A CLOUD FIT FOR FINANCE

As a business model, the cloud’s massive resources and ubiquity offers unbeatable value – but it has evolved as a general-purpose solution, and not one geared to the very special demands of financial services. Says James Walker President of the CloudEthernet Forum

As business moves to the cloud, however, developments are accelerating and industry forums are emerging with the power to control and shape tomorrow’s cloud structure and experience. This presents a real opportunity for the finance industry to become involved and make sure that it will be served by a cloud that is fit for finance.

A cloud fit for finance

In this article we look at just three areas where the cloud could have so much to offer financial services and yet, in its current form, falls short of what could be achieved. These are simply pointers to encourage further discussion and, above all, participation by major players in the finance industry.

Controlling the cloud for compliance

The whole evolution of the cloud as a universal system of storage, compute and communication has been geared by the need to deliver on demand: “ask and ye shall receive”.

If the shortest or most obvious routes for transmitting data are in any way compromised, the network will divert its messages any way it can, rather than fail to deliver. The e-mail from next door will reach you, even if it is forced to travel via New York, London and Tokyo to do so.

This is one fabulous achievement, but it presents real and growing problems as governments wake up to the strategic value and implications of all this data on the move. New regulations are beginning to focus on this area and tighten restrictions on the free flow of information.

Banks in Canada, for example, can no longer rely on standard MPLS services for shifting data between branches, because MPLS guarantees delivery but does not specify what route is taken. Any slowdown in local routes, and data is likely to be diverted south of the border via US nodes to ensure timely delivery – but the Canadian Government no longer allows its citizens’ personal data to be sent to or via the USA.

In the United States, recent extreme weather means that the East Coast regions are considered to be meteorological danger zones. So banks are required to have backup and emergency facilities that avoid the Eastern seaboard. Ironically, in view of the last example, it can mean that a typical London, New York, Phoenix Arizona financial transaction may have to be diverted via Canada to comply with such regulations.

Ah… the problems of the rich! International players can travel to Zurich to discuss financial arrangements with their personal bank, but they may not be able to do the same when visiting their Swiss bank’s Manhattan office just round the corner – because the Swiss government does not allow certain personal data to flow out of Switzerland.

These examples are just a glimpse into the growing responsibilities for anyone holding large amounts of data: whether personal data, public data or financial data. To add to this complexity: who does have liability when something does go wrong? You give private data to your bank and then you discover it has got into the wrong hands: is it ultimately the bank’s responsibility? Or does the bank then sue the service provider for letting secure data escape?

What is needed for the financial industry – as well as many other large organisations impacted by these issues – is a fundamental rethink of the cloud’s priorities? How the data is delivered could be as vital as the delivery itself. In fact it would be better to destroy and lose some data than have it delivered via a route that breaks the law.

Mechanisms such as SDN (Software-Defined Networking) are currently being explored that could provide visibility and control into the routes taken by network traffic. These controls are not innate to cloud culture, they must be actively insisted upon by stakeholders that would benefit from it, and this issue is high on the agenda of the CloudEthernet Forum (CEF) – an independent industry body recently created to develop open standards for large global datacenter deployments.

If the cloud is to deliver its colossal benefits to the finance industry, its storage must be specified to location, and its transport routes must be bounded. How this happens, and whether the solution is one that suits the financial industry will depend on early commitment to the relevant forum working groups.

A time-sensitive cloud

Financial traders know all about the threat of latency, how a few microseconds can make or break a deal, and specialist providers have responded with dedicated services guaranteed to reduce latency to a minimum between sites. Carrier Ethernet is playing an important role in this by removing the need for translation between LAN and WAN protocols and providing fast connection between nodes.

However, there are many financial applications where “minimal latency” is not the need so much as “guaranteed latency”. If you are running trading applications that rely on being, say, ten microseconds behind the market, then a provider who promises “latency less than five microseconds 99% of the time” may deserve a pat on the back, but not your custom. Because what you need is “latency less than ten microseconds 100% of the time”. Financial data turns poisonous a lot faster than any foodstuff, so data past its “sell-by microsecond” may be no longer actionable and had rather be trashed than used.

Another angle on the importance of controlled latency is the “split brain” problem that can arise between sets of mirrored data. It makes sense to build in redundancy and have a secondary backup system that can step in as soon as a fault arises in the primary system. At that point the secondary system becomes primary and timing must be very strictly controlled to stop data being updated independently on the two systems. Once the supposedly identical mirror sets are allowed to diverge, it can become a nightmare to reconcile the two.

As in the routing example, the Internet has been brought up like a good boy scout to “do its best”. But what is sometimes needed is not “the best” but rather a clearly specified standard – whether by geography or time lapse. This is an important issue that is not innate to cloud philosophy, so it needs pressure from concerned stakeholders to get timing on the agenda for future cloud development.

Can’t we just use private clouds?

There is an obvious solution to the challenges discussed so far: forget the public cloud and still take advantage of the cloud concept by commissioning your own private cloud purpose-built to meet your exact requirements.

This is fine in theory, but what do you need from your private cloud, and do you have the necessary resources? If computation power is what you want, then it would be very costly to build anything to compare with the massive resources available from public cloud providers.

While storage of data might be wisely constrained to a secure private cloud, there are certain tasks that are better farmed out. For example the colossal number-crunching needed to rebuild some of the today’s complex trading algorithms would be beyond the power of any normal company datacentre. But cloud services can provide a “sandbox” big enough for any experimental algorithm to play in until it is proven.

This would be by far the fastest route to accelerating development of trading systems ahead of competitors but, even without the use of private data safely stored in-house, the algorithm itself becomes very interesting to competing companies. So security in the cloud again becomes a very hot topic.

It is an opportunity

A cloud that promises to do its best, and not bother you with the details as to how it achieves it – that is what we have inherited and it serves most of the world very well on those terms. But it is not a cloud that large parts of the finance industry can trust.

It does not have to be that way. The cloud is changing fast right now, and there are industry forums, including the CloudEthernet Forum, that are having an increasing say in how it is changing. These must be explored.

Find a forum that addresses the sort of interest that would serve your business. Join it, become active and make sure your voice is heard.

Service providers, equipment vendors, software developers and systems integrators are already joining the CEF to make sure that tomorrow’s cloud is shaped to serve their needs. Don’t let the needs of the finance sector be overlooked in this rush.

As a business model, the cloud’s massive resources and ubiquity offers unbeatable value – but it has evolved as a general-purpose solution, and not one geared to the very special demands of financial services. Says James Walker President of the CloudEthernet Forum

As business moves to the cloud, however, developments are accelerating and industry forums are emerging with the power to control and shape tomorrow’s cloud structure and experience. This presents a real opportunity for the finance industry to become involved and make sure that it will be served by a cloud that is fit for finance.

A cloud fit for finance

In this article we look at just three areas where the cloud could have so much to offer financial services and yet, in its current form, falls short of what could be achieved. These are simply pointers to encourage further discussion and, above all, participation by major players in the finance industry.

Controlling the cloud for compliance

The whole evolution of the cloud as a universal system of storage, compute and communication has been geared by the need to deliver on demand: “ask and ye shall receive”.

If the shortest or most obvious routes for transmitting data are in any way compromised, the network will divert its messages any way it can, rather than fail to deliver. The e-mail from next door will reach you, even if it is forced to travel via New York, London and Tokyo to do so.

This is one fabulous achievement, but it presents real and growing problems as governments wake up to the strategic value and implications of all this data on the move. New regulations are beginning to focus on this area and tighten restrictions on the free flow of information.

Banks in Canada, for example, can no longer rely on standard MPLS services for shifting data between branches, because MPLS guarantees delivery but does not specify what route is taken. Any slowdown in local routes, and data is likely to be diverted south of the border via US nodes to ensure timely delivery – but the Canadian Government no longer allows its citizens’ personal data to be sent to or via the USA.

In the United States, recent extreme weather means that the East Coast regions are considered to be meteorological danger zones. So banks are required to have backup and emergency facilities that avoid the Eastern seaboard. Ironically, in view of the last example, it can mean that a typical London, New York, Phoenix Arizona financial transaction may have to be diverted via Canada to comply with such regulations.

Ah… the problems of the rich! International players can travel to Zurich to discuss financial arrangements with their personal bank, but they may not be able to do the same when visiting their Swiss bank’s Manhattan office just round the corner – because the Swiss government does not allow certain personal data to flow out of Switzerland.

These examples are just a glimpse into the growing responsibilities for anyone holding large amounts of data: whether personal data, public data or financial data. To add to this complexity: who does have liability when something does go wrong? You give private data to your bank and then you discover it has got into the wrong hands: is it ultimately the bank’s responsibility? Or does the bank then sue the service provider for letting secure data escape?

What is needed for the financial industry – as well as many other large organisations impacted by these issues – is a fundamental rethink of the cloud’s priorities? How the data is delivered could be as vital as the delivery itself. In fact it would be better to destroy and lose some data than have it delivered via a route that breaks the law.

Mechanisms such as SDN (Software-Defined Networking) are currently being explored that could provide visibility and control into the routes taken by network traffic. These controls are not innate to cloud culture, they must be actively insisted upon by stakeholders that would benefit from it, and this issue is high on the agenda of the CloudEthernet Forum (CEF) – an independent industry body recently created to develop open standards for large global datacenter deployments.

If the cloud is to deliver its colossal benefits to the finance industry, its storage must be specified to location, and its transport routes must be bounded. How this happens, and whether the solution is one that suits the financial industry will depend on early commitment to the relevant forum working groups.

A time-sensitive cloud

Financial traders know all about the threat of latency, how a few microseconds can make or break a deal, and specialist providers have responded with dedicated services guaranteed to reduce latency to a minimum between sites. Carrier Ethernet is playing an important role in this by removing the need for translation between LAN and WAN protocols and providing fast connection between nodes.

However, there are many financial applications where “minimal latency” is not the need so much as “guaranteed latency”. If you are running trading applications that rely on being, say, ten microseconds behind the market, then a provider who promises “latency less than five microseconds 99% of the time” may deserve a pat on the back, but not your custom. Because what you need is “latency less than ten microseconds 100% of the time”. Financial data turns poisonous a lot faster than any foodstuff, so data past its “sell-by microsecond” may be no longer actionable and had rather be trashed than used.

Another angle on the importance of controlled latency is the “split brain” problem that can arise between sets of mirrored data. It makes sense to build in redundancy and have a secondary backup system that can step in as soon as a fault arises in the primary system. At that point the secondary system becomes primary and timing must be very strictly controlled to stop data being updated independently on the two systems. Once the supposedly identical mirror sets are allowed to diverge, it can become a nightmare to reconcile the two.

As in the routing example, the Internet has been brought up like a good boy scout to “do its best”. But what is sometimes needed is not “the best” but rather a clearly specified standard – whether by geography or time lapse. This is an important issue that is not innate to cloud philosophy, so it needs pressure from concerned stakeholders to get timing on the agenda for future cloud development.

Can’t we just use private clouds?

There is an obvious solution to the challenges discussed so far: forget the public cloud and still take advantage of the cloud concept by commissioning your own private cloud purpose-built to meet your exact requirements.

This is fine in theory, but what do you need from your private cloud, and do you have the necessary resources? If computation power is what you want, then it would be very costly to build anything to compare with the massive resources available from public cloud providers.

While storage of data might be wisely constrained to a secure private cloud, there are certain tasks that are better farmed out. For example the colossal number-crunching needed to rebuild some of the today’s complex trading algorithms would be beyond the power of any normal company datacentre. But cloud services can provide a “sandbox” big enough for any experimental algorithm to play in until it is proven.

This would be by far the fastest route to accelerating development of trading systems ahead of competitors but, even without the use of private data safely stored in-house, the algorithm itself becomes very interesting to competing companies. So security in the cloud again becomes a very hot topic.

It is an opportunity

A cloud that promises to do its best, and not bother you with the details as to how it achieves it – that is what we have inherited and it serves most of the world very well on those terms. But it is not a cloud that large parts of the finance industry can trust.

It does not have to be that way. The cloud is changing fast right now, and there are industry forums, including the CloudEthernet Forum, that are having an increasing say in how it is changing. These must be explored.

Find a forum that addresses the sort of interest that would serve your business. Join it, become active and make sure your voice is heard.

Service providers, equipment vendors, software developers and systems integrators are already joining the CEF to make sure that tomorrow’s cloud is shaped to serve their needs. Don’t let the needs of the finance sector be overlooked in this rush.