Nordic APIs, profile picture
Uploaded byNordic APIs
PPTX, PDF46 views

Getting Better at Risk Management Using Event Driven Mesh Architecture - Raghavan Sadagopan & Lakshmi Narayana, CapitalOne

Capital One has transitioned to a cloud-first strategy and focuses on risk management through event-driven mesh architecture, which enhances real-time monitoring and response to risks. Their investment in technology includes a robust infrastructure, a culture of open-source contributions, and a commitment to creating exceptional banking experiences for customers. The document also outlines fundamental concepts of risk management and the architecture underlying event-driven systems.

Embed presentation

Download to read offline
Public Getting better at Risk Management through Event Driven Mesh Architecture Raghavan Sadagopan & Lakshmi Narayana
We recognized early on that the winners in banking will be great technology companies Shifted to 100% agile model for delivering software Began externalizing solutions developed internally Completed our move to the public cloud Modernized our data ecosystem on the cloud Began to modernize our architecture with RESTful APIs Became Open Source first Declared we are all in on the public cloud 2013 2014 2015 2016 2017 2020 2021
We Are ● Tech is central to everything we do at Capital One: for nearly a decade, we have invested and invented like the very best technology companies ● Our world-class, in-house technology team now numbers 12,000+ people, most of which are engineers ● We're all in on the cloud like no other bank out there, which enables us to create exceptional, innovative experiences for our customers ● Advanced, automated DevOps and CI/CD approaches mean engineers spend more time at the top of the tech stack building new and unique digital banking experiences
Cloud Computing In 2020, we left our data centers to create exceptional banking experiences for our customers, becoming the first bank to go all-in on the public cloud ○ Going all in on the cloud—and embracing cloud- native services like serverless computing— has enabled instant provisioning of infrastructure and rapid innovation ○ Today, we're using real-time, streaming data at scale, machine learning, and the power of the cloud to solve unique, challenging technology problems and deliver intelligent, personalized solutions that benefit millions of customers ○ Capital One Shopping, built in the cloud with microservices architecture and streaming data, helps customers save money shopping online by automatically finding lower prices, coupons and online credits
Open Source Software Capital One made an “open source first” declaration in 2014 and that’s when we made our first contributions to the open source community. ○ We sponsor FINOS, Python, Continuous Delivery and the Cloud Native Computing Foundations to help keep open source sustainable ○ Capital One’s contributions to the open source community have been significant and we've released more than 40 of our own software projects ○ We’ve invested for years to build the culture and governance required to be open source-first in a highly regulated industry Featured Open Source Projects: Data Profiler, Rubicon-ML and Hygieia
Want to learn more? ● Want to learn more about our Tech? Check out Capital One Tech to find out more about enterprise software solutions, ideas and stories. ● At Capital One, we celebrate and honor the differences that makes us all unique- inside and outside of work. Help us create a more equitable future for all! Join us! Visit Capital One Careers to view our open roles. ● Follow us on Twitter at CapitalOneTech
• Basics of Risk Management • Event Mesh • Risk Management use cases • Point of view Architecture Agenda
Public What is a Risk Management? Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations. These risks stem from a variety of sources, including financial uncertainties, legal liabilities, technology issues, strategic management errors, accidents and natural disasters. A successful risk management program helps an organization consider the full range of risks it faces. Risk management also examines the relationship between different types of business risks and the cascading impact they could have on an organization's strategic goals. Source: Blog from TechTarget.com
Public Some basics of Risk Management as defined by the International Organization for Standardization (ISO) Objective result to be achieved Organization person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives Risk effect of uncertainty on objectives Risk Management coordinated activities to direct and control an organization with regard to risk Source: Risk management - Vocabulary (ISO 31073:2022)
Public The first step to get better at Risk Management is to get better at identifying the risks Identify sources of the risk, areas of impact, events (including changes in circumstances) and their causes and potential consequences. In identifying the risk, consider these kinds of questions: • What could happen? • How could it happen? • Where could it happen? • Why might it happen? • What might be the impact?
Public What is an Event-Driven Mesh Architecture(EDMA)? An event mesh is a communication layer that enables the seamless exchange of events (data/messages) between various applications, services, and systems in a distributed and decoupled manner. The primary purpose of an event mesh is to simplify and optimize event-driven communication within a complex ecosystem of applications.
Public Using an event mesh for risk management can enhance the real-time monitoring, analysis, and response to potential risks within an organization Event Sources Identify various sources of events within your organization that may be related to risks. These sources can include financial data, security logs, market data, IoT devices, customer interactions, and more. Event Routing and Processing Implement an event mesh to efficiently route events from different sources to the appropriate risk management applications and services. The event mesh can handle the complex routing logic based on predefined rules. Real-time Monitoring Use the event mesh to provide real-time monitoring capabilities. Events related to potential risks can be continuously streamed to risk monitoring dashboards and analytics systems. Risk Detection Implement risk detection algorithms and models that analyze incoming events in real- time. These algorithms can identify patterns, anomalies, and indicators of potential risks. The event mesh ensures that relevant events are delivered promptly to the detection systems. Alerting and Notification Set up alerting mechanisms within your event mesh to notify risk managers or relevant stakeholders when a potential risk is detected. Alerts can be sent via various channels, such as email, SMS, or integration with collaboration tools. Compliance and Reporting Use the event mesh to facilitate compliance monitoring and reporting. It can capture and log events relevant to compliance requirements, making it easier to demonstrate adherence to regulations.
Public Point of view Architecture
Public Key Components of Event Driven Architecture Event Routers Event Consumer Event Consumers Events Event Consumer
Public Implementing EDMA using modern AWS Serverless Technologies
Public Building Scalable & High Resiliency Architecture Serverless Technologies Multi Availability Zone (AZ) deployment Multi Region Active / Active mode Enhanced Monitoring
Public Benefits of Event Driven Architecture Scalability Fault Tolerance Loose Coupling Modularity Responsiveness Reduced Cost
Public Best Practices of Event Driven Architecture Security Measures Event Contracts Event Sourcing Observability Documentation Governance Process
Public Q & A

More Related Content

PPTX
CloudAnalytics_RiskMgt
byTarun Arora
 
PPTX
Risk management and IT technologies
byHadi Fadlallah
 
DOCX
future internetArticleERMOCTAVE A Risk Management Fra.docx
bygilbertkpeters11344
 
DOCX
Future internet articleermoctave a risk management fra
byarnit1
 
DOCX
future internetArticleERMOCTAVE A Risk Management Fra
byDustiBuckner14
 
PPTX
D5a_Risk_IT_slides.pptx enterprise information technology resource management...
byPhaneendraSai3
 
PPTX
Strategic Enterprise Risk and Data Architecture
bySandeepMaira
 
PPTX
Strategic Enterprise Risk and Data Architecture
bySandeepMaira
 
CloudAnalytics_RiskMgt
byTarun Arora
 
Risk management and IT technologies
byHadi Fadlallah
 
future internetArticleERMOCTAVE A Risk Management Fra.docx
bygilbertkpeters11344
 
Future internet articleermoctave a risk management fra
byarnit1
 
future internetArticleERMOCTAVE A Risk Management Fra
byDustiBuckner14
 
D5a_Risk_IT_slides.pptx enterprise information technology resource management...
byPhaneendraSai3
 
Strategic Enterprise Risk and Data Architecture
bySandeepMaira
 
Strategic Enterprise Risk and Data Architecture
bySandeepMaira
 

Similar to Getting Better at Risk Management Using Event Driven Mesh Architecture - Raghavan Sadagopan & Lakshmi Narayana, CapitalOne

PDF
Financial organization-orm
byMetricStream Inc
 
PPT
Don't risk it presentation
byVincent Kwon
 
PPTX
01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptx
byjamiejohngianna
 
PDF
How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...
byDana Gardner
 
PPTX
Cybersecurity for Real Estate & Construction
byAronson LLC
 
PDF
CNIT 160: 3. Information Risk Management (Part 4)
bySam Bowne
 
PPTX
Identifying Your Agency's Vulnerabilities
byEmily2014
 
PDF
Building Risk Management into Enterprise Architecture
byiasaglobal
 
PPTX
Info sec 2011 julen c mohanty
byJulen Mohanty
 
PPTX
Info sec 2011 julen c mohanty
byJulen Mohanty
 
PPTX
Does Anyone Remember Enterprise Security Architecture?
byrbrockway
 
PPTX
Enterprise Risk Management for the Digital Transformation Age
byCareer Communications Group
 
PPTX
Risk - IT Services
byNema Chhaya Buch
 
PDF
Management of Risk and its integration within ITIL
byhdoornbos
 
PPTX
Security architecture frameworks
byJohn Arnold
 
PDF
CNIT 160: Ch 3d: Operational Risk Management
bySam Bowne
 
PPTX
Beawre pitch
byPrivacy Data Protection for Engineering
 
PDF
Agiliance Wp Key Steps
byagiliancecommunity
 
PDF
Agiliance Whitepaper - Six Key Steps
byagiliancecommunity
 
PPT
FERMA presentation at Parima conference
byFERMA
 
Financial organization-orm
byMetricStream Inc
 
Don't risk it presentation
byVincent Kwon
 
01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptx
byjamiejohngianna
 
How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...
byDana Gardner
 
Cybersecurity for Real Estate & Construction
byAronson LLC
 
CNIT 160: 3. Information Risk Management (Part 4)
bySam Bowne
 
Identifying Your Agency's Vulnerabilities
byEmily2014
 
Building Risk Management into Enterprise Architecture
byiasaglobal
 
Info sec 2011 julen c mohanty
byJulen Mohanty
 
Info sec 2011 julen c mohanty
byJulen Mohanty
 
Does Anyone Remember Enterprise Security Architecture?
byrbrockway
 
Enterprise Risk Management for the Digital Transformation Age
byCareer Communications Group
 
Risk - IT Services
byNema Chhaya Buch
 
Management of Risk and its integration within ITIL
byhdoornbos
 
Security architecture frameworks
byJohn Arnold
 
CNIT 160: Ch 3d: Operational Risk Management
bySam Bowne
 
Beawre pitch
byPrivacy Data Protection for Engineering
 
Agiliance Wp Key Steps
byagiliancecommunity
 
Agiliance Whitepaper - Six Key Steps
byagiliancecommunity
 
FERMA presentation at Parima conference
byFERMA
 

More from Nordic APIs

PPTX
How to Choose the Right API Platform - We Have the Tool You Need! - Mikkel Iv...
byNordic APIs
 
PPTX
Bulletproof Backend Architecture: Building Adaptive Services with Self-Descri...
byNordic APIs
 
PDF
Implementing Zero Trust Security in API Gateway with Cilium - Pubudu Gunatila...
byNordic APIs
 
PPTX
Event-Driven Architecture the Cloud-Native Way - Manuel Ottlik, HDI Global SE
byNordic APIs
 
PPTX
Navigating the Post-OpenAPI Era with Innovative API Design Frameworks - Danie...
byNordic APIs
 
PDF
Using Typespec for Open Finance Standards - Chris Wood, Ozone API
byNordic APIs
 
PPTX
Schema-first API Design Using Typespec - Cailin Smith, Microsoft
byNordic APIs
 
PPTX
Avoiding APIpocalypse; API Resiliency Testing FTW! - Naresh Jain, Xnsio
byNordic APIs
 
PPTX
How to Build an Integration Platform with Open Source - Magnus Hedner, Benify
byNordic APIs
 
PPTX
API Design First in Practise – An Experience Report - Hari Krishnan, Specmatic
byNordic APIs
 
PPTX
The Right Kind of API – How To Choose Appropriate API Protocols and Data Form...
byNordic APIs
 
PPTX
Why Frequent API Hackathons Are Key to Product Market Feedback and Go-to-Mark...
byNordic APIs
 
PPTX
Maximizing API Management Efficiency: The Power of Shifting Down with APIOps ...
byNordic APIs
 
PPTX
APIs Vs Events - Bala Bairapaka, Sandvik AB
byNordic APIs
 
PPTX
GraphQL in the Post-Hype Era - Daniel Hervas, Reckon Digital
byNordic APIs
 
PPTX
From Good API Design to Secure Design - Axel Grosse, 42Crunch
byNordic APIs
 
PPTX
API Revolution in IoT: How Platform Engineering Streamlines API Development -...
byNordic APIs
 
PPTX
Unlocking the ROI of API Platforms: What Success Actually Looks Like - Budhad...
byNordic APIs
 
PDF
Increase Your Productivity with No-Code GraphQL Mocking - Hugo Guerrero, Red Hat
byNordic APIs
 
PPTX
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Theodo ...
byNordic APIs
 
How to Choose the Right API Platform - We Have the Tool You Need! - Mikkel Iv...
byNordic APIs
 
Bulletproof Backend Architecture: Building Adaptive Services with Self-Descri...
byNordic APIs
 
Implementing Zero Trust Security in API Gateway with Cilium - Pubudu Gunatila...
byNordic APIs
 
Event-Driven Architecture the Cloud-Native Way - Manuel Ottlik, HDI Global SE
byNordic APIs
 
Navigating the Post-OpenAPI Era with Innovative API Design Frameworks - Danie...
byNordic APIs
 
Using Typespec for Open Finance Standards - Chris Wood, Ozone API
byNordic APIs
 
Schema-first API Design Using Typespec - Cailin Smith, Microsoft
byNordic APIs
 
Avoiding APIpocalypse; API Resiliency Testing FTW! - Naresh Jain, Xnsio
byNordic APIs
 
How to Build an Integration Platform with Open Source - Magnus Hedner, Benify
byNordic APIs
 
API Design First in Practise – An Experience Report - Hari Krishnan, Specmatic
byNordic APIs
 
The Right Kind of API – How To Choose Appropriate API Protocols and Data Form...
byNordic APIs
 
Why Frequent API Hackathons Are Key to Product Market Feedback and Go-to-Mark...
byNordic APIs
 
Maximizing API Management Efficiency: The Power of Shifting Down with APIOps ...
byNordic APIs
 
APIs Vs Events - Bala Bairapaka, Sandvik AB
byNordic APIs
 
GraphQL in the Post-Hype Era - Daniel Hervas, Reckon Digital
byNordic APIs
 
From Good API Design to Secure Design - Axel Grosse, 42Crunch
byNordic APIs
 
API Revolution in IoT: How Platform Engineering Streamlines API Development -...
byNordic APIs
 
Unlocking the ROI of API Platforms: What Success Actually Looks Like - Budhad...
byNordic APIs
 
Increase Your Productivity with No-Code GraphQL Mocking - Hugo Guerrero, Red Hat
byNordic APIs
 
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Theodo ...
byNordic APIs
 

Recently uploaded

PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
How to Evaluate a High Performance Database
byScyllaDB
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
How to Evaluate a High Performance Database
byScyllaDB
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 

Getting Better at Risk Management Using Event Driven Mesh Architecture - Raghavan Sadagopan & Lakshmi Narayana, CapitalOne

  • 1.
    Public Getting better atRisk Management through Event Driven Mesh Architecture Raghavan Sadagopan & Lakshmi Narayana
  • 2.
    We recognized earlyon that the winners in banking will be great technology companies Shifted to 100% agile model for delivering software Began externalizing solutions developed internally Completed our move to the public cloud Modernized our data ecosystem on the cloud Began to modernize our architecture with RESTful APIs Became Open Source first Declared we are all in on the public cloud 2013 2014 2015 2016 2017 2020 2021
  • 3.
    We Are ● Techis central to everything we do at Capital One: for nearly a decade, we have invested and invented like the very best technology companies ● Our world-class, in-house technology team now numbers 12,000+ people, most of which are engineers ● We're all in on the cloud like no other bank out there, which enables us to create exceptional, innovative experiences for our customers ● Advanced, automated DevOps and CI/CD approaches mean engineers spend more time at the top of the tech stack building new and unique digital banking experiences
  • 4.
    Cloud Computing In 2020,we left our data centers to create exceptional banking experiences for our customers, becoming the first bank to go all-in on the public cloud ○ Going all in on the cloud—and embracing cloud- native services like serverless computing— has enabled instant provisioning of infrastructure and rapid innovation ○ Today, we're using real-time, streaming data at scale, machine learning, and the power of the cloud to solve unique, challenging technology problems and deliver intelligent, personalized solutions that benefit millions of customers ○ Capital One Shopping, built in the cloud with microservices architecture and streaming data, helps customers save money shopping online by automatically finding lower prices, coupons and online credits
  • 5.
    Open Source Software CapitalOne made an “open source first” declaration in 2014 and that’s when we made our first contributions to the open source community. ○ We sponsor FINOS, Python, Continuous Delivery and the Cloud Native Computing Foundations to help keep open source sustainable ○ Capital One’s contributions to the open source community have been significant and we've released more than 40 of our own software projects ○ We’ve invested for years to build the culture and governance required to be open source-first in a highly regulated industry Featured Open Source Projects: Data Profiler, Rubicon-ML and Hygieia
  • 6.
    Want to learnmore? ● Want to learn more about our Tech? Check out Capital One Tech to find out more about enterprise software solutions, ideas and stories. ● At Capital One, we celebrate and honor the differences that makes us all unique- inside and outside of work. Help us create a more equitable future for all! Join us! Visit Capital One Careers to view our open roles. ● Follow us on Twitter at CapitalOneTech
  • 7.
    • Basics ofRisk Management • Event Mesh • Risk Management use cases • Point of view Architecture Agenda
  • 8.
    Public What is aRisk Management? Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations. These risks stem from a variety of sources, including financial uncertainties, legal liabilities, technology issues, strategic management errors, accidents and natural disasters. A successful risk management program helps an organization consider the full range of risks it faces. Risk management also examines the relationship between different types of business risks and the cascading impact they could have on an organization's strategic goals. Source: Blog from TechTarget.com
  • 9.
    Public Some basics ofRisk Management as defined by the International Organization for Standardization (ISO) Objective result to be achieved Organization person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives Risk effect of uncertainty on objectives Risk Management coordinated activities to direct and control an organization with regard to risk Source: Risk management - Vocabulary (ISO 31073:2022)
  • 10.
    Public The first stepto get better at Risk Management is to get better at identifying the risks Identify sources of the risk, areas of impact, events (including changes in circumstances) and their causes and potential consequences. In identifying the risk, consider these kinds of questions: • What could happen? • How could it happen? • Where could it happen? • Why might it happen? • What might be the impact?
  • 11.
    Public What is anEvent-Driven Mesh Architecture(EDMA)? An event mesh is a communication layer that enables the seamless exchange of events (data/messages) between various applications, services, and systems in a distributed and decoupled manner. The primary purpose of an event mesh is to simplify and optimize event-driven communication within a complex ecosystem of applications.
  • 12.
    Public Using an eventmesh for risk management can enhance the real-time monitoring, analysis, and response to potential risks within an organization Event Sources Identify various sources of events within your organization that may be related to risks. These sources can include financial data, security logs, market data, IoT devices, customer interactions, and more. Event Routing and Processing Implement an event mesh to efficiently route events from different sources to the appropriate risk management applications and services. The event mesh can handle the complex routing logic based on predefined rules. Real-time Monitoring Use the event mesh to provide real-time monitoring capabilities. Events related to potential risks can be continuously streamed to risk monitoring dashboards and analytics systems. Risk Detection Implement risk detection algorithms and models that analyze incoming events in real- time. These algorithms can identify patterns, anomalies, and indicators of potential risks. The event mesh ensures that relevant events are delivered promptly to the detection systems. Alerting and Notification Set up alerting mechanisms within your event mesh to notify risk managers or relevant stakeholders when a potential risk is detected. Alerts can be sent via various channels, such as email, SMS, or integration with collaboration tools. Compliance and Reporting Use the event mesh to facilitate compliance monitoring and reporting. It can capture and log events relevant to compliance requirements, making it easier to demonstrate adherence to regulations.
  • 13.
  • 14.
    Public Key Components ofEvent Driven Architecture Event Routers Event Consumer Event Consumers Events Event Consumer
  • 15.
    Public Implementing EDMA usingmodern AWS Serverless Technologies
  • 16.
    Public Building Scalable &High Resiliency Architecture Serverless Technologies Multi Availability Zone (AZ) deployment Multi Region Active / Active mode Enhanced Monitoring
  • 17.
    Public Benefits of EventDriven Architecture Scalability Fault Tolerance Loose Coupling Modularity Responsiveness Reduced Cost
  • 18.
    Public Best Practices ofEvent Driven Architecture Security Measures Event Contracts Event Sourcing Observability Documentation Governance Process
  • 19.

Editor's Notes

  • #9 https://www.techtarget.com/searchsecurity/definition/What-is-risk-management-and-why-is-it-important
  • #10 https://www.iso.org/obp/ui/en/#iso:std:iso:31073:ed-1:v1:en 3.1.2 objective result to be achieved Note 1 to entry: An objective can be strategic, tactical or operational. Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process). Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as a management system objective, or by the use of other words with similar meaning (e.g. aim, goal, target). 3.1.1 risk effect of uncertainty (3.1.3) on objectives (3.1.2) Note 1 to entry: An effect is a deviation from the expected. It can be positive, negative or both, and can address, create or result in opportunities (3.3.23) and threats (3.3.13). Note 2 to entry: Objectives can have different aspects and categories, and can be applied at different levels. Note 3 to entry: Risk is usually expressed in terms of risk sources (3.3.10), potential events (3.3.11), their consequences (3.3.18) and their likelihood (3.3.16). 3.2.1 risk management coordinated activities to direct and control an organization (3.3.7) with regard to risk (3.1.1)
  • #12 Here's the image representing an event mesh for risk management in a futuristic and abstract style. It features a complex network of interconnected nodes and pathways, with neon colors highlighting the information flow and decision-making processes, set against a backdrop of cityscapes and corporate buildings. This visual captures the advanced technology and analytical insight associated with event mesh in risk management.
  • #15 Thanks Raghavan! As we saw in previous slides, Capital One is leveraging AWS to build modern applications. Any Event driven architecture typically consists of Event Producers, Event Routers and Event Consumers. A producer publishes an event to the router, which filters and pushes the events to consumers. Producer services and consumer services are decoupled, which allows them to be scaled, updated, and deployed independently.
  • #17 Implementing event driven using serverless technologies. Since we are talking about Risk Management and it’s a very complex system with several different types of users, system integrations, notifications , complex approval flow in each component. Here is the one of the ways to leverage modern serverless event driven mode using AWS event bridge as the router: Event Producers: Can be Risk Officers —> whose job is identifying Risk, Assessing Risk -> When an risk is identified, in the complex risk management eco system, we would like to have Target systems notified in certain conditions so that the systems act in a decoupled and reactive way. Rather than consumers polling data in a traditional way, now the events have become more reactive and leveraging Event bridge rules simplifies lot of boiler code and makes it easy to configure and scale the targets. IN future if we want to add a new system that listens to the High risk events —> we can pretty quick add the integration with low code solution.
  • #18 Serverless workloads like Fargate/ Lambdas/ Event Bridge inherently scale and handle failures gracefully. They are cost efficient, Zero server management, high availability and high performance. Global Endpoints by event bridge helps in resiliency as it maintains the replication and provides replay mechanism for our consumers Next One is Muti AZ Deployment - In an event of AZ1 failure - our application will be still operating. In case of Database write instance failure - AWS will takes care of promoting available Reader instance to master automatically. Multi Region Deployment - Active Active mode - We have deployed our infra in 2 regions and the compute layer here is taking traffic on both regions making it high availability. Enhanced Monitoring: The success of an application greatly relies on the importance of effective application monitoring. We use AWS CloudWatch - For application logs, Container insights AWS X-ray for distributed tracing w/ underlying services And Some external monitoring solutions. Given the critical nature of platforms, we conducted thorough and regular performance testing, adapting our infrastructure configurations to meet the specific requirements of our tenants.
  • #19  **Scalability:** EDA allows for horizontal scaling, as components can be independently scaled based on their event processing needs. This makes it easier to manage resource allocation and handle varying loads. **Loose Coupling:** Components are independent, reducing interdependence and improving system flexibility. This loose coupling facilitates easier changes, updates, and maintenance of individual components without impacting others. Simplified Communication. Modularity: The modular nature of EDA allows teams to develop, deploy, and update components independently, leading to faster iteration and innovation. **Resilience and Fault Tolerance:** The decoupled nature of EDA means that the failure of one component does not directly impact others. This isolation helps improve the overall system's resilience and fault tolerance. **Real-time Responsiveness:** EDA enables systems to respond immediately to events as they occur, making it ideal for applications that require real-time processing, such as fraud detection, IoT systems, and user interaction scenarios.Asynchronous Processing . Cost Reduction: Efficient Resource Utilization, Reduced Development and Maintenance Costs, Reduced Integration Costs, Automated Scaling
  • #20 Define Clear Event Contracts:** Establish well-defined contracts for events, including their structure, format, and metadata. This ensures consistency and interoperability across different components and services. Event Sourcing: Store events as a source of truth for system state. Monitoring and Logging: Implement robust monitoring and logging for effective debugging. Security Measures: Use encryption and authentication mechanisms to secure event communication. Documentation: Maintain comprehensive documentation for understanding event flows and system architecture