 From New York, it's theCUBE. Covering AWS Global Summit 2019. Brought to you by Amazon Web Services. Welcome back, here in New York City, I'm Stu Miniman, my co-host is Corey Quinn. In the keynote this morning, Warner Vogels made some new announcements, what they're doing, and also brought out a couple of customers who are local and really thrilled and excited to have on the program the CIO and EVP from FINRA here in New York City, Steve Randage. Thanks so much for joining us, Steve. You're welcome, thank you. All right, so, you know, quite impressive, you know, when I say one of those misunderstood words out there, you talk about scale, and you talk about speed, and you know, I'm taking, you know, so many notes in your keynote this morning, 500,000 compute notes, seven terabytes worth of new data daily, with half a trillion validation checks per day. That's a pretty impressive scale, and therefore, you know, it's IT's not the org that kind of sits in the basement and the business doesn't think about it, the business and IT need to be in lobster. So, you know, I think most people are familiar with FINRA, but maybe give us the kind of bumper sticker as to what FINRA is today, and you know, the IT organization role. Yeah, when I started at FINRA in 2013, I thought I was going to come into a typical regulator, which is, as you alluded to, technology's kind of in the basement, not very important, not strategic, and I realized very quickly two things. Number one, the team was absolutely talented. A lot of the people that we've got on our team came from startups and other technology companies, atypical in financial services, and the second thing is we had a major big data challenge on our hands, and so the decision to go to the cloud, you know, as I started in March in 2013, by July of that year, I was already having dialogue with our board of directors about having to go to the cloud in order to handle the data. Yeah, so, you know, big data was supposed to be that bit flip that turned that, oh my God, I have so much data to, oh yeah, I can monetize and do things with our data. So, give us a little bit of that data journey and what that, that you talked about, the flywheel effect that you've got inside FINRA. Yeah, so we knew that we needed the, you know, we were running at that time on data warehouse appliances from EMC and IBM, and which at data warehouse appliance, you know, you go back 10, 15 years, that was where big data was running, but those machines are vertically scalable, and when you hit the top of the scale, then you've got to buy another bigger one, which might not be available. So, public cloud computing is all about horizontal scale at commodity prices. Two things that those data warehouse appliance didn't have, they were vertical and proprietary and expensive. And so, the key thing was to come up, to select a cloud vendor, you know, between Google, IBM, you know, the usual suspects, and to architect our applications properly so that we wouldn't be overly vendor dependent on the cloud provider, and locked in, if you will, and that we could have flexibility to use commodity software. So, we standardized in conjunction with our move to the public cloud on open source software, which we continue today. So, no proprietary software for the most part running in the cloud, and we were just very smart about architecting our systems at that point in time to make sure that those opportunities prevailed. And the other thing I would say, and this is kind of the secret of our success, is that because we were such early adopters, we were in the financial service industry, and a regulator to boot, that we had engineering access to the cloud providers and the big data open source software vendors. So, we actually had the engineers from AWS and other firms coming in to help us learn how to do it, to do it right. And that's been part of our culture ever since. One thing that was, I guess, a very welcome surprise is normally these keynotes tend to fall into almost reductive tropes, where first we're going to have some Twitter for Pet Styles startup talking about all the higher level stuff they're doing, and then we're going to have a large or serious company come in and talk about how we moved to VM from our data center into the cloud, yay, everyone clapped. Instead, it was very clear you're using much higher level services on top of the cloud provider. It's not just running VMs somewhere else in the same way you would on premise. Was that a transitional step that you went through, or did you effectively, when you went all in, start leveraging those higher services? Okay, that's a great question, and a differentiator for us, versus a lot of the large organizations with a legacy footprint that would not be practical to rewrite. We had outsourced IT entirely in the 90s to EDS, and it was brought back in-house early in this decade, and so we had kind of a fresh environment, fresh people, no legacy, really, other than the data warehouse appliances. So we had a springboard to rewrite our apps in an agile way to be fully cloud enabled. We work with AWS, we work with Cloud Air, we work with Horton, we work with all the key vendors at that time and space to figure out how to write our apps so that they could take most advantage of what the cloud was offering at that time, and that continues to prevail today. Yeah, that's a great point, because so often it's that journey to cloud, but it's that application modernization, that's a tough journey. Right. So bring us in a little inside there, how does, what expertise did FINRA have there? I mean, you don't want to be building applications. Is the open source the things? Was it mature enough? How much did they have to help work? Would you call it co-collaboration? Co-collaboration? Yeah, the first year was hard, because I would have every high performance database vendor, and I see a number of them here today. I'm sure they're peddling their AWS version now, but they had a proprietary database version, they're saying, if you want to handle the volumes that you're seeing and predicting, you really need a proprietary, they wouldn't call it proprietary, but it was essentially a very unique solution, point solution that would cause vendor dependency. And so, and then my architects internally were saying, no, we want to go open source because that's where the innovation and evolution is going to be fastest, and we're not going to have vendor lock-in. That decision, that bet took about a year to solidify, but once we went that way, we never look back. So, from that standpoint, that was a good bet, and it made sense. The other element of your question is how much of this did we do on our own versus rely on vendors? Again, the kind of dirty little secret of our beginnings here is that we leveraged the engineer, so typically a firm would get the sales staff, right? We got the engineers, we insisted on it in order to have them teach our engineers how to do these re-architectures to do it right. And we use that because we're in the financial service industry as a regulator, right? So they viewed us as a referenceable account that would be very valuable in their portfolio. So in many regards, we scratch each other's back. But ultimately, the point is that their engineers trained our engineers who trained other engineers, and so when I did the keynote at the re-invent in 2016, one of my pillars of our success was that we didn't rely overly on vendors. In the end, we trained five to 600 of our own staff on how to do cloud architectures correctly. It's, I think at this point, it's very clear that you're something of an extreme outlier in that you integrate by the nature of what you do with very large financial institutions. And these historically have not been firms that have embraced the cloud with the speed and enthusiasm that FINRA has. Have you found yourself, as you're going in this all in on the cloud approach, that you're having trouble getting some of those other large financial firms to meet you there? Or has that not really been a concern based upon FINRA's position within the ecosystem? I would say that five years ago, very rare, I would say, you know, we've had a, I made a conscious effort to be very loud in the press and at conferences about our journey because it has helped us attract talent. People are coming to work for us as a financial service regulator that wouldn't have considered it five years ago. And they're doing it because they want to be part of this experience that we're having. But it's a byproduct of being loud in the press means that a lot of firms are saying, well, look what FINRA is doing in the cloud. Let's go talk to them. So we've had probably at this point, 200 firms that have come to FINRA to learn from our experience. We've got this two hour presentation that kind of goes through all the aspects of how to do it, right, what to avoid, et cetera, et cetera. And you know, I would say, now the companies that are coming into us almost universally believe that it's the right direction. They're having trouble, whether it's political issues, technology, debt, you name it, for making the momentum that we've made. But unlike four or five years ago, all of them recognize that it's the direction to go. That's almost undisputed at this point. And to your opening comment, yeah, we're very much an outlier. We've moved 97 plus percent of our apps, 99 plus percent of our data. We are, I mean, the only thing that hasn't really been moved to the cloud at this point are conscious decisions because those applications, either are going to die on the vine in the data center or they don't make sense to move to the cloud for whatever reason. Okay, you've got almost all your data in the cloud and you're using open source technology. As Corey said, if I was listening to a traditional financial services company, they're telling me all the reasons that for governance and compliance, that they're not going to do it. So why do you feel safe putting your data in the cloud? Well, we've looked at it. So I spent my first year at FINRA, 2013, early 2014, but mostly 2013, convincing our board of directors that moving our most critical applications to the public cloud was going to be no worse from an information security standpoint than what we were doing in our private data centers. That presentation ultimately made it to other regulators, major firms, on the street, industry, lobbyist groups like SIFMA and FIF, got a lot of airtime and it basically made the point using logic and reasoning that going to the cloud and doing it right, not doing it wrong, but doing it right is at least as secure from a physical and logical standpoint as what we were previously doing. And then we went down that route, I got the board approval. In 2015, we started looking at it and realizing that wait a minute, what we're doing here, encrypting everything, using micro-segmentation, we would never, and aren't doing this in our private data center, it's more secure. And at that point in time, a lot of the analysts in our industry like Gartner and Forrester started coming out with papers that basically said, hey, wait a minute, this perception that public cloud is not as safe as on-prem, that's wrong. And now we look at it like I can't imagine doing what we're doing now in a private data center. There's no scale, it's not as secure, et cetera, et cetera, et cetera. And to some extent, when you're dealing with banks and for a startup perspective now, and they say, oh, we don't necessarily trust the cloud, well, that's interesting. Your regulator does, in other cases, some tax authorities do. You've provided a tremendous value just by being as public as you have been that really starts taking the wind out of the sails of the old fear, uncertainty, and doubt arguments around cloud. Yeah, I mean, the doubts around it's not secure. I don't know what's going to happen. It's secure, I don't have control over it. If you do it right, those are manageable risks. I would argue in some cases, you've got more risk not doing it, but I will caution, everything needs to be on the condition that you've got to do it right. Sloppy migration to the cloud could make you less secure. So there are principles that need to be followed as part of this. All right, so Steve, doing it right, you haven't been sitting still. One of the things that really caught my attention in the keynote was, you said in the last four years you've done three re-architectures. And what I want to understand, you said each time you've got better price performance, you know, you do things, so how do you make sure you do it right? You'd have flexibility both in an architecture standpoint and don't you have to do a three-year reserve's instance for some of these? How do you make sure that you have the flexibility to be able to take advantage of, as you said, the innovation and automation that Amazon keeps moving forward with? That's a deep technical question, so I'm going to answer it simply and say that we've architected the software and hardware stack such there's not a lot of co-dependency between them. And that's natural IT 101 principle, but it's easier to do in the cloud, particularly with an AWS who kind of covers the whole stack, so you're not going to different vendors that aren't integrated. That helps a lot, but you also have to architect it right, and then once you do that and then you automate your software development lifecycle process, it makes switching out any one component of that stack pretty easy to do and highly automated, in some cases completely automated. And so when new services or new versions of products, new classes of machines, become available, we just slip them in and the term I use this morning mark to mark it with Moore's Law, that's what we aspire to do. To have the highest levels of price performance achievable at the time that it's made available. That wasn't possible previously because you would go buy a hardware kit and then you would depreciate it for five years on your books. At the end of those five years, it would kind of have scale and reliability problems and then you'd go spend tens of millions of dollars on a new kit and the whole cycle would start over again. That's not the case here. Machine learning, something you've been dipping into, tell us the impact, what that has and what you see going forward. It's early, but we're big believers in machine learning and there's a lot of applications for it at FINRA and our various investigatory and regulatory functions. Again, it's early, but I'm a big believer that the compute and storage scale, commodity costs in the public cloud can be tapped into and levered to make AI and machine learning achieve what everybody's been talking about and hoping to achieve for the last several decades. We're using it specifically right now in our surveillance for market manipulation and fraud. So fraudsters coming in and manipulating prices in the stock market to take advantage of trading. Early days, but very promising in terms of what it's delivered so far. Steve, want to give you the final word. Your thank you first of all for being vocal on this. It sounds like there's a lot of ways for people to understand and see what FINRA has done and really be an early indicator. So give us a little bit, look forward. What more, where is FINRA going next on their journey and what do you want to see more from Amazon and the ecosystem around them to make your life and life of your peers better? Yeah, so some of the kind of challenges that Amazon is working with us and partnering us on is getting a more automated, inter-regional fall over. Our industry is a little bit queasy about having everything run with a relatively tight proximity in the East Coast region. And while we replicate our data to the other East region, we think a more co-production environment like we have across the availability zones within the East would be looked upon with more advocacy of that architecture from a regulatory standpoint. That would be one. Another one would be one of the big objections to moving to a public cloud vendor like Amazon is the vendor dependency. And so making sure that we're not overly technically dependent on them is something that I think is a shared responsibility. The view that you can go and run a single application across multiple cloud vendors, I don't think anybody's been able to successfully do that because of the differences between the providers. You can run one application and one vendor and another application and another vendor, that's fine, but that doesn't really achieve the vendor dependency question. And then going forward for FINRA, I mean, the real beauty is if you've architected your applications right, without really doing any work at all, you're going to continuously get the benefits of price performance as they go forward. You're not kind of locked into a status quo. So even without doing much of any new work on our applications, we're going to continue to get the benefits. That's probably outside of the elastic, massive scale that we take advantage of. That's probably the biggest benefit of this whole journey. All right, well Steve Randage, really appreciate you. Thank you so much for sharing the journey of FINRA. All right, for Corey Quinn, I'm Stu Miniman. Back with lots more here from AWS Summit in New York City. Thanks for watching theCUBE.