Cost Optimization - AWSome Day Brussels

1. Adoption of Cloud in the
Finance Sector
Amazon Web Services

2. Agenda
1. Some examples in the Finance Sector
2. Why are Financial Services Firms using AWS?
3. Security & Compliance

3. “Banks aren’t being disrupted by FinTech technology,
they’re being disrupted by customer expectations.”
- McKinsey & Company
AWS – The Choice for Innovative FinTech Startups
100%
Percentage of the Inaugural Forbes
FinTech 50 that use AWS

4. ”
“
GE is Migrating 9,000 Workloads to AWS Over the Next Three Years
General Electric is the world’s Digital Industrial Company,
transforming industry with software-defined machines and
solutions that are connected, responsive, and predictive.
AWS is our trusted
partner that is going to
run our company for
the next 140 years.
Jim Fowler
CIO, General Electric
”
“ • GE had an existing, aging infrastructure built up over
the years with legacy systems and acquisitions
• Migrating more than 9,000 workloads to AWS
including 300 ERPs
• Plans to reduce datacenter footprint from 34 to 4 over
the next three years
• GE Oil & Gas division leading company-wide effort,
migrating more than half of its core applications while
cutting 52 percent in TCO
• Using AWS with agile methodologies, automation has
helped GE Oil & Gas cut outages by 98%

5. ”
“
Capital One Will Reduce Datacenter Footprint from 8 to 3 by 2018
Capital One is one of the nation’s largest banks and offers credit
cards, checking and savings accounts, auto loans, rewards, and
online banking services for consumers and businesses.
The financial service industry attracts
some of the worst cyber criminals.
We work closely with AWS to develop a
security model that we believe enables us
to operate more securely in the public
cloud than we can in our own data
centers.
Rob Alexander
CIO, Capital One
”
“ • Capital One recognized that its customers are
adopting mobile and digital platforms rapidly
• It is using AWS to develop, test, build, and run its
most critical workloads, including its new flagship
mobile-banking application
• As part of this strategy, Capital One looks to reduce its
datacenter footprint from eight to three by 2018
• Capital One selected AWS for:
o Its security model and pace of innovation
o Elasticity to handle purchasing demands at
peak times and high availability

7. Other examples in Europe
• Carlos Goncalves, Head of Global Technology Services, Societe Generale, "Using
the AWS Cloud, and the extended services offered by the platform, is an
opportunity for us to accelerate our transformation and focus on how we can
better serve our clients.”
http://www.silicon.co.uk/cloud/hsbc-aws-bank-206728

8. How about the regulator’s
use of cloud?

10. FINRA’s AWS Architecture
On-premises data center
NAS
FTPIncoming Files
Validation Data Management
Linkage
Data Analytics
Normalization Amazon EC2
Amazon
S3
Amazon
Glacier
Amazon
Redshift
Amazon
EMR
VPC
Amazon
EMR
Amazon
RDS
Machine
Learning
AWS
KMS
12

11. FINRA Usage Statistics on AWS
§ 30k+ EC2 nodes per day
§ 93%+ of EC2 usage is EMR
based (mostly SPOT)
§ 20Pb+ Storage (Amazon S3,
Amazon Glacier)
§ 60% PROD, 25% QC/UAT,
15% DEV
§ Node lifecycle:
o 50%: Under 2h
o 35%: 2h to 5h
o 15%: over 5h
0
10,000
20,000
30,000
40,000
Sun Mon Tue Wed Thu Fri Sat
31,044
35,444
32,919
36,916
29,330
25,935
20,523
Hadoop/Spark Web, App & RDS Redshift
Node Distribution for June 19-25 (~32k/day)
13
The company estimates it will save up to $20 million annually
by using AWS instead of a physical data center infrastructure.

12. The value of AWS:
Focus on differentiation
and reduce technical debt

13. What sets AWS apart?
Building and managing cloud since 2006
90+ services to support any cloud workload
History of rapid, customer-driven releases
16 regions, 42 availability zones, 68 edge locations
60 proactive price reductions to date
Thousands of partners; Thousands of Marketplace products
Experience
Service Breadth & Depth
Pace of Innovation
Global Footprint
Pricing Philosophy
Ecosystem
*as of July 31, 2014

14. Global Infrastructure
16 Regions – 42 Availability Zones – 72 Edge Locations
Region & Number of Availability Zones
AWS GovCloud (2) EU
Ireland (3)
US West Frankfurt (2)
Oregon (3) London (2)
Northern California (3)
Asia Pacific
US East Singapore (2)
N. Virginia (5), Ohio (3) Sydney (2), Tokyo (3),
Seoul (2), Mumbai (2)
Canada
Central (2) China
Beijing (2)
South America
São Paulo (3)
Announced Regions
Paris, Ningxia, Stockholm

15. Europe
EU (Ireland) Region EU (Frankfurt) Region
EC2 Availability Zones: 3 EC2 Availability Zones: 2
EU (London) Region EU (Paris) Region
EC2 Availability Zones: 2 Announced for 2017
EU (Stockholm) Region
Announced for 2018
AWS Edge Locations
Amsterdam, The Netherlands (2), Berlin, Germany, Dublin, Ireland, Frankfurt, Germany (5),
London, England (4), Madrid, Spain, Marseille, France, Milan, Italy, Paris, France (2), Stockholm,
Sweden, and Warsaw, Poland
A
Z
A
Z
A
Z A
Z
A
Z
A
Z

16. Account Support
Support
Managed
Services
Professional
Services
Partner
Ecosystem
Training &
Certification
Solution
Architects
Account
Management
Security &
Pricing Reports
Technical Acct.
Management
Marketplace
Business
Applications
DevOps Tools
Business
Intelligence
Security
Networking
Database &
Storage
SaaS
Subscriptions
Operating
Systems
Mobile
Build, Test,
Monitor Apps
Push
Notifications
Build, Deploy,
Manage APIs
Device Testing
Identity
Enterprise
Applications
Document
Sharing
Email &
Calendaring
Hosted
Desktops
Application
Streaming
Backup
Game
Development
3D Game
Engine
Multi-player
Backends
Mgmt. Tools
Monitoring
Auditing
Service Catalog
Server
Management
Configuration
Tracking
Optimization
Resource
Templates
Automation
Analytics
Query Large
Data Sets
Elasticsearch
Business
Analytics
Hadoop/Spark
Real-time Data
Streaming
Orchestration
Workflows
Managed
Search
Managed ETL
Artificial
Intelligence
Voice & Text
Chatbots
Machine
Learning
Text-to-Speech
Image Analysis
IoT
Rules Engine
Local Compute
and Sync
Device
Shadows
Device
Gateway
Registry
Hybrid
Devices & Edge
Systems
Data
Integration
Integrated
Networking
Resource
Management
VMware on
AWS
Identity
Federation
Migration
Application
Discovery
Application
Migration
Database
Migration
Server
Migration
Data Migration
Infrastructure Regions
Availability
Zones
Points of
Presence
Compute Containers
Event-driven
Computing
Virtual
Machines
Simple Servers Auto Scaling Batch
Web
Applications
Storage Object Storage Archive Block Storage
Managed File
Storage
Exabyte-scale
Data Transport
Database MariaDB
Data
Warehousing
NoSQLAurora MySQL Oracle SQL ServerPostgreSQL
Application
Services
Transcoding Step Functions Messaging
Security
Certificate
Management
Web App.
Firewall
Identity &
Access
Key Storage &
Management
DDoS
Protection
Application
Analysis
Active
Directory
Dev Tools
Private Git
Repositories
Continuous
Delivery
Build, Test, and
Debug
Deployment
Networking
Isolated
Resources
Dedicated
Connections
Load Balancing Scalable DNSGlobal CDN
The AWS
Platform
Cooperation
(Chime)
Connect

17. 16MM Ledger Saving Velocity = 50 apps/qtr.
Operational CostsWorkforce ProductivityCost AvoidanceOperational ResilienceBusiness Agility
• 98% reduction in
P1/P0’s
• 77% faster to deliver
business applications
• 52% average TCO
savings
• 35% reduction in
compute assets (792)
• 15 automated bots
developed
• 80% cloud first
adoption
• 15 cloud services
created
• 50 applications
decommissioned
• 8 cloud migration
parties
• Improved security
posture
• Shift to self-service
culture
• Rapid experimentation
• Reduced technical debt • 14M YOY Savings
• Improved Performance• Streamlined M&A
Activity
• DevOps in Practice
Progress as of May 2016
14.2M
Investment
Focus
18
Months
311 Apps
in Cloud &
14M YOY
Savings
Sample outcome – GE
http://www.slideshare.net/AmazonWebServices/demystifying-cloud-economics-how-to-build-an-investment-case-for-scale-migration-to-the-cloud-business

18. Security & Compliance

19. Client-side Data
Encryption
Server-side Data
Encryption
Network Traffic
Protection
Platform, Applications, Identity & AccessManagement
Operating System, Network & FirewallConfiguration
Customer content
AWS Shared Responsibility Model
You get to define
your controls IN the
cloud
AWS takes care of
security OF the
cloud
aws.amazon.com/compliance/shared-responsibility-model
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones Edge
Locations

20. Clear Responsibility for each party but lots of support
§ AWS Best Practices
§ Industry Standards
§ AWS Architecture for Standards
§ Internal & Regulatory Requirements
§ Service Documentation
§ AWS Workbooks
§ AWS Technology Resources
Client-side Data
Encryption
Server-side Data
Encryption
Network Traffic
Protection
Platform, Applications, Identity & AccessManagement
Operating System, Network & FirewallConfiguration
Customer content
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones Edge
Locations

21. Industry Standards and Benchmarking
CIS Amazon Web Services Foundations
Benchmark v1.0.0
Description
This document provides prescriptive guidance for
configuring security options for a subset of
Amazon Web Services with an emphasis on
foundational, testable, and architecture agnostic
settings.

22. AWS provides a deep set of cloud security tools
Virtual Private Cloud
Isolated cloud resources
Web Application Firewall
Filter Malicious Web Traffic
Shield
DDoS protection
Certificate Manager
Provision, manage, and
deploy SSL/TSL certificates
Key Management Service
Manage creation and control
of encryption keys
CloudHSM
Hardware-based key storage
Server-Side Encryption
Flexible data encryption
options
IAM
Manage user access and
encryption keys
SAML Federation
SAML 2.0 support to allow
on-prem identity integration
Directory Service
Host and manage Microsoft
Active Directory
Organizations
Manage settings for multiple
accounts
Service Catalog
Create and use standardized
products
Config
Track resource inventory and
changes
CloudTrail
Track user activity and API
usage
CloudWatch
Monitor resources and
applications
Inspector
Analyze application security
Artifact
Self-service for AWS’
compliance reports
Networking Encryption Identity & Management Compliance

23. Security and Compliance in a 3 step process
1. Understand the Shared Responsibility Model, Best Practices, White
Papers, Implementation Guides, etc.
Embed Security Expertise in the cloud team
2. Design for Security and Compliance and Automate, Automate and
Automate some more
Reduces costs and removes errors, enforces security
3. Automate Monitoring – real time with automated responses. Give
internal auditors read access on all accounts – full visibility 24/7

24. Thank You