Financial services enterprise cloud migration - what have we learned?

Many large financial services organisations have migrated IT services to the cloud over the last five years or more. This transition comes in many guises, for example: lift and shift of existing implementations, SaaS adoption, re-architecture adopting native cloud functionality or even complete reimagining the services to support business transformation.

As an architect, I’ve supported several customers on this journey. This blog summarises a few thoughts on what I’ve learned.

The benefits

Customers can expect TCO savings with both reductions in redundant capacity and increases in available capacity. However, management perceptions can be distorted by slow migration delivery and the requirement to maintain hybrid infrastructures to accommodate data in locations that prohibit the use of public cloud.

What can be said is that a raft of other benefits is seen:

• Agility in fast delivery to business requirements
• Innovation through the availability of rapidly developing cloud products in areas such as AI
• Improved security: standardised patterns across design, CI/CD and control products can enable greater control efficiency and effectiveness
• Increases to viable and affordable capacity through elasticity of compute
• Workload resilience through redundancy and improved practices around SRE

The challenges

Benefits realisation can be harder than in other industries for reasons including those below:

• Higher regulatory burden
• Massive scale of many financial services organisations
• Tighter security requirements with stricter internal auditing
• Greater reputational risk associated with control shortfalls
• Skills gap within the enterprise

Key areas of focus for enablement

These challenges need to be directly addressed in any cloud migration. However, for a financial services enterprise, in my experience, four key enablement structures can be used to deal with them efficiently:

• Cloud product enablement
• Architectural controls
• Centralised design patterns
• Security processes
• Each of these topics is described in more detail below.

Cloud product enablement

Cloud product teams should drive enablement for use case teams but the business must determine the priority – no ivory towers or software vendor agendas. If the business wants Spark batch ETL, enable the service to run it first, rather than pushing to refactor to a different ETL API. Avoid mandating expensive vendor products where CSPs provide a default alternative unless there are clear benefits from doing so.

From the outset, the product enablement team should foster a community informing on best practice. Cloud specific architectural community sessions are great for disseminating developments, providing a forum for enquiry and the peer review of designs. The assignment of product owners for individual services can further enable adoption through transparency on the source of expertise. Designated communication channels for specific products also bring about collaboration on design and implementation.

Architectural control

Centralised architectural review provides an opportunity to propagate knowledge and enable application teams, whilst at the same time enforcing best practices. The potential to add value is enormous. Well-informed control operators can provide insight on the latest product developments, usage patterns and mechanisms for resilience. Standardisation of design artefacts through these controls accrues benefits in comprehension for all stakeholders.

Design patterns

Central creation and provision of design patterns accelerates migrations by saving toil at the use case level. A design team with sufficient empowerment and the right SMEs can do it once and get it right. This should include taking designs through architectural and security controls in order to save multiple application teams from having to do so. There needs to be enough design patterns of course: not all use cases can be supported by the same architecture and, as ever, effective communication is the oil of the machine. Consuming teams must be provided with the means to understand the implicit technical decisions and their suitability to individual use cases.

Security processes

Security on the cloud is critical and the opportunity to implement a ground-up policy should result in improved defences. However, the processes of managing change must also be enhanced. Failure to do this can lead to throughput constraints for migrating applications due to blocks on critical functionality. Close co-operation between cloud product, security and application teams will generate disproportionate benefits through mutual awareness of product security features and security policy for usage. Established design patterns can undergo security validation once only, after which the need for detailed analysis of every consuming application is removed.

The road ahead

Every migration programme is different, and there will always be a balance between centralised control and leveraging the initiative and use case knowledge of application delivery teams. Establishing this balance to enable delivery that is both timely and compliant depends on effective channels of communication between affected parties.

There are universal headwinds around the justification of large-scale migrations. The extent to which IT and business processes must be adapted to support migration execution is significant, and can lead to delays, disillusionment and compromises that erode the benefits. Business leaders are rightly focused on functional improvements, not technical innovation for the sake of technical innovation. Perceptions of future benefits from AI, cost efficiency and better data monetisation might help, but jam tomorrow will only go so far. The scale of effort and expense of cloud migration, as well as its strategic impact, demands a detailed roadmap that shows how and when benefits will be delivered. A sophisticated approach can be used to demonstrate programmes paying for themselves before they are completed, which should include the identification and prioritisation of quick wins within the migration backlog that can deliver high ROI early on.

Even on a happy path, programmes last for a number of years, with an initial rush being followed by a stream of applications that can only move when the right product becomes available, data dependencies are met or the regulatory regime allows. Jumping in both feet first, moving fast and breaking things, or not having visionary commitment from the most senior stakeholders, are all recipes for catastrophe. On the other hand, unlocking the benefits from cloud is necessary for financial services enterprises to remain competitive. Effective and controlled migration planning and delivery offers the opportunity to exceed the competition.