Borderless Access - Global B2B Panel book-unlock 2024
Cloud-first Analytics since 2015 - AON ACIA
1. Prepared by Aon Inpoint | February 2016 | Data Classification: NBI
Cloud-first Analytics since 2015
Aon Centre for Innovation & Analytics
2. Aon Inpoint | February 2016 | Proprietary & Confidential | Data Classification: NBI
120+ staff
Data Analysts | Data Scientists
| Business Analysts | IT Development,
Database & Infrastructure Specialists
Platforms, Projects & Services
multi-channel web portals | ad-hoc
reporting | statistical analysis |
machine learning initiatives
Dublin Centre for Innovation and Analytics at the heart of Aon Inpoint
Agile Scrum
18 cross-functional teams |
2 weekly sprints |
incremental releases
Aon Inpoint & ACIA (Dublin)
3. Aon Inpoint | February 2016 | Proprietary & Confidential | Data Classification: NBI
One of the world’s largest repositories of risk
and insurance placement information
Aon’s Global Risk Insight Platform (GRIP)
Telling stories with data
Global Data Pipelines | Change Data Capture |
Structured/Semi-structured | Spikey Workloads
Global Reach | User Experience (UX) focus |
Visually Impactful
4. Aon Inpoint | February 2016 | Proprietary & Confidential | Data Classification: NBI
Typical reference architecture for analytics
Data Transformation & AnalysisData Lake Ingestion
Database
File/Object
Storage
Message
Channel
consume
Data Warehouses
Advanced Analysis
Mart
Marts
Mart
Mart
Analytics
Distribution
Bespoke
Analysis
Reports
APIs
Web Portal
Dashboards
Application Middleware
OrchestrationData Sources
Transactional
Systems
Documents
Public
Sources
Reference
Data
Logs
SQL
APIs
JSON/
XML
SFTP/
PUT
Metadata Workflow & BatchMessaging
Technology Management
MonitoringSecurity Backup & Recovery
ITIL Service
Management
integrate
Logging & Audit.
5. Aon Inpoint | February 2016 | Proprietary & Confidential | Data Classification: NBI
Drivers for AWS cloud adoption
Performance and Productivity
Poor server performance
Re-purposing/refreshing hardware
Capacity planning fails
Cumbersome work practices
Engagement
Believe in better
Focus on business differentiation
Promote experimentation & fail-fast
Drive innovation
Develop careers
Costs and Risks
Poor utilisation
Responsiveness to change
Emerging security standards
Ageing hardware / EoL
Separation of duties
Platform for Growth
Global user base
Data increase across 4V’s
Auto-scaling analytics
Democratisation of data
Relentless business appetite
6. Aon Inpoint | February 2016 | Proprietary & Confidential | Data Classification: NBI
In order to carry a positive action…
…we start with a positive
vision:
To deliver a secure
infrastructure environment for
our Analytics, with the compute
power to match our appetite
Productionisation
Risk/View Build
Path-to-Live
Compliance & Security
Experimentation
Comms & Education
7. Aon Inpoint | February 2016 | Proprietary & Confidential | Data Classification: NBI
Agile Scrum for Infrastructure? Yes we can!...
…transformed our delivery model…
ACIA Agile
Cloud Team
Global Aon
Tech
Teams
ACIA Agile
Delivery
Teams
• Cross-functional, long-living teams (7-9)
• Grouped & aligned to products & services
• Value-driven priorities set by PO
• 2 week synchronized sprint cycles
• Daily stand-ups; retros, show & tells etc.
8. Aon Inpoint | February 2016 | Proprietary & Confidential | Data Classification: NBI
…and defined our roadmap…
9. Aon Inpoint | February 2016 | Proprietary & Confidential | Data Classification: NBI
• Changing people
• Lean in - Sleeves-up - Hands-on
• 15 certifications in 8 months
• Culture of experimentation
• Auto-scaling ETL thru S3 & ASG
• Redshift 7x faster than on-prem
• Innovator’s duty to share
• Don’t wait – collaborate
Built competency through changing culture…
“The only source
of knowledge is
experience”
10. Aon Inpoint | February 2016 | Proprietary & Confidential | Data Classification: NBI
Relentless focus on risk
We looked at cloud against a range of concerns:
Logical Access (IAM), Encryption-at-rest/in-transit, Physical Access, Data Centre
Management, Bad/Noisy Neighbours, Backup & Recovery, Logging & Audit., Vulnerability
management, Intrusion detection/prevention, Monitoring, Incident response, Vendor lock-in, Data Protection, Contractual risks…..
And throughout the adoption, we’ve continued to look at:
Technical Risk
• Solution context
• Knowledge & experience
• Security assessments per service
• Reference architectures
• Policies & standards
Delivery Risk
• Current state à Target state
• Lift & Shift vs. Re-architecture:
• Workload isolation
• EoL
• Strategic importance
• Fit for cloud
• 3rd party suppliers
Process & Control Risk
• Governance & Compliance
• RBAC segregation of duties
• Filling infra. capability gaps
• ITIL service management
• Hybrid/Transition state
• Automation
11. Aon Inpoint | February 2016 | Proprietary & Confidential | Data Classification: NBI
1 year on: ACIA and cloud-first analytics
ü ~100 servers + PaaS
ü 10+ new per week – process-controlled w/ CloudFormation
ü Segregation of environments through multiple VPCs
ü ADFS & IAM with MFA
ü ACLs, SGs and third-party application firewalls
ü AWS as a managed environment - extension of Aon network
ü AMIs baked with hardened configuration (meeting audit standards)
ü 10Gb secure Direct Connect line from Aon to AWS
ü Cost optimisation: tag-driven auto-shutdown; right-sizing and RIs
ü Great adoption of Open Source Software
ü Wider adoption of PaaS for ACIA Data Lake
ü Dockerized instances for production-strengthening of workloads
ü Contributing heavily to Aon cloud strategy, standards and policies
12. Aon Inpoint | February 2016 | Proprietary & Confidential | Data Classification: NBI
Cloud architecture example: Data Lake
13. Aon Inpoint | February 2016 | Proprietary & Confidential | Data Classification: NBI
Cloud architecture example: Analytics Engine
14. Aon Inpoint | February 2016 | Proprietary & Confidential | Data Classification: NBI
Cloud Strategy for 2016 – the journey continues…
Strategic Direction
Puppet for orchestration
above O/S layer
DevOps - freedom for our
builders (refine RBAC)
DB roadmap: from
SQL/Oracle to Redshift /
PostgreSQL / Aurora
ETL: spot instances and
auto-scaling of lower
instances
CDN through AWS
CloudFront
Increased instrumentation
“Zero infrastructure” for
certain workloads
(Lambda)
Transformed Delivery Model for IT
60% OpEx saving on
average per server
Continuously enhancing
security posture