Growing numbers of commodities enterprises are beginning to recognise the benefits of cloud adoption, but migrating to the cloud can seem daunting. Bec Wilson, director, and Sudip Dasgupta, infrastructure architect, at Sapient Consulting discuss how organisations can position themselves to take full advantage.
Current interest in cloud-based services among commodities enterprises has been driven largely by the need to reduce costs and increase agility, profitability and efficiency. Firms face growing pressure from shareholders and investors to boost the bottom line, and from regulators to comply with a variety of new rules and standards. As such, migrating energy/commodity trading and risk management (E/CTRM) systems to the cloud is an increasingly popular way to manage and develop infrastructure, application development platforms and commercial applications in a more effective, innovative and cost-efficient way.
However, many organisations remain unsure of how to make a smooth transition, while also addressing concerns around data security and regulatory compliance that tend to overshadow conversations about the cloud. As an early adopter of cloud technology, Sapient Consulting has the knowledge and expertise to help commodities firms with issues such as system selection, audit and integration.
How should an organisation approach the transition to the cloud?
The journey to full cloud adoption involves four main elements: assessment, planning, transformation and support.
The first two elements must be completed before an effective and efficient transformation to a cloud-based E/CTRM system can occur. The final element, support, relates to the services provided by organisations such as Sapient.
Given the significant amounts of time, effort and resources involved in migrating an E/CTRM system to the cloud, organisations often consider this option only if an office/data centre move or other major enterprise-wide change is already on the cards. Indeed, many of the thought processes involved are very different from those of an organisation looking at applications on their own premises. Provisioning cloud resources such as central processing units, memory and disk space via a console, command line or application programming interface (API) could be very different, for example. Similarly, collaborating with a third party to run applications may also be a new experience and can certainly cause a sense of loss of control. However, at Sapient, we know from experience that these issues are surmountable if organisations are prepared to start small, learn with less risky, simpler systems and progress from there.
What exactly is involved in the ‘assessment’ part of the process?
At this stage, organisations should prioritise applications, categorising them as:
• Cloud ready – applications that can be moved to the cloud, and can be run and managed in the cloud. They may not take any particular advantage of cloud services, but will still benefit from the pricing and on-demand features of the cloud.
• Cloud enabled – applications that have been modified or extended to embrace cloud architecture principles, such as on-demand horizontal scalability and cloud storage techniques.
• Cloud native – applications engineered specifically for the cloud. These applications are capable of leveraging any necessary cloud platform services, including horizontal scaling, storage and security services, APIs and self-metering.
Bec Wilson, director, Sapient Consulting
At the other end of the spectrum, it is also important to identify any applications that are definitely not cloud candidates – reasons for this tend to involve the use of older or unsupported operating systems, or network protocols that are not allowed in the cloud. Additional criteria to consider during the initial application assessment stage include integration with other legacy systems, security and privacy controls, whether an application is mission-critical, and its maintenance schedule. Applications with shorter maintenance schedules are often well suited to the cloud because of the need to constantly change the development, test and quality assurance environments in order to implement upgrades.
Finally, organisations should select a cloud vendor at this stage. The use of Linux versus Microsoft may have an impact on this decision. While many vendors’ support mixed Microsoft and Linux environments, this might be a good time for a firm to assess its specific mix to ensure alignment with the chosen cloud vendor’s offering.
What are the next steps for an organisation that is ready to move to the planning stage?
Once migration candidates have been identified, it is a good idea to create a road map for adoption, which starts with smaller, lower-risk applications. The next step should be to conduct proof-of-concept implementations to manage technology risk. By putting these candidate applications in the cloud first, organisations can ensure that the technology used scales properly and works as expected.
When it comes to managing the solutions, systems will have different capabilities in relation to taking advantage of the cloud stack natively. For example, some systems may be able to vary on disk storage or even computing resources as a process step, while others will need the cloud to be reconfigured via APIs or control consoles. Cloud APIs enable the addition of this technology, but cost and complexity vary depending on the system. Organisations must evaluate each system to determine the necessary resources that should be reserved, as well as the possible swing resources that will be utilised as needed on a ‘pay-as-you-go’ basis. The types of usage patterns that should be considered include after-hours, weekend or continuous usage. The use of ‘base load’ versus ‘swing load’ and the hours of usage should then be factored into the vendor’s pricing options.
What key issues should organisations keep in mind during the transition to the cloud, and what kinds of support systems should be put in place?
During the transition, it is advisable to run a number of systems in parallel while checking for user acceptance. There will be different migration methods available and you should choose the option suitable for the application and its usage.
Data migration should be factored in so that all transactions are transported to the target platform in a consistent state. Rollback procedures should be available in case some migration steps do not go as planned, outage windows should be planned for the transition and appropriate communications should be sent to all affected users to notify them of the changes.
Once the application has been successfully moved to the cloud, a good support model is key. This should include teams comprising application and cloud infrastructure specialists that are supported by a cloud-integrated set of monitoring and management tools.
What key challenges do organisations tend to encounter when transitioning to a cloud-based approach?
At Sapient we spend much of our time working with clients on what we call the ‘cloud big four’: data security, integration, application readiness and regulatory com-pliance. For our clients, regulation and data security in particular tend to be key – these topics are broad and deep, and the approach to mitigation is multi-layered.
Tell us more about managing data security in the cloud.
The good news is that many organisations are already accustomed to monitoring security protections in data centres every day, particularly in the case of third-party data centres with connections to the public internet. Cloud environments face many of the same threats as traditional corporate networks, but there are some additional considerations.
Unauthorised access to data – or security breaches –are amplified by cloud use, given that these environments are characterised by co-location and accessibility. Multi-factor authentication is one solution to this problem. Stolen passwords tend to be the most common way that networks are breached and many are still stored unencrypted: for instance, on a PC or phone, in a central or corporate repository or even in a wallet or purse.
APIs are another security weak point that organisations using the cloud must strengthen. These programmable interfaces give users access to the layers of services the cloud offers. They are the route into a cloud user’s infrastructure and, since they are located on the public internet, protection is important. Cloud vendors tend to offer similar methods to secure APIs, but navigating the options can still be challenging for those that are not well versed in the various solutions that are available.
What are the key concerns in regulation?
This is closely tied to the data security issue because many of the regulatory controls
Sudip Dasgupta, infrastructure architect, Sapient Consulting
currently in place throughout financial markets have been implemented to ensure data privacy. Therefore, an organisation’s understanding of regional or international regulations will certainly shape its architecture. In addition, a global company must accommodate privacy issues that could differ by country, region, state or province.
How can companies such as Sapient help organisations address these challenges?
When seeking consulting services, commodities organisations that want to transition to the cloud should look for a market expert that can help develop the business case for transition, design the target cloud solution and create a road map for migration, as well as assist with vendor selection. The consultancy should have experience designing and deploying both private and public cloud solutions, as well as deploying E/CTRM solutions on the cloud. It should also be able to handle rapid prototyping on public clouds, helping customers validate the usage of specific cloud solutions by implementing extreme use cases. Finally, the ability to collaborate with E/CTRM vendors to define template cloud solutions, along with a managed services offering, is also key.
As an early adopter of cloud technologies, Sapient has been designing and deploying solutions on private cloud Infrastructure-as-a-Service for more than a decade. After designing our own private cloud based on industry best practices, all of our clients can now also use this infrastructure for development purposes.
Can you talk about some recent success stories among your client base?
While working with a large investment bank, Sapient was able to deliver complex use cases on a public cloud within a five-week timescale, using a small team split across two separate geographies. Another client, a European market infrastructure firm, recently wanted to transition from a private cloud to the public cloud. Using our experience and knowledge of this part of the market, Sapient was able to create a 30% operating cost reduction. The savings were used to fund the product development road map, creating a more robust foundation for the organisation’s IT platform.
What can commodities organisations expect to gain from cloud adoption now and in the future as they face changing market conditions, new product developments and continued regulatory change?
In addition to cost efficiencies such as those already mentioned, increased agility is a major driver for organisations considering cloud adoption, particularly in terms of the ability to deliver solutions ranging from environment provisioning to rapid prototyping. Cloud adoption can also provide commodities firms with access to new functional capabilities: for example, the ability to use 4,000 scenarios for valuations instead of 2,000. It would take a long time to deploy the necessary infrastructure to make this happen with an on-premise solution.
We are also seeing some interesting new trends that will provide increased value in the future for commodities firms that make the decision to transition to the cloud: for example, the emergence of Platform-as-a-Service, which
will allow clients to outsource the engineering and innovation of the appliance infrastructure.
The availability of cloud-based solutions will almost certainly change the face of the commodities trading markets. Those organisations that are ready to start the process of migration will see major benefits now and in the future as these technologies continue to develop.