Industry sign banking indiana form computer
good afternoon thank you for staying to the last slot I greatly appreciate it so my name is Jonathan Allen diamond enterprise strategist Amazon Web Services I want to start just with a little bit of my own personal career background so before I joined Amazon Web Services I actually worked for Capital One Bank for 17 years Capital One obviously has a progressively adopted Amazon Web Services as its predominant cloud partner and has got a significant way on that journey in the last three years as my tenure at Capital One I was privileged to be senior director and UK CTO on that journey and learned an awful lot of lessons across people process and technology and in 2017 I actually joined Amazon Web Services and now workers and Enterprise strategists sharing lessons around the world from our customers and I'm privileged to have met over 200 individual organizations and helps them on their journeys and many of them are obviously banks and there is a vast array of financial institutions around the world now leveraging Amazon Web Services to really power and transform their business everyone from obviously Capital One in the top left-hand corner there to FINRA the markets regulator in America through to DBS National Australia Bank centrist Sun Corp there's a huge amount of companies here leveraging AWS and getting huge value so why are so many banks moving to cloud well firstly regulation is actually a huge catalyst for change when you actually look at a quote here from FINRA we can be far more secure in the cloud and achieve a higher level of assurance at a much lower cost that kind of really encapsulates the sentiment from these leaders and here a quote from the dtc see cloud computing has reached the tipping point as the capabilities resiliency and security of services provided by cloud vendors now exceeds those of many on premises data centers so why is that you know when you look at the job of banks to comply with regulation there's an awful lot of heavy lifting involved in traditional on-premises worlds these are the certifications that Amazon Web Services has achieved so as a regulated institution things like ISO sauk compliance PCI DSS compliance these really matter and the ability to leverage key services that have already achieved this compliance standard is a huge undifferentiated lifting remover and then we have things like the compliance center where banks can easily and straightforwardly consume and get access to the data that's relevant for them for compliance in certain regions then of course availability massively massively important to every enterprise out there but especially banks now if like me years ago you would look at charts like this and be a little bit like wow you know this is a lot of nines it's never-ending lots of promises on individual components to get certain elements compliant have you ever actually looked what happens when you put these elements in a data center in serial where the maths in a traditional data center this is the mathematical formula and as you add more components in the actual downtime does not look very good you know three days 16 hours when you put these things in cereal that's not brilliant this was a lesson that Amazon will learned many years ago this is the one of the fundamental reasons why our region model has multiple availability zones within it when you actually place an availability zone with the services duplicated within it the equation changes dramatically and actually when you have three of these availability zones in parallel well what can happen to the availability here this is a dramatically different position so the ability for enterprises not just banks to actually deploy their day and their application services across availability zones it's really transformed transforming their availability and you even have regulated institutions now deliberately choosing to shut down individual a be a ZZZ to understand and test proactively what's going to happen so Santana has open bank CEO spoke at the Madrid transformation Day last year about how they deliberately shut down availability zones to test their availability this is a transformation for enterprises in the availability posture then of course security threats banks are natural and obvious targets attracting the worst type of cyber criminals and keeping up with that bar that's always moving is a real challenge so leveraging the security strengths of Amazon Web Services where security for is will forever be job zero will forever get the lion's share of investment we will not hesitate to slow down on features and move resource into security if that's not where we think it needs to be and when you look at security and you look at the shared responsibility model AWS is here responsible for the orange elements where we look after the physical elements protecting the data centers the availability zones the region's the cloud front locations and of course customers want to make sure that they can protect their data that they say what when and how this is accessed this is the blue element of the diagram now that can be a conversation for customers of how they do that but when you look at this large swath of tools the Amazon Web Services provides here moving from the left with comprehensive Identity and Access Management through to guard duty which will proactively alert you to things that are don't look right through to DDoS protection through to the chemo measurement service where you can leverage that to encrypt your workloads these tools provide customers with the security ashore and then of course I have this conversation about fintechs emerging and the threat this poses I would politely argue that fintechs aren't disrupting banks the customer expectations are of what we want and how we want to handle our financial transactions in our financial health and compounded with that bank yields have been consistently low for the last few years and of course banks like any Enterprise are looking to run drastically more efficiently and drive their costs down for infrastructure so as I've gone around the world talk to these financial institutions I'm very often asked what do you what are the ten top learnings that you've gathered on the journey I want to share with you then now lesson one keep it simple there are so many choices available now when you truly look though in my experience and what the organization's I've spoken through really there's three things they're looking for the first is security the second thing is reliability the third is feature sets so keep your choice is simple that you make available in your organization it can exponentially compound quickly so make your choices simple and here obviously Capital One chose AWS as their predominant cloud infrastructure partner keeping it simple so that second thing I see going on is not moving so agile fully so for many years we've been worrying about the perception of lock-in and it's really easy to understand that when you consider how some historical software vendors have engaged with their customers on licensing orders I would actually argue that this is actually how we lock things in traditionally in enterprises we have this waterfall design of delivery that sometimes can take years to deliver from scope all the way through to delivery into support I would say when you're going through that and have cemented your decisions in place for years that is actually that's the lock right there at the end going in because everybody's like I can't change anything now for three or four years we see it really radically changing though with organizations adopting these heterogeneous multi skilled teams that can leverage the software API is available in cloud and then they're able to drop in much smaller increments of change if they want to change a type of technology they're using it's really just a sprint and a thought and an execution for that team to transform themselves so really look to move to agile really challenge yourself look to me to guardrails not gates how can you blend these skills to really leverage these software api's the third thing is when I see some enterprises and banks treating cloud as just a project now for those of you that have may have may have read the great book accelerate by nichole fours green J's humble and gene Kim this is a fascinating read as they've taken a lot of data from a lot of organizations around the world and when you look at one of the key findings in there they have this concept of low performers medium performers high performers and these elites these are the organizations that are delivering significant more features and have significant lower downtime and significantly faster recovery time from any outages and when you look at them in the report this the state of DevOps report 2018 they are 23 times teams that adopt cloud essential characteristics 23 times more likely to be elite performance now Capital One also worked with the state of DevOps report and it's worth noting when there is worth noting that for deploys per day is a conservative estimate when comparing against companies such as Capital One so moving away from maybe releasing three or four times a year to releasing many times a day so how do you do that how do you not just treat this as a project so again here's an interesting stat on the elite perform is 46 times more frequent code deployments two and a half thousand times faster seven times lower change failure rate 2,600 and four times faster time to recover from incidents that one that last ones amazing so when you're moving forward is a bank not treating it as a projects really important and actually engaging with the leadership team incredibly important having a single-threaded leader normally and obviously in regulated institutions you typically have four lines of defense a first line leader may be a cio CEO CTO CEO then followed by normally the risk function may be an audit function finally the regulator these four lines of defense are broadly similar around the world while having the single threaded leader who is a first line leader actually staring into this and going I'm gonna make a bold goal really important so in National Australia Bank you saw them do a 30 application move in 50 days that's a bold goal to accelerate their progress and for those of you that were here earlier on you may have heard heard Paul from National Australia Bank talk about their journey so declaring this bold goals super important and bringing together a cloud leadership team that has procurement people in there because the public cloud contract is a little different it is pay-as-you-go it's very different bringing in legal into that conversation so they could understand that paradigm bringing and then of course the chief information security officer ideally the CFO of course coming in because you're moving away from these very long capital intensive investments to now pay-as-you-go it's a different way so yes you know your financial analyst should be there the head of infrastructure really important they have a crucial role to play in the transformation ahead of delivery if one of it one exists the engineering function if it's part of your delivery function the risk and audit leaders again from those different lines of defense and of course human resources we're going to be changing how people work and in particular if you're moving from an on-premise highly skilled on-premise team to cloud there's going to be a change curve those folks are going to go through this team should come together and meet weekly or even twice a week and you know what they're going to have a lot of questions totally natural capture every single question and eventually answer it there's a priority order and one of the best ways I've seen leadership teams accelerate their journey is with an executive briefing either here in Singapore or traveling to Seattle and during that executive briefing you can really dive deep into things like the cloud adoption framework the well architected framework the migration acceleration program which brings together thousands of learnings of customers that have migrated to AWS available there as a program along with a whole breadth of topics that you might want to dive deep on the other thing I've seen work incredibly well is establishing principles at this level so if you want to move to a model like you build it you support it the leadership team needs to be brought into that very often I've seen leadership teams have their individual opinion of what they're trying to achieve but that alignment through principles incredibly powerful for those of you that may have heard about the Amazon leadership principles which of what cause customer obsession is our first one that's how we get broad agreement in hundreds of thousands of employees I can go to any Amazonian and talk about diving deep invent and simplify customer obsession these are our leadership principles they're really important to us lesson 4 there is no compression algorithm for experience here are quotes from Rob Alexander the global CIO in capital one the hardest part of this transformation transition is really a talent transformation and again comprehensively trained organizations are far more likely to succeed this has got to be extremely front of mind for the leadership team now in my experience training though is not the be-all and end-all when you look at this frozen middle that sometimes occur training is the tip of the iceberg and what I had to learn on my own journey was actually what really motivates most of us is incredibly important so what does motivate us so there's three things for those of you that may have read the Daniel pink book Drive which is an amazing book that he talks about there's autonomy there's mastery there's purpose these things are all really unique and personal to us we like the ability to do something when we want to do something mastery we want to be really good at something and we want to be known for being the expert in that thing doesn't matter what that thing is typically and purpose we want to know that what we do is is going to matter to the business or to whatever we put our efforts to this is where we typically get motivation from but do you know what when you're moving from on-premise to cloud you're about to mess with all three of those things so really taking the time to connect with everybody who's going on this journey to offer the multiple mechanisms to rescale not just trained and re-skill really important now we have thousands of Amazon Web Services partners around the world one of the things I did on my journey was worked with a particular partner in this case cloud reach which is a born in the cloud provider and I bought in one of their experts drops them into my first platform team my cloud platform team and they did pair programming pair programming where I've got one machine two keyboards - mice - keyboards and two individuals are now working together to build infrastructure as code from their machine to the cloud I know personally if I sit on a training course I would not ask an embarrassing question right because I don't want to look embarrassed but I will ask if I'm next to somebody who really is competent and I don't know I'll actually work with them really seriously to build that code multiple mechanisms to re-skill incredibly important and here's a top tip and it was mentioned by Paul from National Australia Bank in the previous session look to get you 10% of your technology folks certified not just trained certified when you do the training but that exam because this is where I see huge inflection points of adoption and success when the AWS tools become like a common vernacular in your business when people talk about what an s3 bucket is the objects within it what an account is what a VP see is what encryption looks like you'll be amazed by the rapidity that you can move at we're no longer waiting for teams to deliver service as far as we can procure it if a team has written code on how to do something we can take it it's developed by our enterprise we can reuse that code so get this 10% bar of people certified incredibly powerful and then you get this halo effect many organizations start out at the start of the journey wanting
o recruit and I think Paul said it announced Australia Bank they were looking to recruit thousands of people they did not exist but actually when you reach this inflection point experience has shown me you actually do attract talent who want to work on AWS cloud at this point incredibly important lesson 5 get the risks and control balance right now obviously re-skilling crucial to helping with this for those of you that have made that sense in the customary example earlier in the day where they really looked at using a partner an AWS config to really get the right balance of detective controls in place for them and preventative controls and directive controls but get them out to be appropriate for them really important now here's another model and it's his base of a principle attached when you've got these small teams that are able to leverage software api's of course you want to trust them but in a regulated institution you could have verify what they're doing so this trust but verify concepts incredibly important now one of the things Capital One has done is to actually develop their own open-source tool called cloud custodian where cloud custodian could look at an account you can configure your guardrails in a yeah more file incredibly powerful lesson 6 thinking on premise it's totally natural when you've done things for many years in a certain way to think that you have to redo them in that same way in cloud there's a little acronym here called ya Guinea you aren't going to need it getting your DNA right so you can move to cloud at speeds incredibly important so just because a control run a certain way to support on-premise or something was done a certain way doesn't mean it has to be done that way in cloud just asking and working with your solutions architect or a partner how is this done is actually something many people forget to do and try and duplicate how they've done something on-premise whatever that is I've seen so many different things and then they realized have spent three months building to replicate something uncloudy where there's a normally a service or a really simple way to do that in cloud and they could have saved an awful lot of time so really be aware of this acronym you aren't going to need it really helps ask ask questions and number seven thinking regulation is a barrier again as I spoke about earlier we have a lot of help in this regard regulation is not a barrier regulation is an enabler when you've got things like cloud trail that can track this user activity and API usage it's actually never been more clear to understand what happened when by who at a certain time lesson number eight trying to build the perfect perfect is the enemy of good I love this quote from Voltaire I have seen sadly some enterprises spending many years trying to get every widget and everything absolutely perfect by losing it by using AWS cloud you can actually get to and I have seen many enterprises and regulated institutions get to production workload in 90 days of course security has got to be absolutely right of course reliability has got to be absolutely right but engineers and developers and I put myself in this bucket will take and will always be refining at always finessing things of course they can and of course they want to but knowing when it's good enough is really important number 9 overthinking migration so this next slide I can sometimes spend entire hours just with leadership teams discussing this so how do you migrate it can be a little overwhelming when you've got hundreds of applications thousands of workloads you want to move but we have a very straightforward decision tree that can break it down for you and it works and it's part of the migration acceleration program so I'm just going to step through it firstly you can re host workloads really straightforwardly not only do we have tooling available but our partners have talling available to re host your workloads we hosting being and moving the operating system and the application or datastore straight on to ec2 it is the fastest way to migrate what if you don't want to take the operating system what if you want to change your data store completely understandable that people want to get database freedom how do you do that well again taking your application off its existing operating system using opsworks to help maybe going from WebLogic to apache tomcat for your application maybe going from a Oracle or my sequel datastore to Postgres or my sequel on Aurora or DynamoDB you can use the database migration service to do this you can even use the schema conversion tool to help you on that journey to identify any stored procedures you may have to look at any sequel mismatches really important and again there's both tools from Amazon Web Services and from our partners to help on that journey thirdly do you want to repurchase your existing workloads so are you doing something in your data center that you don't actually do not need to do anymore maybe you want to use workday or Salesforce or something else from our marketplace where we've got well over 4,000 products from over 1,000 ISV is listed in there that's available to you do you want to move to software as a service and some of those functions incredibly important model fourthly do you want a reef do you want to take something that you've built previously and make it totally cloud native looking at service technology typically this brick delivers the lowest cost with some of the highest availability I would say use this one selectively for what really differentiates your business use it selectively and finally retain and retire so I have seen some organizations and regulated institutions closing their data center using a combination of Rijo story platform refactor repurchase but what about those other workloads those non x86 workloads you've probably got to refactor them in time but you might not have enough money or resources or focus to do that right now well I see some companies choosing to relocate them certain systems securely into their connectivity parlour like Equinix for example almost like a holding pattern why they get time to refactor and of course retire customers are always amazed how much they find in their data center but they actually don't need anymore these are systems looking after systems for their own premise so overthinking migration and the final lesson not optimizing your operating model so very often one of the first questions I get when I speak to customers is what does my target operating model need to look like to go to cloud of course the answer to this is incredibly multifaceted the answer is probably whatever organizational model fits your business and can be accepted but we do see some patterns strongly emerging so if you take a a bucketing scenario I've got sustained I've got optimized I've got grow what are the differences you are not going to take all of your applications and immediately go to enterprise DevOps you're gonna have applications which you're gonna be staying around for awhile that's sustained you're probably going to have some applications that you're gonna re-platform and you're gonna make tweaks you're gonna do what a Minimum Viable real platforming looks like and you potentially could using cloud ops on top of an Amazon machine image actually move this to almost a distributed DevOps model and finally for those new things you're refactoring you can probably go all the way to those heterogeneous teams trust but verify with the right guardrails what does this look like so you've probably got application engineering application operations creating a cloud platform engineering team maybe a cloud platform operations team per division super useful in that first model what about the second model well application engineering can start to merge over with operations and actually cloud platform engineering is probably still needed in this model what about the final one grow decentralized DevOps actually this team now becomes pretty self-sufficient all right their demands from maybe a central team to do things for them are much lower and we see States we see the first one is traditional its transitional the second and third is strategic but what if you can't find the skills a common problem this is where AWS managed services can really help you go fast can really help you with that bold goal can really help you do maybe even a 50 and 50 migration which we see so many customers going for for your business so what does AWS look like so this is where Amazon Web service has come in with a team dedicated to help you with change management access management security management we have those templates to go really fast and actually when you break it down you can actually map that really interestingly on to your migration methodology as well so actually we can see this sustain being part of rhe host we can see this optimized path being every platform and repurchase and that grow those things that really differentiate your business those new builds that re factoring this is where you get to that decentralized DevOps so 10 lessons this is the first five this is the second five thank you very much [Applause]