Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Ilja Summala
Group CTO, Nordcloud
Financial Services Industry in AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
About Nordcloud and Me
Worked with cloud strategy and projects several large
and small financial institutions over last 6 years. 30% of OMX40 Public Cloud Strategy.
Nordcloud in Nutshell
100% Public Cloud
300+ employees - one of the fastest growing tech companies in Europe
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What we do
3
Cloud Strategy & Advisory
Cloud DevOps & Migrations
Managed Services
Cloud Capacity & Optimization
Cloud Training
App Development
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CHALLENGES IN FINANCIAL SERVICES INDUSTRY
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
“By 2030, 80% of heritage financial firms will go out of business, become commoditized or exist only formally.”
Gartner
DIGITAL TRANSFORMATION
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
DIGITAL CHALLENGE
• Legacy FSI systems and business models cost more to run than
cloud based FinTech
• Regulators becoming more consumer centric to promote
innovation & new entrants (PSD2, open banking APIs)
• Slow time to market for new features in digital channel
• Digital moves financial services to open international market with
software economies of scale
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IF YOU COMPETE WITH SOFTWARE YOU NEED TO BE
GREAT WRITING IT
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS is the fastest way to improvement development
productivity in FSI (..and in other industries)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
LESSONS LEARNED IN FSI DEVOPS JOURNEYS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lessons Learned Cloud Journey Context
CLOUD ENABLEMENT
Advisory & Discovery
Strategy and Goals
LANDING ZONE & SECURITY
APPLICATION DEVELOPMENTMIGRATIONS
OPERATIONS
CLOUD ENABLEMENT (Advisory, Transformation Support)
Cloud Competence Center / DevOps Support
On-boarding to OPERATIONS
PROJECT MANAGEMENT + SERVICE DELIVERY
How to combine developer productivity with security and compliance?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lesson 1Use Accelerator IT pattern
to ensure speed and agility
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Transformation Strategy - Optimise
Application Development
Service Mgmtand Sourcing
Organization and Finance
Transformation+Migration
Architecture
Security, Risk & Continuity
Operations
Legacy Big IT
Application Development
S
O+F
T+M
A
SRC
O
Accelerator IT
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Use AWS Cloud Adoption Framework or experienced partner to design goals
and cloud adoption path
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lesson 2 Define Solid AWS Account Structure
from Day 1
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Important because….
• It prepares for task automation of security and
compliance assurance
• It enables clear separation of concerns between
developer teams and security teams
• Helps to integrate with multiple FSI stakeholders
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Account Structure
16
Audit
Shared Services&
Tools
Production Development
IAM
On-Prem
PlatformAudit data
networking
Direct Connect / VPN
Access
VPN / Remote
DisasterRecovery
SoC
SolutionAudit data
Platform AuditCopy
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lesson 3 Build Cloud Competence Center to
develop platform and support app teams
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
No:1 mistake currently in cloud adoption
• No team with clear organisational charter, budget and
deliverables
• Results in higher cost and lower velocity as app teams
try to deal with compliance without reuse
Cloud Environment Creation
Cont
inuo
us S
ervi
ces
Security Assurance
Cost Management
DevOps Support
Developer Tools Support
Cloud Architecture Library
Proj
ect
and
Plat
form
Ser
vice
s
Cloud Platform Development
Project Cloud On-Boarding
Cloud Architecture + Components Support
IAM / Accounts / Networking
Cloud Competence Centre
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
4 Invest in Security around Container Platforms
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Developers like containers because…
• Boilerplate from DockerHub et al (!)
• Excellent development workflow
• Part of systems management becomes “invisible” as the
OS is no longer a concern
• ECS / Kubernetes simplify deployments
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Example: Provide OS security as a service for devs
• Containers rely on underlying OS but do not manage it
• Build service that assures hardened operating systems (e.g. image factory / AWS
Config rule version alerts)
• Remove access to EC2 instance metadata with IP tables
• Install Cloudwatch and metrics scripts
CIS standard change
Trigger Secure AMI
Build
NEW CIS hardened
AMI
Publish in all AWS
accounts
Amazon ECSLaunch new EC2
with new AMI
CustomiseEC2
Run applications in
containers
Monitor EC2 image age with Config
Trigger update via autoscaling
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lesson 5Be ready for AWS Account Explosion
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Trend towards more and more AWS accounts
• AWS accounts per use case provide easier political and
cost separation
• Tools like AWS organizations reduce the cost of running
many accounts
• Implementing all security and compliance features via
code is a must with scale
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Automate this!
25
Audit
Shared Services&
Tools
Production Development
IAM
On-Prem
PlatformAudit data
networking
Direct Connect / VPN
Access
VPN / Remote
DisasterRecovery
SoC
SolutionAudit data
Platform AuditCopy
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Account workflow
• Define the role for the new account
• Create Account via AWS Organizations programmatically
• Define external integrations (e.g IPAM for VPC CIDRs)
• Define set of ’blueprints’ (ordered Cloudformation) to run on the account and
supporting accounts
• Audit / DR accounts
• IAM
• VPC creation and peering
• Remote access and Security Groups
• GuardDuty + Config rules
• Execute
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
High velocity FSI product development is possible with
AWS, but it requires right strategy
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Q&A
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Please complete the session survey in the summit mobile app.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Nordcloud Germany Contact
Ulrich Baur | Country Manager DACH | [email protected] | +49 160 5001 020 | Nordcloud Deutschland GmbH | Landwehrstraße 61 80336 München