Antony Fung

Download PDF with citations

Easy access, speed, scalability, scalability, efficiency, and long-term sustainability are among the benefits of the Cloud. Additionally, applications and data on Cloud are better equipped to handle constant changes contributed by highly evolving technologies. As a result of these points, organizations have a compelling case for moving their market data to the cloud.

Recently, we announced that all managed service products and tooling have been migrated to public cloud. Without a doubt, this was a huge project and undertaking - just like many capital markets firms are facing today - and are already leveraging CJC's expertise for. The following topics will be covered by blogs released by CJC:

• Expertise

• Why and What?

• How?

• Migration and Security

• Benefits and Future

As part of the migration to Google Cloud Platform, we moved our global client base from the legacy data center in London, New York, Chicago, Toronto, Hong Kong, Singapore, as well as Sydney and Tokyo. The challenge was not one of migration, but of security.

Passing Client Security Standards

In order to reach our global footprint on Google Cloud Platform, our clients would need to create new connections. In order to achieve this, CJC would need to pass the strict and high standard IT Security and Risk onboarding process of each client. There would be a unique onboarding process for each client. Clients have their own IT security teams, processes, documentation, and methodologies, which must be adhered to. The CJC Cloud Acceleration team (CAT) also includes IT security, legal and HR teams to ensure that each process is completed.

Our methodology is to provide the client with written information on day 1 that explains exactly what the change is, the reason it's happening, and its benefits. The document provided current / historical information, technical schematics, network IP / Port information, and recommendations. Having this document provided the various client teams with critical information enabled them to prioritize the change and enable it to proceed rapidly. The document allowed clients to copy and paste sections into their own change management processes.

Public cloud providers, such as Amazon Web Services, Microsoft Azure, Google Cloud Platform, etc, are data processors. As data processors, they provide infrastructure and a base level of security. Furthermore, the company offers a wide range of security tools so firms using their infrastructure can be confident they are protected. However, they are not data owners. The data processor is not legally liable if the data is deleted, corrupted, lost, or hacked. In IT security, you need to understand that there is someone responsible for the data, which means they are required to be responsible for its security, its management, and its support - and that the environment is as secure as is required by the client. Clients need to know that there is a data owner, which in this case is CJC, a fact we must prove extensively.

Baselines, Processes and Zero Trust

The number one priority of CJC is security. With GCP, you have a choice - you can use anything less than 256bit encryption on the wire, for example. However, we add encryption to other parts of the system as well, such as the disks on which the time-series databases are stored. We set up a DMZ containing all major, critical components to ensure zero trust. Any front-end system that has an unknown public IP address will be blacklisted by us; clients must provide us the ranges of IP addresses they trust.

For clients, our standards, processes, and hierarchies were vital. The implementation of our ISO 27001 accreditations, ITIL frameworks, and policies all played a role in this process. Our Zero Trust policy required extensive documentation - not just in server configurations but also who can access and how. Even our own support engineers can only access the system when they create an internal incident ticket.

In each client's experience, we answered thousands of questions, submitted hundreds of documents and received a final sign-off from them that we were a certified provider of our services through a new platform.

New Connectivity and Migration

Firewall and network changes could not be made before IT Security and Risk signed off. In many cases, our clients were able to use their existing comms or they would connect with the public clouds (such as Megaport). We offered clients access to public clouds through our datacenter solutions - such as the ECX fabric in Equinix. Through our partnership with BT Radianz, CJC is also able to securely access our cloud footprint from around the world.

As soon as connectivity has been established, the new environments can be spun up and connectivity established between our legacy private cloud infrastructure. Rather than doing a backup and restore, we would perform a hot standby between the legacy and new environments. This would ensure that data would be preserved. Prior to implementation, there would be a UAT process, so clients would be able to test the new environment.

Users wouldn't notice any differences between the old and new dashboards or URLs since the migration would occur during a scheduled weekend batch migration. During a short contingency period, the legacy environment would remain on, which would be decommissioned soon after migration.

The use of multi-cloud strategies will mitigate provider concentrations and guarantee provider independence. Having in-house cloud skills is a key factor in enterprise agility, including the ability to distribute cloud services to customers based on their preferences, on-premises and in the edge.