Around the Cloud in Eighty Days: The Second Leg of the Journey: Infrastructure

This is part two of our ten-legged journey to explore how the Cloud can enable productivity, innovation, and scalability in financial services.

Each of my ten blogs over the coming eighty days will echo the themes discussed in Reply’s ten-part webinar series, Cloud in Financial Services, in which we’ll highlight some of the key points offered by our presenters and panel members.

In the first of the series, we benefitted from the experience of colleagues at Alpha Reply, EMVO, Imperial College, Natwest Markets, and UBS, who identified the overarching strategic considerations pertaining to Cloud adoption. If you haven’t yet read the first part, you can do so here.

In this blog relating to the second leg of the journey, we discuss ‘infrastructure’. If you think of IT as a house, this blog is essentially about the plumbing, the wiring, and all these infrastructural elements you never see, but without which the house crumbles.

I have summarised what I have learned from a wonderful panel of experts, including Sara Mitchell, Head of Financial Services Solutions Architecture for Amazon Web Services in the UK; John Finch, former global CIO of the Bank of England and Refinitiv, currently Technology Advisor to Private Equity; and my colleague, Marco Noli, Partner at Storm Reply, a subject matter expert on Cloud computing.

INFRASTRUCTURE AND SECURITY

In the work that we do across Europe and the UK, and in the interviews we have conducted with senior leaders in financial services about their experiences with moving to the Cloud, we have heard time and again that Cloud computing increases a firm’s agility, gives it almost infinite scalability, improves the reliability of its infrastructure, and reduces costs. However, the number one consideration in adopting the Cloud must necessarily be security — particularly in highly regulated industries like financial services.

In that context, I found the presentation of the AWS Shared Responsibility Model particularly interesting. Sara explained that, in the model, AWS and the financial institution have clearly defined roles for who is responsible for what. The financial institution is responsible for security ‘in’ the cloud, and AWS is responsible for the security ‘of’ the Cloud. What that essentially means in practice is that AWS is responsible for the infrastructure and software, and the financial institution is responsible for data, applications, user access, and the network and firewall configuration.

Figure 1: AWS’ Shared Responsibility Model for Cloud Adoption

INFRASTRUCTURE AND INNOVATION

Building on Sara’s introduction, my colleague, Marco Noli, took us through different Cloud delivery models available in the market: Public, Private, and Hybrid. This is a key infrastructure consideration. When deciding which to adopt, it helps to know the benefits and drawbacks of each.

At the risk of oversimplification:

• Public Cloud: This is perhaps the most common form of Cloud delivery model, i.e. a Cloud Service Provider (e.g., AWS) makes computing technologies available to the financial institution via the internet. The model is conducive to economies of scale and resource sharing that can reduce costs (including infrastructure costs), offer quasi-unlimited scalability, and provide the financial institution with an increased choice of up-to-date technologies. It is often referred to as a ‘multi-tenant environment’; you may think of it as a situation where you share the infrastructure with other firms. In this model, the Cloud Service Provider owns the responsibility for the infrastructure.
• Private Cloud: The Public Cloud is a relevant delivery model in many cases. However, there are circumstances where a financial institution may want to adopt the Private Cloud, i.e. a model where it creates a Cloud environment in its own data centre and makes computing technologies available to its own organisation only (hence, the reference to a ‘single-tenant environment’). From an automation point of view, it is very similar to the Public Cloud but, in this model, the financial institution (or third parties) owns the responsibility for the infrastructure (e.g., procuring the hardware, managing the network, etc.). The Private Cloud is often the province of larger financial institutions (e.g., due to legacy infrastructure and applications) as well as a viable alternative in use cases where the speed of network connectivity is making the Public Cloud delivery model inadequate.
• Hybrid Cloud: In reality, however, many financial institutions mix the pros of Public and Private Clouds by adopting a ‘hybrid model’. For example, a financial institution may be running a particular ‘workload’ (e.g., a stress testing process) in its on-premises Private Cloud whilst ‘throwing’ workloads resulting from a burst in computing (e.g., due to an increase in stress testing frequency) to the Public Cloud.

In the words of my colleague, Marco Noli, “determining how a financial institution wants to deploy to the Cloud is a key infrastructure consideration that will impact how the financial institution will be able to leverage the Cloud to transform existing businesses and bring innovative products and services to market.”

Each financial institution will be at a different point on its journey to the Cloud, and the choices it will make should be dictated by the strategic objectives it pursues and the challenges that the institution faces. As noted in my opening lines, the construction business bears some analogy to the issue of Cloud infrastructure: Timber vs. concrete vs. steel in house construction; the relevant choice will differ greatly depending on the objectives you pursue (e.g., fire protection vs. carbon footprint).

Embracing a Cloud Infrastructure consistent with the Institution’s Strategic Objectives and key Challenges

THE OUTCOMES YOU ARE LOOKING FOR…

My last guest, John Finch, began his presentation with a bang. Assuming there is the legacy of a complicated IT infrastructure, organisations have to ask themselves “what outcomes is the CIO looking for and how does the Cloud achieve this?”

When it comes to the adoption of Cloud computing in general and, more specifically, the choice of relevant infrastructure, it is vital for Board members and the C-suite to understand the principles of Public, Private and Hybrid Cloud and what they mean — not at a technical level – but in terms of implications for the Business.

Usefully, John offered seven key questions Board members and the C-Suite should consider when weighing the possibilities of Cloud adoption:

1. What does this do to cost? Is the migration to Cloud proven to reduce the cost of ownership and, importantly, what is the cost of migration? As we discussed in Part 1, the Cloud is a consumption-based model (i.e., ‘pay-as-you-go’) – that is a great benefit of course! What does this mean as the business scales?
2. Is this a one-way journey? Once you have invested and begun migration, can you still move to an alternative provider and is that worth considering? Are you tied in with high costs of change and how can you mitigate risks?
3. Are all of the main providers the same? Amazon (AWS), Google (GCP), and Microsoft (Azure) are the big three. In specific circumstances, is it important who is chosen and why? Should the Board even be concerned about this? This is a good question for the CIO to answer to the board…
4. How does this support broader business goals? If the business goals are to improve service, revenue growth and/or geographical expansion, how does Cloud enable this?
5. Security… The boards and their Risk Committees need to understand the implications of this… Is the chosen Cloud approach more or less secure and what are the implications? Of specific importance regarding security is data. Where is the data and, especially, where is it during transit if you are bringing data on-premise or transferring it across environments?
6. Is the Cloud ‘green’? All boards now are beginning to worry about ‘carbon’ and the ‘green agenda’, so it is worth comparing your current IT infrastructure to any Cloud approach you choose. And finally, of major importance second only to ‘security’…
7. What does the Cloud mean for the IT organisation from a skills and operating model perspective, and also, what does it mean to the business model? The board needs to be thoughtful about this.

Click here to watch the recap video for Webinar #2/10

If you have any questions about any of the above, please feel free to reach out to us at Reply at . Keep an eye out for episode 3 where we’ll discuss ‘Cloud architecture’ and why it matters in our daily life…