Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons...
Transcript of Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons...
![Page 1: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/1.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Ilja Summala
Group CTO, Nordcloud
Financial Services Industry in AWS
![Page 2: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/2.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
About Nordcloud and Me
Worked with cloud strategy and projects several large
and small financial institutions over last 6 years. 30% of OMX40 Public Cloud Strategy.
Nordcloud in Nutshell
100% Public Cloud
300+ employees - one of the fastest growing tech companies in Europe
![Page 3: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/3.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What we do
3
Cloud Strategy & Advisory
Cloud DevOps & Migrations
Managed Services
Cloud Capacity & Optimization
Cloud Training
App Development
![Page 4: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/4.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CHALLENGES IN FINANCIAL SERVICES INDUSTRY
![Page 5: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/5.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
“By 2030, 80% of heritage financial firms will go out of business, become commoditized or exist only formally.”
Gartner
DIGITAL TRANSFORMATION
![Page 6: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/6.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
DIGITAL CHALLENGE
• Legacy FSI systems and business models cost more to run than
cloud based FinTech
• Regulators becoming more consumer centric to promote
innovation & new entrants (PSD2, open banking APIs)
• Slow time to market for new features in digital channel
• Digital moves financial services to open international market with
software economies of scale
![Page 7: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/7.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IF YOU COMPETE WITH SOFTWARE YOU NEED TO BE
GREAT WRITING IT
![Page 8: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/8.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS is the fastest way to improvement development
productivity in FSI (..and in other industries)
![Page 9: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/9.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
LESSONS LEARNED IN FSI DEVOPS JOURNEYS
![Page 10: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/10.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lessons Learned Cloud Journey Context
CLOUD ENABLEMENT
Advisory & Discovery
Strategy and Goals
LANDING ZONE & SECURITY
APPLICATION DEVELOPMENTMIGRATIONS
OPERATIONS
CLOUD ENABLEMENT (Advisory, Transformation Support)
Cloud Competence Center / DevOps Support
On-boarding to OPERATIONS
PROJECT MANAGEMENT + SERVICE DELIVERY
How to combine developer productivity with security and compliance?
![Page 11: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/11.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lesson 1Use Accelerator IT pattern
to ensure speed and agility
![Page 12: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/12.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Transformation Strategy - Optimise
Application Development
Service Mgmtand Sourcing
Organization and Finance
Transformation+Migration
Architecture
Security, Risk & Continuity
Operations
Legacy Big IT
Application Development
S
O+F
T+M
A
SRC
O
Accelerator IT
![Page 13: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/13.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Use AWS Cloud Adoption Framework or experienced partner to design goals
and cloud adoption path
![Page 14: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/14.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lesson 2 Define Solid AWS Account Structure
from Day 1
![Page 15: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/15.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Important because….
• It prepares for task automation of security and
compliance assurance
• It enables clear separation of concerns between
developer teams and security teams
• Helps to integrate with multiple FSI stakeholders
![Page 16: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/16.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Account Structure
16
Audit
Shared Services&
Tools
Production Development
IAM
On-Prem
PlatformAudit data
networking
Direct Connect / VPN
Access
VPN / Remote
DisasterRecovery
SoC
SolutionAudit data
Platform AuditCopy
![Page 17: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/17.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lesson 3 Build Cloud Competence Center to
develop platform and support app teams
![Page 18: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/18.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
No:1 mistake currently in cloud adoption
• No team with clear organisational charter, budget and
deliverables
• Results in higher cost and lower velocity as app teams
try to deal with compliance without reuse
![Page 19: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/19.jpg)
Cloud Environment Creation
Cont
inuo
us S
ervi
ces
Security Assurance
Cost Management
DevOps Support
Developer Tools Support
Cloud Architecture Library
Proj
ect
and
Plat
form
Ser
vice
s
Cloud Platform Development
Project Cloud On-Boarding
Cloud Architecture + Components Support
IAM / Accounts / Networking
Cloud Competence Centre
![Page 20: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/20.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
4 Invest in Security around Container Platforms
![Page 21: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/21.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Developers like containers because…
• Boilerplate from DockerHub et al (!)
• Excellent development workflow
• Part of systems management becomes “invisible” as the
OS is no longer a concern
• ECS / Kubernetes simplify deployments
![Page 22: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/22.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Example: Provide OS security as a service for devs
• Containers rely on underlying OS but do not manage it
• Build service that assures hardened operating systems (e.g. image factory / AWS
Config rule version alerts)
• Remove access to EC2 instance metadata with IP tables
• Install Cloudwatch and metrics scripts
CIS standard change
Trigger Secure AMI
Build
NEW CIS hardened
AMI
Publish in all AWS
accounts
Amazon ECSLaunch new EC2
with new AMI
CustomiseEC2
Run applications in
containers
Monitor EC2 image age with Config
Trigger update via autoscaling
![Page 23: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/23.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lesson 5Be ready for AWS Account Explosion
![Page 24: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/24.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Trend towards more and more AWS accounts
• AWS accounts per use case provide easier political and
cost separation
• Tools like AWS organizations reduce the cost of running
many accounts
• Implementing all security and compliance features via
code is a must with scale
![Page 25: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/25.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Automate this!
25
Audit
Shared Services&
Tools
Production Development
IAM
On-Prem
PlatformAudit data
networking
Direct Connect / VPN
Access
VPN / Remote
DisasterRecovery
SoC
SolutionAudit data
Platform AuditCopy
![Page 26: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/26.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Account workflow
• Define the role for the new account
• Create Account via AWS Organizations programmatically
• Define external integrations (e.g IPAM for VPC CIDRs)
• Define set of ’blueprints’ (ordered Cloudformation) to run on the account and
supporting accounts
• Audit / DR accounts
• IAM
• VPC creation and peering
• Remote access and Security Groups
• GuardDuty + Config rules
• Execute
![Page 27: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/27.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
High velocity FSI product development is possible with
AWS, but it requires right strategy
![Page 28: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/28.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Q&A
![Page 29: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/29.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
![Page 30: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/30.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Please complete the session survey in the summit mobile app.
![Page 31: Financial Services Industry in AWSaws-de-media.s3.amazonaws.com/images/AWS_Summit... · Lessons Learned Cloud Journey Context CLOUD ENABLEMENT Advisory & Discovery Strategy and Goals](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6061f2c22e71e045add55/html5/thumbnails/31.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Nordcloud Germany Contact
Ulrich Baur | Country Manager DACH | [email protected] | +49 160 5001 020 | Nordcloud Deutschland GmbH | Landwehrstraße 61 80336 München