4 Comments

Summary:

Most financial services companies officially forbid the use of public cloud (aka Amazon Web Services) completely. But the forward thinkers among them — like State Street — keep their options — and minds — open about such deployment in the future.

Question: Just how much mission-critical work do financial services firms and companies in other heavily regulated industries put on the public cloud?

Answer: It depends on whom you ask.

Chris Perretta, CIO of State Street Bank

Chris Perretta, CIO of State Street

IT execs in financial services — including Chris Perretta, CIO and executive vice president of State Street – say they absolutely do not allow the use of Amazon Web Services at all.  Period. (For my purposes, public cloud for now pretty much means AWS). They deal not only with their own top-secret data but with that of clients, which makes a move into a cloud they don’t control a career-limiting decision.

But if you talk to others in the cloud services arena, the answer gets more nuanced. An earlier GigaOM post on this topic sparked a debate on Twitter about just how much CIOs really know about what their devs are doing. My feeling is that many developers even in risk-averse companies get around obstacles to do at least some test-and-dev work in AWS and perhaps even get re-imbursed for it. But when it comes to deployment and use of live data — all that work comes back in-house for deployment.

State Street builds its own cloud

This is not to say that big finance firms aren’t moving to cloud at all. Just look at State Street, the Boston-based financial services giant that has $23 trillion (that’s trillion with a “t”) worth of assets under management for customers including mutual funds, pension funds and non-profits.  Since it won’t use AWS, State Street built its own private cloud for internal use, using a lot of open-source software and racks of its own design. (Other than that Perretta won’t say much about the State Street cloud.)

The lack of public cloud adoption by companies like State Street boils down to concern about security and reliability — it would be hard for any CIO to argue for putting mission-critical stuff in AWS after last year’s outages. It doesn’t matter to the boss that some of those snafus may have been caused by customer deployment issues. But it also has to do with the industry’s own hide-bound resistance to change.

“You have to overcome a lot of resistence from regulated industries before moving their stuff to the public cloud … You’ll have a hard time with your auditors in the short term if you go to public cloud,” Perretta told me recently. But, he’s keeping his eyes open because the cost savings of the public cloud are too good to ignore if these other issues can be resolved.

“Certainly if you look at the economics that Amazon and Rackspace are getting — that’s pretty impressive. But a lot still depends on how you build the application and you do have to build them differently to take advantage of the services they offer,” he said. In other words, forklifting existing applications  unchanged from an internal data center to the public cloud is not all that productive in his view. “We’re talking to the big cloud providers to understand how they run and what we’d have to do to make our systems run in that robust environment,” he said.

One goal of State Street’s cloud is to come up with new analytics that will let customers combine the data they keep themselves with data State Street keeps in their behalf and analyze it to get new insights. For that, State street needs to provide complete transparency so the clients can always see exactly what’s happening in their portfolio.

Barriers to public cloud falling

Public cloud gets a lot more compelling to companies like this if it can act as the foundation for what is really a secure private cloud. “If they can partition us off and give us a hard barrier around our stuff, that’s very interesting and we’ll always listen. But we’ll probably await the next-generation,” Perretta said.

That’s already starting to happen:  Amazon’s Virtual Private Cloud that lets business customers cordon off some infrastructure for their own use. In addition, Amazon Cloud.gov which was built to meet security mandates of state and federal government entities could help prove that AWS is up for the task of running secure applications.  (This weekend Amazon added its  Relational Database Service (RDS) and DynamicDB to the services available via Cloud.gov.)

Big enterprise systems integrators like Accenture, Deloitte, and Capgemini could also fill in some important check boxes for financial services companies wanting to go to the public cloud by providing the types of service level agreements (SLAs) corporations want and that AWS does not yet provide.

Joe Coyle, VP and CTO, CapGemini Structure 2012

Joe Coyle, VP and CTO, CapGemini<br />(c) 2012 Pinar Ozger, Pinar@pinarozger.com

Joe Coyle, CTO of North America for Capgemini said more enterprise loads are “marching into public cloud but in the private mode of public cloud,” as seen in the AWS VPC model. “I see the compliance issues, the regulatory stuff as being resolved — I don’t see anything stopping that migration,” Coyle told me recently. (Of course, Capgemini which aids in such migrations has a vested interest in this being the case.)

As one GigaOM commenter on an earlier story about AWS traction in the enterprise pointed out:

“The first public cloud company to provide private cloud services is going to dominate the market for a while. A customer will then not need to worry about the tin, that will be provided and maintained by the public cloud company, who will provide their best-of-breed practices to the customer. The customer will be able to save costs by using a combination of private and public services offered by the provider. Enterprise software will move the same way as the smart phone environment and will be “apps” that run on this environment.”

There will be more third-party services coming that claim to bolster public cloud for use in sensitive industries  in that whole private-cloud-atop-public-cloud scenario. Startup CloudVelocity says it can take existing on-premises applications and put them on AWS and run them there securely.

Claims like that sound good as far as they go, Perretta said,although his company would spend “a pretty significant amount of time validating that claim.” More importantly, for him, wringing the most value from a cloud move would require re-building applications to get the most out of that expansive infrastructure.

“I can move a pig to the cloud but it’ll still run like a pig,” he said.

Feature photo courtesy of Shutterstock user AshDesign

  1. brianmccallion Monday, December 24, 2012

    The bottom line is that as much as financial firms gripe about the high cost of technology in the data center, they also view it as a “moat” that by spending all the money they do on technology and hot hot sites and whatnot, they are keeping their competition at bay. So in that way there’s a degree of collusion. They can be conservative because they basically print money and don’t need to take undue risk aka change what they are doing to keep making a very high ratio of profit per employee. Why would any one of such firms remove what is perceived as a competitive advantage by suggesting that the huge annual infrastructure spend might not be the only way to do finance technology? It’s never really as simple as I just suggested, but the truth never is.

    A few things I wouldn’t do, and some things you won’t do in the Cloud the way you expect to do them if you are a financial firm. As a side note, at one meeting a guy from a large consulting firm stopped me in mid-sentence, and asked me what I had against Veritas Clusters as an HA strategy in AWS. “For one thing, they absolutely don’t work in AWS, and aren’t possible” I replied. I’m predisposed to that answer though because I’ve seen VCS cluster crash more applications than they’ve saved for me.

    If you are building financial apps in the Cloud you should probably re-architect your apps for high availability, and you do need to figure out autoscaling. And getting your current support team to the point where it can support or even know if there’s an issue with your Cloud deployments is easier said than done. A really big obstacle is that large enterprise always feels obliged to build everything themselves rather than consume third party services, and boy it takes them a long time to build out those services even in the Cloud.

    Other tips:
    1. I would not try to run the most essential corporate financial services applications in the Cloud unless I had a compelling business case to make. Then I would do so without hesitation, however, I would look for a simpler, lower risk strategy first. Between VPC, Direct Connect, volume encryption (not from AWS per se), and RDS for Oracle, the AWS Cloud has gotten pretty corporate application friendly.
    2. I would not hire a really big consulting firm to help me or do it for me. I would consider hiring one of their project managers to run the daily scrum or something like that, and to break down uncooperative groups, and light a fire under people dragging their feet. The gap between the number of cheap Cloud skilled people, and the ability for large consulting firms to hire and deliver those people to your project, and keep them from leaving after a few weeks is the part that’s hard for Enterprise. The big consulting firms do not have enough Cloud skilled consultants to go around. You know that big skills gap you keep hearing about from Gartner? Well that’s what the big consulting firms are experiencing and that’s why it’s on the radar of firms like Gartner, even when large enterprise isn’t trying all that hard to directly hire Cloud people.
    3. I would not begin with a Cloud Migration tool, unless I had already migrated a bunch of apps the old fashioned way. And I still haven’t tried a Cloud Migration tool, and I doubt I would. Corporate applications get “refreshed” every few years, which means upgrading the hardware and software of an application. At the point of a refresh, you find a lot of problems and strange things that were done in the name of who knows what. I’m not sure what could be so urgent that it would create the need to “bulk” migrate applications to the Public Cloud. If you are really eager, try migrating them to a Private Cloud if you are feeling brave, and use that experience as a nursery for deciding which apps can thrive and which require the hothouse of the corporate data center.
    4. You won’t be deploying Oracle RAC, and you likely won’t be using Active Directory, OAM, or TAM in the Cloud.
    5. If you don’t already understand SOA, you will need to figure it out pretty soon in the Cloud. Most large financial firms have not gotten very far with SOA, and have few web facing applications running in the DMZ. The hardest part of moving applications to the Cloud is not the apps you do move, it’s all the data center services you don’t move. You have to either federate the existing infrastructure, or rebuild it in the Cloud. You have to start doing things like using database replication and helping your DBAs to overcome their completely irrational fear of asychronous transactions and their complete and utter mistrust of “eventual consistency.”
    6. I wouldn’t hire a large consulting firm for a small Cloud project. The main thing is that for migrating small, or even fairly large applications you may not want to pay the $10M to $20M that makes it worthwhile for the enterprise consulting firms to park their cars in your lot and start tooling around with your enterprise applications. Even if you are a F500 firm, unless you have a really giant project, or just feel like really burning your money, you will get people who may not be as smart as the Cloud experts on twitter. And if you get elite Cloud people, recognize that elite Cloud people that really know enterprise technology are as rare as unicorns.

    So ok, that’s all I really had to say. I’m not sure if finance is ready to run in the Cloud. I think they are already doing a lot of Hadoopy type stuff in the Cloud. Also, look at what firms like Xignite are doing in the Cloud. Financial information providers like Bloomberg will run applications in the Cloud, if not now, they will in 2013. Look at NASDAQ Data On Demand. And check out a firm like reval (http://www.reval.com/Pages/default.aspx), which runs a SaaS based derivatives application platform in the Cloud. Yes, there’s a lot of cool financial stuff moving or already running to the Cloud and the more data in the Cloud, the more apps will follow the data to the Cloud. So maybe the incumbents will be cautious and the innovators will be lucky?

    Here’s something I wrote about Market Data in the Cloud, NASDAQ, Xignite, NYSE EuroNext
    The Network Effect of Market Data in the Cloud
    http://blog.bronzedrum.com/2011/07/nasdaq-and-nyse-tale-of-two-exchanges.html?spref=tw

    Share
    1. great insights here. thanks brian!

      Share
  2. of course they do employ some cloud strategy either internal or public, so not sure why they should use public cloud to prove that they are using cloud.

    Share
  3. Well financial service has many important data and i am not sure about how much secure is public cloud to handle it .

    Share

Comments have been disabled for this post