achieving agility with control in financial services
TRANSCRIPT
Achieving agility with control in
Financial Services
Richard Ainley – AWS Solutions Architect
Who is using AWS?
Capital MarketsAsset Managers
Broker-Dealers
Clearing Agencies
Exchange/Market Centers
Financial Planners
Investment Advisors
Investment Banks
Investment Managers
Prime Brokerage
Private Equity/Venture Capital
Proprietary Trading
Regulatory Agencies
REITs
Universal Banks
Venture Capital
Wealth Management
Commercial Banking/PaymentsBanking Services
Bitcoin
Card Services
Check Processing
Collections
Commercial Banks
Consumer Credit
Core Banking Platforms
Credit Agencies
Credit Unions
Lending
Loan Servicing
Micro Finance
Mobile Payments
Payment Services
Payments Platforms
Retail Banks
Industry Service ProvidersAnalytics Platforms
Anti-Money Laundering
ATM Networks
Capital Markets InfrastructureData Management Solutions
Financial Information
Lending Technology
Market Data
Risk Management/ComplianceTrading Technology
InsuranceInsurance Collections
Life Insurance
Property & Casual
Reinsurance
Trusted by FSI Across All Market Segments
Startup Customers
Meerkat
Enterprise Customers
Why FS customers choose AWS
Trade CapEx for OpEx Low ongoing cost Global Reach
S
Focus on Security & Enabling Compliance
AWS provides the same, familiar approaches to security and compliance that companies
have been using for decades – with increased visibility, control, and auditability.
Visibility
View your entire infrastructure with one
click
Deep insight with
AWS CloudTrail
Control
You have sole authority on where
data is stored
Shared responsibility
model
Auditability
3rd party validation – certifications for workloads that matter
“Based on our experience, I believe that we
can be even more secure in the AWS cloud
than in our own data centers.”
Tom Soderstrom, CTO, NASA JPL
The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.
The Forrester Wave™: Public Cloud Platform Service Providers' Security, Q4 2014
Trade CapEx for OpEx
No need to guess
capacity
Trade CapEx for OpEx Low ongoing cost Global Reach
S
?
St. James’s Place
• FCA Regulated
• FTSE 100
• 85% of Apps on AWS
• Double capacity in peak tax season
• Greater availability and reliability
E.g. Planning for Peak Tax Season Traffic
January
Provisioned capacity
January
E.g. Planning for Peak Tax Season Traffic
76%
24%
Provisioned capacity
January
E.g. Planning for Peak Tax Season Traffic
E.g. Planning for Peak Tax Season Traffic
NovemberJanuary
Focus on business
Trade CapEx for OpEx
No need to guess
capacity
Trade CapEx for OpEx Low ongoing cost Global Reach
S
?
TECHNICAL &
BUSINESS
SUPPORT
Account Management
Support
Prof essional Serv ices
Solutions Architects
Training & Certification
Security & Pricing
Reports
Partner Ecosystem
AWS
MARKETPLACE
Backup
Big Data& HPC
Business Apps
Databases
Dev elopment
IndustrySolutions
Security
MANAGEMEN T
TOOLS
Queuing
Notifications
Search
Orchestration
ENTERPRISE
APPS
VirtualDesktops
StorageGateway
Sharing &Collaboration
Email &Calendaring
Directories
HYBRID CLOUD
MANAGEMEN T
Backups
Deployment
DirectConnect
IdentityFederation
IntegratedManagement
SECURITY &
MANAGEMEN T
Virtual PrivateNetworks
Identity &Access
Encry ptionKey s
Conf iguration Monitoring Dedicated
INFRASTRUCTURE
SERVICES
RegionsAv ailabilityZones
Compute StorageDatabasesSQL, NoSQL, Caching
CDNNetworking
PLATFORM
SERVICES
App
Mobile & Web
Front-end
Functions
Identity
Data Store
Real-time
Development
Containers
SourceCode
BuildTools
Deployment
Dev Ops
Mobile
Sy nc
Identity
PushNotifications
MobileAnaly tics
MobileBackend
Analytics
DataWarehousing
Hadoop
Streaming
DataPipelines
MachineLearning
Deploy
http://aws.amazon.com/resources/analyst-reports/
Benchmarking Availability and Reliability in the Cloud:
“Analysts found customers were able to reduce
unplanned downtime by 32 percent and reduce planned
downtime by 29 percent.”
RSA CIO cuts 75%
costs
+
Improves agility and
reliability
http://www.cio.co.uk/news/cloud-computing/rsa-cio-cuts-75-from-costs-with-aws-3601262/
Speed and Agility
Speed, agility and
innovation
Focus on business
Trade CapEx for OpEx
No need to guess
capacity
Trade CapEx for OpEx Low ongoing cost Global Reach
S
?
Speed and agility
Infrastructure in minutes not weeks
Number of Instances 1,000
Instance Type M3 Extra Large
Availability Zone US-West-2b
Launch
aws. am azon.com/management console
AWS:
Infrastructure in MinutesOld World:
Infrastructure in Weeks
Add New Dev Environment
Add New Prod Environment
Add New Environment in Japan
Add 1,000 Servers
Remove 1,000 Servers
Deploy 1 PB Data Warehouse
Shut down 1 PB Data Warehouse
Speed and agility
Infrastructure in minutes not weeks
Evolving our network
topology, scaling across the globe, and deploying new
services are never more than
a few actions away
By using AWS, Simple can
automate processes that once took months
Our main corporate database
system is now recoverable in under an hour, where
previously it used to take us
around 48 hours to recover from tape backup
On-Premises
Experiment Infrequently
Failure is expensive
Less Innovation
Experiment Often
Fail quickly at a low cost
More Innovation
$ Millions
Nearly $0
Speed and agility
A culture of innovation
Why is agility important to FS?
US Health
Insurance
Credit
Bureaus
“Technology is transforming banking and innovation is
one of Deutsche Bank’s core values. These labs will act
as a bridge between start-ups and different parts of the
Bank, enabling it to apply innovative technology to
enhance service to clients and internal processes.”
Henry Ritchotte
Chief Operating Officer and Chief Digital Officer of Deutsche Bank
https://www.db.com/medien/en/content/5060_5196.htm
Why is agility important to FS?
Adopt a different perspective
“Our busiest branch in 2014 is the 7:01 from Reading to Paddington - over 167,000 of our customers use our Mobile Banking app between 7am and 8am on their commute to work every day. Over 2.1 million customers use our mobile app every week.”
Ross McEwan
CEO
Royal Bank of Scotland
http://www.bbc.com/news/business-your-money-26365616
What about deployment models?
CONTINUOUS
DELIVERYSMALL, FREQUENT CHANGES
Cloud software development lifecycle
MonitorProvisionDeployTestBuildCode
AWS Elastic Beanstalk
AWS OpsWorks
CloudWatchCloudFormationAWS
CodeDeploy
AWS
CodeCommit
AWS
CodePipeline
Automation and configuration management
Declarative Approach to:– Provisioning
– Configuration
– Orchestration
– Reporting
Elastic
Beanstalk
CloudFormation
OpsWorks
Continuous Integration / Continuous Delivery
• Help prove code quality and function repeatedly with predefined results
• Lots of options; self hosted, open source, closed source, and SaaS
• Monitoring, testing, validation
• Plugins
What is DevOps?
« DevOps is the practice of operations and
development engineers participating together in
the entire service lifecycle, from design through
the development process to production support »
- theagileadmin.com
11.6s
Average time
between
deployments
(weekday)
1,079
Max number of
deployments in
a single hour
(or approx
every 3
seconds)10,000
Average number
of instances
simultaneously
receiving a
deployment
Taking our own medicine :
the ‘amazon.com’ caseDevOps
Set up small teams
Each team is truly cross-functional
Product Owner, Developer, Tester, Operations, BA / QA
A software development method that stresses
collaboration and
integration between Development
& Operations, often using Agile techniques such as Scrum & Kanban
Code
Build
Test
Deploy
Provision
Monitor
Change.ppt
• People
• Process
• Technology
People & Teams
Small teams
Cross functionalPurpose
OwnershipAutonomy
Trust
Technical freedom
Strong technically
Ability to learn
Process
Budget & Capacity Mgt
Old vs NewIT OperationsTeam self
service
Process
Deployments
NOC
Coordinating
Teams:
- Development
- Deployment
- Release
- Operations
Old vs New
Technology
Automate
Infrastructure as code
Test everythingVisibility through tooling
Measure & monitor
everything
Process
Security
Operational
function
Governance
functionOld vs New
Agility vs Control
Goal: Agility + Control
Agility vs Control
Central
Services
Team
Enforces
Governance & Policy
AWS
Agility vs Control
Central
Services
Enforces
Governance & Policy
AWS
Infrastructure
Request
Team
Agility vs Control
Central
Services
Enforces
Governance & Policy
AWS
Infrastructure
Request
Team
Agility + Control
Central
Services
AWS
Policy, tools
Best Practices
Infrastructure
RequestMonitoring
Team
Visibility, Auditability, Control
Focus on Security & Enabling Compliance
“Based on our experience, I believe that we can be even more secure in the AWS cloud than in our
own data centers.” – Tom Soderstrom, CTO, NASA JPL
AWS provides the same, familiar approaches to security and compliance that companies
have been using for decades – with increased visibility, control, and auditability.
Visibility
View your entire infrastructure with one
click
Deep insight with
AWS CloudTrail
Control
You have sole authority on where
data is stored
Shared responsibility
model
Auditability
3rd party validation – certifications for workloads that matter
VISIBILITY
HOW OFTEN DO YOU MAP YOUR NETWORK?
WHAT’S IN YOUR ENVIRONMENT
RIGHT NOW?
Cloud Computing
You are making
API calls...On a growing set of
services around the world…
AWS CloudTrail
is continuously recording API
calls…
And delivering
log files to you
AWS CLOUDTRAIL
RedshiftAWS CloudFormation
AWS Elastic Beanstalk
AUDITABILITY
Continuous ChangeRecordingChanging
Resources
AWS Config
History
Stream
Snapshot (ex. 2014-11-05)
AWS Config
AWS Config
Use Cases
Security Analysis Audit Compliance
Change Management Troubleshooting
CONTROL
First class security and compliance
starts (but doesn’t end!) with encryption
Automatic encryption with managed keys
Bring your own keys
Dedicated hardware security modules
AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure Regions
Availability Zones
Edge Locations
Client-side Data Encryption
Server-side Data Encryption
Network Traffic Protection
Platform, Applications, Identity & Access Management
Operating System, Network, & Firewall Configuration
Customer applications & contentC
ust
om
ers
Security & compliance is a shared responsibility
Customers have
their choice of
security
configurations IN
the Cloud
AWS is
responsible for
the security OF
the Cloud
LONDON