How Financial Service Organizations can Accelerate Cloud Adoption While Operating Efficiently, Securely and with Agility using AWS Managed Services

A McKinsey study found that Fortune 500 financial institutions could generate as much as $60 billion to $80 billion in run-rate EBITDA (Earnings Before Interest, Taxes, Depreciation, and Amortization) in 2030 by making the most of the cost-optimization levers and business use cases unlocked by the cloud. Given the numbers at stake, financial institutions are keen to accelerate their cloud adoption journey but need to overcome the following challenges:

• Demystifying the complexity of large old monolithic systems running alongside modern micro-services-based platforms
• Navigating regulatory requirements to be compliant and secure in the cloud
• Building skills to support adoption of cloud at scale

To enable business and technology transformation Infrastructure and Operations (I&O) leaders need the ability to provision optimized cloud operations and a strong security posture.

AWS Managed Services is designed to address operations, regulatory compliance, and cost challenges

AWS Managed Services (AMS) extends your team with operational capabilities including monitoring, incident management, AWS Incident Detection and Response, security, patch, backup, and cost optimization. AMS leverages standard AWS services and offer guidance and execution of operational best practices with specialized automations, skills, and experience that are contextual to your environment and applications. AMS provides proactive, preventative, and detective capabilities that raise the operational bar and help reduce risk without constraining agility, allowing you to focus on innovation.  AMS helps you enforce your corporate and security infrastructure policies, and enables you to develop solutions and applications using your preferred development approach. The AMS Operating model is based on a continuous learning mechanism that evaluates workloads against evolving security policies. AMS has achieved compliance certifications and attestations against PCI-DSS, HIPAA, HiTrust, GDPR, ISO, as well as SOC 1, 2, and 3 with a pre-authorization to operate workloads requiring FedRamp High.

A Forrester study with six existing customers and subsequent financial analysis found the composite experienced benefits of $10.8 million over three years versus the costs of $3.2 million. This totals a net present value (NPV) of $7.7 million and an ROI of 243%

Use case for financial service customers

Financial institutions not only care about speed of deployment, but also the ability to deploy in a consistent and secure way. One financial service customer stated that “AMS has given us a framework that would have taken years to deploy if we had been doing it ourselves”.

Reducing the undifferentiated heavy lifting of managing the data center environments still remains a key driver for moving to the cloud. However, numerous time consuming and repetitive tasks must be completed to maintain a healthy and secure environment. Here is how AMS can help:

1. Security and access management

AMS provides a library of guardrails and controls based on industry standards, such as PCI-DSS, NIST, and CIS, which are deployed across AMS managed environments using AWS Config. Security is further enhanced using threat detection provided by Amazon GuardDuty and monitored 24/7.

2. Monitoring and auto-remediation

Across an average financial service customer, AMS identifies and remediates up to 15 potential issues per-month with the potential to cause system downtime. AMS utilizes Amazon CloudWatch for monitoring. Then, once an alert is triggered, a workflow is initiated to automatically remediate it using predefined automation documents. Finally, the customer is informed or an incident ticket is raised if manual intervention is required.

To find out how automatic remediation works with AMS, refer to the link here.

3. Patching

AMS reduces the burden on I&O teams by performing regular patch management tasks and taking on the responsibilities of installing updates on Amazon Elastic Compute Cloud (Amazon EC2) instances during maintenance windows. Then, it monitors the installation and remediates or rolls back any failures.

To find out how AMS automates Patching, refer to the link here.

4. Logging

AMS improves the overall logging posture by enabling OS and infrastructure logs (API, firewall and network) using Amazon CloudWatch and allows customers to extend the logging capability to the application layer. Customers retain the flexibility to choose the required retention period logs based on audit requirements and for the effective diagnosis of faults and failures.

To find out how logging works with AMS, refer to the link here.

5. Reporting

AMS provides customers with a monthly service report which details the key performance metrics of the service. This also includes covering performance against agreed SLA’s and SLO’s, operational metrics, spend, and data to support cost optimization recommendations.

Refer to self-service reporting as well as on-request reporting with AMS for a prescriptive list of reports.

6. Change management

In a study from 2019, the Financial Conduct Authority (FCA) in the UK found that 17% of material incidents reported to the FCA were attributed to change activity. AMS supports your change management process using a combination of preventative and detective controls with over 95 configuration rules available to help you adhere to industry security standards.

To find out more about configuration compliance in AMS, select the link here.

7. Continuity management

AMS utilizes the AWS Backup service to provision predefined AMS Backup plans to monitor backup activities and remediate failures where possible. Monthly reports are generated which can help customers evidence their recovery capabilities to meet audit and regulatory requirements.

To find out more about continuity management, select the link here.

8. Cost optimization

AMS Resource Scheduler is offered to help minimize costs by providing a capability to power instances on and off based on business requirements, for example shutting development and test instances down outside of working hours. In one organization, AMS removed $135K per-month with incremental change in processes and helping the customer set up a FinOps function.

Using AMS to drive innovation at regulated financial service organizations

AMS offers different modes of operation to help financial institutions apply the relevant proactive and reactive guardrails as required to continue innovating at pace:

1. AMS Accelerate provides operational services to help you achieve operational excellence on new and existing workloads on AWS. Customers can be onboarded in as little as two weeks to help meet operational goals in the cloud.
2. Operations on Demand (OOD) extends the standard scope of your AMS operations plan by providing operational services that aren’t currently offered natively by the AMS operations plans or AWS.
3. AWS Incident Detection and Response is designed to help you improve your operations, increase workload resiliency, and accelerate your recovery from critical incidents. AWS Incident Detection and Response leverages the proven operational, enhanced monitoring, and incident management capabilities used internally by AWS.

Conclusion

To drive the desired business outcomes, financial institutions are focusing their efforts toward accelerated cloud migration, application modernization, and long-term cost optimization to realize the benefits from cloud. Offloading undifferentiated operational workloads can free up their time and the resources needed to focus on value adding activities such as innovation and product development required to accelerate business outcomes. Regardless of where you are in your cloud journey, AMS can offer a service that can help customers achieve operational excellence in the cloud with secure guardrails for financial service customers.

Contact your account team today to discuss how AWS Managed Services can help accelerate your journey to the cloud and unlock the value of cloud.

Any discussion of reference architectures in this post is illustrative and for informational purposes only. It is based on the information available at the time of publication. Any steps/recommendations are meant for educational purposes and initial proof of concepts, and not a full-enterprise solution.