Hybrid Clouds

A similar trend is developing in the cloud computing space.

Growing numbers of IT professionals believe that cloud computing could be the answer to their datacenter problems. Trading and market data volumes are expanding faster than firms' budgets. Infrastructure requires constant investment, as hardware quickly becomes outdated and energy costs skyrocket. Internal datacenters are an increasing budget drain, and the global recession has put an emphasis on cost reduction and efficiency like never before.

Several CIOs-who are responsible for meeting the service level agreements (SLAs) to the business-say they ultimately want to get out of the datacenter business all together.

Cloud computing offers instant scalability. Lines of business using in-house compute resources often complain that they have to wait months for the extra capacity they need to be brought online, says Damien Stevens, CEO of on-demand backup provider Servosity. "Now, with cloud computing, they can be up and running in a few hours rather than wait up to six months for IT to put in a new server farm," he says. The ability to scale up capacity on demand is very compelling.

A great example is The New York Times' initiative to digitize its vast print archives-15 million articles written between 1851 and 1922. This was a one-time procedure requiring copious compute power that, according to reports, would not have been possible without cloud capacity from Amazon.

Another exciting promise of cloud computing is the prospect of sharing data within multiparty workflows-allowing people from different firms to share information buried in a single application. Not all information is top secret-much of it is already shared between multiple parties over the telephone, or via fax or e-mail. For example, the hedge fund investment space represents a market of $1.2 trillion in subscriptions/redemptions, and the overall lifecycle is very manual today.

It would be fantastic if a hedge fund advisor and a hedge fund administrator working on the same accounts were able to see the same set of portfolio and positions data in real time, says Subhra Bose, CTO for alternative investments at Credit Suisse. "Having the application in an internal datacenter creates complexity with integration. Putting the application on the cloud means the two parties can share certain data that is already being shared, just in a manual way," Bose says.

However, despite all this promise, public cloud vendors today-such as Amazon or Rackspace-do not yet deliver what the financial services industry needs in terms of security, data segregation, and low latency-and they may never try to.

Security Concerns

Security is a particular concern, given the sensitive nature of the data that firms work with, and many firms are adopting a wait-and-see approach. "Cloud is a phenomenal way to provide resources to the business and provide immediate scale, but we think it is a way down the road-it will probably be five years before we see the security issues being addressed fully," says Eric Clarke, president of portfolio accounting service-bureau Orion Advisor Software, which provides account administration services to investment advisors with a total of $30 billion in assets under management. "We don't know what a cloud computing disaster looks like, but no one wants to be the first with egg on their faces," Clarke says.

Regulatory compliance is another problem. For example, a law might require firms to provide logs of every person who has accessed a particular system-as well as everyone that tried to access it. That level of systems reporting is not possible with public clouds, says Stevens of Servosity.

Differing data secrecy laws present another challenge. Data protection laws can be very regional or country-specific in nature, and large, global institutions need to be mindful of where certain types of customer data resides so that they do not violate local client secrecy laws. The controversy that interbank messaging service Swift encountered-after the US government subpoenaed European customer information in violation of EU data protection laws-is a prime example of how firms need to be aware of jurisdictional differences.

Public cloud SLAs don't take into account the intricacies and specific needs of the financial services industry, says Neil Palmer, partner at SunGard Consulting Services. "Most public clouds are not cross-global-very few span the globe," he says.

Given the level of regulatory scrutiny and the highly sensitive customer data financial firms deal with, the natural impulse might be to keep all computing in-house. Currently, the majority of firms that are experimenting with cloud computing are focusing on building internal clouds, and virtualizing their internal infrastructure, according to Kevin McPartland, senior analyst at the Tabb Group. There are certainly efficiencies to be gained from this, and the work involved in preparing internal applications for deployment on the cloud will be valuable. But they would still be stuck with the problem of ever expanding legacy datacenters, and CIOs will remain responsible for SLAs to provide compute capacity to the teams that need it.

Enter Hybrid

Many in the industry believe that a hybrid cloud model-where data and applications can be split between private and public clouds-is the next logical step for the financial services industry. "I think it is inevitable," says Credit Suisse's Bose.

Three major projects planned for 2010 and 2011 in the asset management space at Credit Suisse will involve cloud deployments, Bose says. "Cloud computing is a paradigm shift with regards to how infrastructure and business applications will be bought, deployed, and used by the business-and financial services is no exception. We can take that as a given, we need to go there." There will be a path of evolution from A to B however: "To go from internal datacenters to a cloud model takes time, planning and careful thinking, and many will choose to go through a hybrid model," he adds.

Firms using a hybrid cloud model would use the public cloud for non-critical data and applications-the short, easy distances in the car analogy-and switch to their own, trusted, private clouds-or back to gasoline-for mission-critical or top-secret client data.

Credit Suisse is one of the very few firms already using hybrid clouds. Partnering with enterprise-cloud providers, the Swiss bank is actively deploying cloud-based portfolio management and risk management applications to some of its employees and partners. Sensitive data resides in higher secure zones in its internal datacenter facilities, while shared data-such as generic positions and securities information-sits elsewhere on public clouds.

Challenges

It is not possible to take a regular application and simply put it on the cloud. The application must be broken down into usable services-something some firms have been talking about for the last couple of years. Most applications today are designed for use in a single datacenter, and might need to be rewritten again in order to be distributed over multiple clouds.

Second, taking a single application and sending half of its data to one cloud and the rest to another is not a trivial undertaking. It requires careful programming and a deep understanding of how the application works. This problem is exacerbated if a firm decides to use multiple clouds-public cloud providers do not guarantee the availability of capacity so some firms will probably choose to use two or three to make sure they will always have access to resources when they need them, says David Warm, CTO of Platform Computing.

Then there is the problem of compatibility between clouds. "The ability to integrate different clouds and integrate data sets is a major challenge for the whole industry," says John Avery, partner at SunGard Consulting Services.

Applications spread over multiple clouds can be tied together with so-called "edge applications," says Bose. "We have created our own edge applications to access both sets of data." The Swiss bank has filed patents for the technology it has developed to separate and combine two sets of data.

Latency is another problem: Firms are reticent about deploying cloud in the equities space and other latency-sensitive areas. In a recent survey of equities technology executives in sell-side firms, the Tabb Group found that only 4 percent of firms questioned actually had cloud deployments and most of those were internal, according to McPartland, the report's author. "Bulge-bracket firms are experimenting with cloud for things like back testing and other non mission-critical activities," McPartland says. Seventy percent of firms questioned do not have a cloud strategy at this time, although a quarter of firms said they were looking into it. Seventy-two percent of those questioned said that security was a concern.

No one is using cloud for real-time equities trading applications, McPartland says, because it does not yet meet the low-latency demands of algorithmic trading.

Avery of SunGard says he could eventually imagine low-latency clouds located within co-location datacenters inside exchanges or in hosting datacenters. "You could have a very latency-sensitive cloud and build applications to take advantage of the compute capacity there for high-frequency trading activity in the equities and futures spaces," he says. This would be complemented by a more "latency-carefree" cloud for applications to do with risk forecasting, pricing, scenario testing, where you can deal with a millisecond delay, he says. Again, this bifurcation of the cloud space would require the applications be deconstructed into specific services so that the data could be split apart and meshed back together again.

SunGard itself is in the midst of a multi-year project, dubbed Infinity, to decompose much of its existing application footprint into reusable services to be deployed on its private cloud. The firm, which has a total of 70 key solutions in deployment, has so far completed 20 Infinity software-as-a-service- (SaaS)-based projects, ranging from free-trial procurement processes to full new online solutions such as Ambit Customer Due Diligence and the AvantGard SEPA Converter. The solutions are targeted at all aspects of financial services including wealth management, institutional asset management, capital markets, banks, brokers and alternative investments.

Terminology

It is worth noting that the term "cloud computing" can mean different things to different people, and it is used broadly as a marketing term.

When many people refer to cloud computing they think about SaaS applications like online customer relationship management (CRM) software provided by Salesforce.com, or on-demand e-mail applications like Google mail, where neither the application nor the data is stored on your PC. Comfort with SaaS has grown over the last couple of years with more and more high-profile deployments and to date, no security disasters.

But SaaS represents just one part of the promise of cloud computing-and that is only provided the applications involved are in fact deployed on the cloud. SaaS solutions are sometimes stored on a vendor's infrastructure rather than the cloud, so the client is accessing the solution remotely, but not actually taking advantage of cloud principles. "With SaaS you are paying for an application-you don't care where it is, what language it is written in, it just has to work. This is the highest, most abstracted layer-the top of the stack," says Stevens.

At the bottom of the stack are pure-play cloud-computing providers such as Amazon or Rackspace, providing compute resources, storage, and bandwidth, on demand. This has come to be known as infrastructure-as-a-service (IaaS). In this paradigm, firms deploy their own applications on top of the cloud. The third modality is known as platform as a service (PaaS) where the tools to develop applications are provided as a service.

Hybrid cloud is still probably a couple of years away for even the more experimental financial services firms, while they focus on virtualizing and cloud-enabling their applications in-house. But eventually the hybrid-cloud model could be the solution to financial services firms' cloud security worries and bridge the confidence gap. As time goes by, we will likely see applications being developed for deployment on hybrid clouds, although probably not this year, says McPartland.

Is hybrid an end goal in itself or a stop gap on the road to broader cloud adoption? It is probably unlikely that firms will ever completely do away with their in-house data centers.