Christopher Perretta is a great talker, but listening might just be his killer skill. As executive vice president and CIO of State Street Corp., the Boston-based financial services provider, he heeded the call from the business to go faster and, in response, set about building a private cloud -- make that an industrial-strength private cloud. As he observes in this SearchCIO.com podcast, the security and integrity of data is as valuable as currency in the banking business -- and that makes public cloud computing a dicey proposition.
On the other hand, private cloud computing services can represent an enhancement of security compared with open, more heterogeneous systems. That's because they limit the number of people who have access to the hardware and automate the delivery of applications, Perretta said.
Perretta's argument for private cloud computing at State Street, however, was anything but theoretical. Two pilot programs tested more than 100 use cases for the people actually running the systems. Once they made it through the pilots, people in the trenches "were convinced this was the right way to go."
Perretta and his staff also invested considerable time explaining private cloud computing to the business and the firm's board members, but it was not exactly a hard sell, he said.
"We have taken great pains to try to educate them on the benefits of cloud computing; and with our development pilots, they are beginning to see that it does have an impact on how fast we develop systems -- and that matters to them," Perretta said. "I think the beauty of the overall program is that it is really based on business need. And the business need associated with technology is the fact that we want to go faster."
What's Perretta's litmus test for a making a change of this magnitude? It's pretty straightforward: "The pain of making the change has to be less than the pain of the current environment."
For more detail on the rationale and rigors of State Street's foray into cloud computing, listen to the podcast. To find out more about Perretta's relentless focus on Big Data, read the full transcript of our interview that follows.
SearchCIO.com: Let's start with the basics. State Street recently announced that it's built a private cloud computing service. What's wrong with public clouds?
Christopher Perretta: Well, the nature of our business is a trust bank, and our primary goal is to safeguard the assets of our customers and their customers. The private cloud offers the benefits of cloud technology, but by keeping it behind the firewalls of State Street and under an umbrella of a security framework, we can best address the security needs of our customers.
Obviously there is a tradeoff between price and security when you are using public clouds. Can you imagine a point where the cost savings of a public cloud is worth the risks, in the banking industry?
Perretta: Security and integrity of the data is in our business of the utmost [importance]. It really is a tough proposition to compromise in any way. So, I can't imagine that it is a cost play in financial services. Perhaps for ancillary-type work, or testing or what have you that is not related to the production of financial data; but at this point and frankly for the, say, short- to midterm, we don't see the technologies developing or the acceptance of our customers changing.
More about private cloud computing
How Lands' End's CIO seized the moment to soft-sell a cloud strategy
John Hancock Financial Services' CIO on why IT finance matters
Is cloud computing especially useful for banking, and if it is, how so?
Perretta: I can point to the State Street experience. Two factors: one is the nature of what we do, and the global nature of what we do leads us to develop a lot of our applications internally, so we have control of the underlying technologies; what we call the technology stack, we control for a large portion of our inventory. So, we can tailor it to take full advantage of the technologies that cloud presents us with. The pure technology content of financial services continues to grow exponentially, so the ability to have a flexible and in essence, infinitely expandable computing base is compelling for us. I think the other factor in financial services is also, if engineered correctly, frankly, an enhancement in security. When we implement the private cloud, our belief is that we can greatly improve security and control of our environment.
Can you explain how a private cloud can actually enhance security for State Street?
Perretta: Part of our private cloud implementation includes services that our systems will use across the entire enterprise -- one of those being a single security framework, which answers the two questions: Who am I? and What am I allowed to do? So, we have environments where multiple clients live and process on our infrastructure; one has to take special pains to make sure that the data privileges and the data are kept private and the integrity of the data is preserved. So, we can build a single framework to allow all of our applications to share that security view; and in that case, we get consistency and in essence, improved performance on the security side.
The other factor is, we're automating the process by which applications are delivered to that cloud, and making that touchless. Once we have separation of duties, we can automate those processes and get a certain level of security improvement. And finally, the beauty of the cloud is [that] the developer doesn't know what machine their application is running on. There is no need, even in the case of problems, to allow developers or non-production personnel from gaining access to that environment. So, a cloud has all this hardware on it; it doesn't have all the security IDs that you might have in a heterogeneous, say, open systems environment; so, there are just fewer ports of entry into the computing resources, and that improves security, I think, a great deal.
So, you have a sort of automated, built-in compliance capability.
Perretta: Well, that's true. Every CIO in financial services knows that every time you touch something and move it around, it is a potential compliance issue or an audit issue. So, if you can build in that compliance and control automatically, you gain a great benefit.
Let's go into the fundamentals of State Street's private cloud. Where is your private cloud?
Perretta: It is in an undisclosed location -- in multiple undisclosed locations. Obviously, it is in our enterprise data centers; and one of the other benefits is that the cloud allows us to run in an active-active configuration, which basically allows us to run our applications in multiple data centers at the same time, which, with our more traditional technologies, was much more difficult to do. And that allows us to get a lot more resiliency in the system. So, it runs in multiple data centers -- at this point, two -- and the physical boxes -- we call them PODS, "processing on-demand components," which were [built] to our design -- communicate obviously in real time to synchronize the data that supports our applications.
Can you give me a few more details on how you did it?
Perretta: I think it rests in the fundamental strategic challenge that I think all IT shops have: The business's use of hardware and software was growing very rapidly -- faster than the reduction in costs that naturally accompanies technology development. And the cloud offered a mechanism by which we could vastly increase our capabilities and capacities without adding the commensurate increase in cost. So, that was the fundamental premise that drove us there.
- Conceptual design and development framework.
- Operational pilots begin.
- Operational pilots end.
- Hardware "processor on demand" and data center designed.
- Data center installed; test environment established.
- New architecture framework communicated; developers trained.
- Cloud is production-ready.
- -- L.T.
Now, to your question about how we got here: We did several pilots, because we wanted to see it in the bright light of operational readiness. We did, in fact, two pilots, a small pilot of about 100 machines [first]. We got promising results, and then we moved on to a much bigger pilot which simulated two data centers and had about 500 machines. And then we ran it through what we call 120 or so real-life use cases. It's one thing to test it in the lab; it's another thing to have the people whose job it is to keep our systems up and running on a day-to-day basis. How do we operate? What are the processes associated with the day-to-day running of production environments? And we ran that through the use cases to engage our operational personnel. That got us to the point where we were confident where we could make a commitment to the organization that this was, in fact, the computing paradigm that was ready for use in our environments today. That's when we began implementing.
As you went through those two pilots, and the 120 use cases, what were some of the biggest challenges?
Perretta: It is probably understanding how systems fail. You understand failure modes in the traditional environments, but you really have to understand how it will perform; and if there are any single points of failure, what you are going to do to remedy those.
But I would also say, with any change, right, the pain of making the change to the organization had to be less than the pain of the current environment. When you have an environment today where you have a very, very complex environment, all virtualized, it is getting harder and harder to control those environments, especially when something goes wrong. The instrumentation of the cloud implementation provides a much better tool set for people to control and monitor the environment than the traditional heterogeneous open systems environments. And that is key because it's a better solution.
That's such an excellent point, that the new environment has to be better, or at least inflict less pain than the existing one -- and I think people tend to forget that when they are gung-ho on a new technology.
Perretta: Well, you know, somebody has to run it, right? Someone is going to get the call at 3 o'clock in the morning. So, all those processes have to be put in place, and like I said, those are the people who really understand down in the trenches how things work, so you need to give them what they need to do their jobs.
As you were presenting this new paradigm to the company, was there resistance to the project, and if so, where did it come from?
Perretta: I think the beauty of the overall program is that it is really based on business need. And I think the business needs associated with technology are the fact that we want to go faster. We want to spend more of our computing dollar on building new products and services for customers, so the ratio of what we build new versus what it takes for us to maintain and run what we have -- we want that ratio to improve.
So, I think when we talk about using the cloud, we also talk about the frameworks we use to develop systems for the cloud and the methods we are using to do that; so, we look at it from a complete software development lifecycle perspective. And so, the sell is the fact that, yes, we want to do more for our clients and we want to go faster. Internally we have some pretty strongly held beliefs that using the right frameworks, we can drastically reduce the amount of work it takes to build systems.
And so that was the exciting part. And that is the sell to the business, right, because you know the traditional CFO says, "Well, you know, you spent too much money." Everybody else in the whole business says, "Just go faster." I think that points to the role that technology plays in financial services, and it is the physical manifestation of the product we sell. So, we want to go faster and we think that using frameworks geared to scalable, robust platforms, like the cloud, is the way to go.
I have to ask, how deeply do you think the business side understands cloud computing?
Perretta: Well, we have taken great pains to try to educate them on the benefits of cloud computing. And with our development pilots, they are beginning to see the fact that it does have an impact on how fast we develop systems, and that matters to them. State Street is a corporation that has a legacy in having leading-edge technology in our markets. And so they understand that this is the next thing in computing, and they understand that we are going to move to it and try to exploit its benefits. So, I think, in principle, they understand that we are a progressive technology organization and we will take advantage of it.
Since our initiatives are in response to their desire to go faster, they are much more accepting. They say, "We asked you to go faster; you're making the changes, you're making the investments to help us," and so that is what they are in support of. Do they understand the detailed technology? No, but I can tell you we've spent many hours with not only the senior management of the company but board members of the firm to describe what we're doing; and they are interested in it because they know the importance of technology in the business and they stand ready to give us the resources we need to do it. Obviously, different people in the organization have different levels of understanding, but when you go to them and say, "I am building a flexible, processing environment that can give you an ever-expanding computing capacity at your disposal." And I think the other big issue too -- and we haven't talked about it so much because we got locked in the cloud and it's very trendy these days -- for us it is about data.
I think the beauty of the overall program is that it is really based on business need.
Christopher Perretta, CIO, State Street Corp.
It is about access to huge amounts of financial data that we can put at your customers' disposal that allow them to access it more easily, to segment it, to manipulate it, much faster than they have in the past. And so, that's the pressure our business feels from our customers and what we feel internally; and so they know when we head down that road, we are doing the right thing commercially. If we were a car company, IT would be both the engineering and manufacturing portion of the company. They understand that we are building the machine tools to build a whole new class of applications, ones with very large data, with very extensive analytical tools and ease of use to be able to analyze data in real time. So, I think that's what exciting them.
So, to use a buzzword, you are talking about big data, mining and managing these large data sets.
I guess I want to ask you, how does the ability to do that impact your role or your viability as a CIO? How important is it that you be able to do that, it that your company is able to do that?
Perretta: Well, occasionally I look at my business card. It says chief information officer. I was looking around for someone else to do it, and I figured, well, it must be me.
I think it permeates not only what we do -- it's how we do it. I think all CIOs struggle with, how do you structure an IT organization which had traditionally been structured by application, by function, as opposed to by data? It was no one's job to make sure that data was accessible across the entire enterprise -- someone, in essence, who is the "linguist" of the whole company. Who decides the language we use to describe what we do? Or I guess the word is, who describes the taxonomy -- I think [that] is the buzzword of your business. I think those are real challenges on how we do IT, and they are exciting challenges, because they challenge us to think differently on how we do IT. And I think we'll see more and more organizations, not only in financial services, having new roles in the IT organization that really revolve around what we'll call enterprise data, the use of data analytics -- or conceptually: How do I get data into information, how do I get information into knowledge and how do I disseminate it easily around the company? I think those are really great questions that we need to address. The old IT organizational model hasn't proven so efficient at doing that.
So, it has changed the way I look at the business -- a lot. It has changed the way how I organize IT. But I think it is an exciting new generation. In general, in trends like this, you see the importance of architects, business architects. Technology architecture used to just mean hardware and systems software. Now it means business processes architecture: What's the operating model of the business, what is the operating architecture of the business, how do I build applications, how do I describe data, and then how do I run the boxes and the storage in the data center? So, architecture is a big thing for us, and those skill sets are being elevated in organizations because they have a huge impact. And I think data, as I mentioned, is part of that.
So, have you already made different hires in order to allow IT to take on this new role?
Perretta: We have done two things. One is [that] we have gone through the organization and we've identified those people who think this way -- who think in a kind of an "architectural" way, who can think in what I'll call large-scale abstractions. That is, they can generalize things and make it applicable to the whole organization. I think this is a very interesting skill set that some of our very best people have. And they can still get down and dirty with the detail, but they also see the big picture: business process, data, application architecture and infrastructure.
Some of those people are in your organization, and then we go outside also to augment that team with skill sets that we may be lacking in our organization -- and we are doing that as well. And I think the last part is, we also need in that group someone who is very, very familiar with our business and our customers' business, because that brings real credibility to the business to say, "I can make the connection between a business result and how I architect my solution." And that probably, when I look in retrospect, is the most important role, because we have been able to connect what we do in architecture to a real, live business result; and without that, you're below decks, you are doing things the business doesn't care about. And I think, if we have had success so far, it is being able to connect the dots between an opportunity or a challenge in an operation or a business issue with architecture, and that is not always an easy connection to make.
We have somebody called a chief architect, and our chief architect has 30 years of experience in this business. He knows the business inside out. He knows what's going on. He's a great technologist, and he is basically an evangelist. We don't use him to manage projects; we use him to come up with the ideas that make sense for our business community. Now he does those pilots, and then we industrialize them for the rest of the organization.
Before he even looks at it, we have somebody called a chief scientist; and his job is to look out even further in the future and say, what are the things coming down that we have to start think about piloting? What are the technologies which are the most interesting? So, he is out in front of the architecture team. So, you almost have a pipeline -- we like to call it our innovation pipeline, but that sounds rather presumptuous, but it is! What are the technologies that are coming down in the three- to five-year time frame, what is the state of the market now, how do we apply it to what we do by piloting it? And once the pilots work, how do I make this industrial strength, how do I make this operational in a very large organization?
I think the real challenge in organization design is getting the right people with the right mind-sets in the right slots. Because nothing is worse than putting that technology visionary into the delivery business, because they won't be happy and you won't be happy with the results. We talk a lot about organizational diversity. Part of that is the way people think and what skill sets they have. We have a model now that makes sense to me. It is structured, but it is not bureaucratic, not organized; but there is a pipeline of ideas and it gets the organization focused much more than if everybody is off thinking about things to do.
The SearchCIO.com CIO Innovators profile series highlights how CIOs use technology to meet both IT and business leadership objectives. To suggest a leader for a future CIO Innovator profile, email [email protected].
Let us know what you think about the story; email Linda Tucci, Senior News Writer.