing workloads were
put into our first priority bucket when creating
the cloud-migration pipeline.
We also invested massively in cloud training
for the DevOps teams to ensure that we would
benefit from agility at an early stage in the
journey. Currently, around 30 percent of our
total compute capacity is cloud based, with
multiple workloads, including several critical
applications, running in the public cloud.
Improvements in developer
productivity
McKinsey: Since you brought developers into
the cloud journey early on, have you seen any
benefits in developer productivity postcloud?
Christoph Böhm: First, we established a
single DevOps stack as a groupwide standard,
3
 Exhibit
An optimal cloud-migration sequence considers risk level and cloud fit.

1) Risk level 2) Cloud fit 3) Sequence

Assess risks related to information Determine cloud fit considering Combine the results from steps 1
security and the protection of per- business requirements and ease of and 2 in a consolidated view, and
sonal data migration to the cloud determine an optimal sequence for
the cloud migration

C D F
Information- Business
security B requirements E Fit level E 1st 2ⁿd 3rd
criticality suitability
A F D

A B C
Data-protection Ease of
classification migration Risk level

allowing for automation via a control plane and for
native container support out of the box, based on
OpenShift. This had a hugely positive impact and
helped to simplify and automate the software-
delivery process.
We also centralized our source-code libraries
on GitHub, which further supported our DevOps
approach. The early phase of the COVID-19
pandemic demonstrated the power of the DevOps
model, as productivity wasn’t impacted at all when
we flipped into fully decentralized operations.
Another core benefit of workloads in the cloud is
the time to market. We can scale out and deploy
services and systems in minutes, rather than
days and weeks. Scale also lets us react more
or less instantly to changing demands, such as
peak volumes in business simulations of portfolio
services, allowing us to massively ramp up
capacity on demand.
Christoph Böhm: Our information-security
and data-protection teams, as well as other
second lines of defense, such as IT risk,
have all been part of the journey from day
one. The security requirements have been
integrated into the work process by design,
not as an afterthought. We put special focus
on information security and data protection
during the development of our cloud-adoption
model.
Furthermore, our information-security and
data-protection teams joined the contract
negotiations with our partners to make sure all
our requirements were fully met. And lastly, we
have weekly update meetings that include the
control function in a business-as-usual mode.
Financial, technical, and regulatory
hurdles

McKinsey: How did you overcome challenges

Integrating security into the journey
from day one
McKinsey: As security is an ongoing concern,
how did the cloud IT team engage with
cybersecurity and privacy functions?
during this journey?
Christoph Böhm: In terms of challenges,
positive ROI and ambitious payback times in
business cases become difficult when the
cloud transformation is broken down into small

4 The cloud as a strategic ecosystem for innovation and growth

silos. It can even lead to step cost increases on
the legacy side when you can’t scale down after
migrating small parts of the infrastructure. That’s
why business cases work best when migrating
larger parts of the system and decommissioning
entire rows of infrastructure in a data center.
But it’s not only about making sure to capture
efficiency potential and improved time to market;
it’s also about exploring business propositions
by embarking on an enhanced set of technical
capabilities and functionalities. We addressed this
important element with all relevant stakeholders
in several ways, such as joint workshops to identify
opportunities systematically.
On top of that, a modern infrastructure also
presents new challenges from a regulatory
perspective. Achieving regulatory compliance took
longer than expected on topics such as audit rights.
We initiated a collaborative cloud audit group in
2017 to comply with these regulatory requirements,
and we brought in other financial services players
to streamline compliance with this requirement
when working with CSPs and to learn from the
early delays.
Maintaining budgetary transparency
and measuring performance
McKinsey: Cloud economics and governance has
become a widely discussed topic as public-cloud
spending rapidly increases. What measures have
you put in place, and how have they evolved over
time?
Christoph Böhm: Each division has its own
cloud-usage budget. FinOps (financial operations)
techniques help us to ensure full transparency—at
all times and across all services, CSPs, and users—
about the costs for each department across all
clouds with a single click. We’ve also implemented
a consistent charge-back system.
Christoph Böhm is chief information officer and chief operating officer at Deutsche Börse. James Kaplan is a partner in
McKinsey’s New York office, and Harald Kube is a partner in the Frankfurt office.
Copyright © 2022 McKinsey & Company. All rights reserved.
The cloud as a strategic ecosystem for innovation and growth
In addition, we established key performance
indicators (KPIs) for our cloud adoption. These
include the number of new cloud-based
services, time-to-market improvements,
cloud readiness for low-latency workloads,
high-performance computing, user-survey
improvements, service maturity, and
operating-expense improvements.
For instance, on agility and service levels,
we’ve experienced an 80 percent reduction
in development and testing deployment time,
and a 95 percent reduction in customer-ticket
support time.
We attribute these numbers to the
implementation of software as a service
(SaaS) solutions in our customer-care sales
and services processes. The resulting service
improvements boosted user acceptance
enormously, along with high security and
compliance standards, supported by the
cloud-governance framework.
Get on the cloud, now
McKinsey: Any advice for peers going through
their own cloud transformation journey?
Christoph Böhm: First, cloud adoption is
happening now, and it is accelerating. You
must have the ability to implement a cloud
strategy, and to do it well. This includes being
very clear on your partner setup, since it
involves a strategic ecosystem for innovation
and growth.
Second, don’t forget to critically review your
cloud road map and execution capability
continuously. Lastly, always focus on your
defense. Cybersecurity becomes even more
important when opening up to more external
services and service providers.
5