10:12 AM
Chris Perretta, State Street CIO, on Building A Secure Cloud
We sat down with Chris Perretta, CIO of Boston-based State Street ($1.90 trillion in assets under management), last week to find out what is happening with the bank's IT transformation and private cloud project.
As part of an overall IT transformation, State Street is building a production-ready internal cloud that's due to go live in April. (The bank has already tested two private clouds.) "It's a new mechanism for operating applications that's more cost-effective to operate, runs on commodity hardware; and is infinitely expandable and quick to deploy to," Perretta says. "If I have an application I want to put in production, our tests have shown that I can deploy it in five minutes to bare metal." Often software developers will say it takes ten weeks or more to obtain a configured server from IT.
Perretta would not divulge specific technologies the bank is using in its cloud, other than to say it involves commodity hardware and open source and custom software.
One thing that differentiates State Street's cloud from other banks' is that it is building a security framework for it. "We do a lot of custom work, we build very specialized systems for worldwide custody and funds accounting type systems," Perretta explains. "Security, control, auditability, and transparency are always job one in the business we're in." The security framework will include federated identity management and role-based security. "The technology is hard, but it's even harder for the business to define this is your job, this is what you get to see, especially for systems that may not have been built at that level of specificity," he notes.
When this security work is completed, the cloud will have built-in provisioning rules; it will know who may see which data and access which applications. Perretta believes the bank's private cloud will be more secure than most traditional computing environments.
On the hardware utilization side, like many organizations, State Street struggles with low server utilization rates, especially with the way it provides high availability through redundancy and failovers. In some cases the bank has three extra servers for every production server -- one that sits next to the production server in the same data center for failover, and a primary and redundant backup server at the disaster recover site. With applications running over a cloud that encompasses multiple data centers, utilization numbers could increase dramatically.
The first thing State Street will use its new cloud for is application testing. "When we bring clients into our system there's very extensive testing," Perretta says. "We test at very high volume in big environments. In the old model, you had to replicate the production environment. But now, with the flexibility of the cloud, you're going to be able to deploy test environments rapidly. For us, that's a big piece of it."
In another component of its IT transformation, State Street is reviewing all 1,000 of its major home-grown applications for efficiency and building a software framework that facilitates sharing among its developers. "We're really after speed on the development side and you get speed three ways -- you work the right projects; you share code, application services and people; and you get better utilization of hardware," he says. Eventually the applications will also share common data definitions.
Getting developers to share is not always easy; programmers tend to like to be autonomous. But Perretta says the bank has proven, by decomposing an application into building blocks that cover components such as laws in particular countries that developers can develop more rapidly. "It's a cultural change that says if you as an engineer or a programmer have got code that a lot of people use, you're more valuable" than someone who does not generate such sharable resources.
An architecture group is in charge of creating the methods and toolsets needed to build applications in reusable pieces. "There's a different way of looking at how you design systems in this environment that's a key aspect of what we need to do," Perretta says. "Your philosophy about how to design things is different in an environment where you have infinite computing power and a lot of things going on in parallel. The old model was, do something, post it, get feedback, post it again. In this model, you have infinite computing power to play with so you may structure your program differently."
Creating applications in reusable chunks could help a bank switch vendors or share people among teams more easily, Perretta says.
"We can't rewrite our entire application set overnight," Perretta notes. "But we think this lays the groundwork for a good portion of our application set over time. We're also working hard on the data side, to be more structured as to how we share data among our applications. If we can do that, we know we can drive tremendous productivity in the business and IT."
Perretta recently promoted the bank's chief architect to be a direct report of his. The chief architect has also been working with a team that did lean work in the bank's operations group. "The lean operations folks go in and find inefficiencies and try to figure out what's causing them," he says. "Then our architects can get to the root cause of the inefficiency." Some programs will be rewritten, others will be "sunsetted." In all, about two-thirds of the bank's applications will be dramatically affected by this sweeping transformation.