Cloud computing, a mature technology now in its second decade, has a clear track record of helping businesses of all types and sizes maximize speed and agility, shift valuable resources away from IT operations, and sharpen their focus on innovating and building new customer value. As a result, it's getting easier and easier for many businesses that aren't currently in the cloud to decide to start heading there.
Many businesses—but not all.
"Larger enterprises are always going to have a certain amount of resistance to such a big change," says George Brady, executive vice president and chief technology officer at Capital One. "That's especially true at financial institutions, where legacy core systems, complex operating rules, and extensive compliance requirements can make people reluctant to move to the cloud.
So how did Capital One get to the point where, in 2015, it announced that all new company applications would run in—and all existing applications would be systematically rearchitected for—the cloud? Although Capital One, a technology company that offers financial services, is different in important ways from other companies in its industry, its path to the Amazon Web Services (AWS) Cloud and its cloud-first approach to software development offers useful tips for large, non-cloud-native, highly-regulated enterprises mapping out their own cloud journeys.
Before describing the path Capital One followed to the cloud, however, Brady says it's important to understand why the company set out on that path in the first place.
"Throughout our history as a company, our overriding focus has always been on transforming and optimizing the banking customer experience," he explains. "Capital One scientists, engineers, and designers spend a lot of time thinking about how the latest technologies can help us do that."
It was no surprise, then, that the company was already evaluating cloud computing when Brady joined Capital One in 2014.
"We had a fledgling private cloud capability, and our engineers were also experimenting with AWS," he says. "The basic question was whether it made more sense to devote resources to building and operating our own cloud infrastructure or to move to the public cloud so that we could focus on building and releasing the new features and products our customers want. Given the level of customer obsession at Capital One, that question pretty much answered itself."
Even though that first question was simple to answer, it opened the door to more complicated ones—about security, compliance, and how to effect the needed culture change. In other words, Capital One was now at the point in its cloud journey where many large enterprises begin to flounder.
Brady, who brought three decades of experience on enterprise technology teams when he joined Capital One, knew that the reasonable-sounding tactic of taking baby steps can sometimes spell doom for a big company's "cloudification" goals.
"Many companies approach the cloud by trying to solve easy problems first, such as by putting isolated parts of the business on the cloud with the hope that this will make it easier to tackle the bigger issues down the road," Brady says. "We turned that on its head by deciding to solve the hardest problems first. We didn't want to be in the position of trying to convince stakeholders of the value of the cloud without being able to first assure them that we could responsibly deploy and run any of our applications there."
That meant tackling questions about security early and head on. "As a financial institution, we take the safety of our customer data incredibly seriously," says Brady. "Before we moved a single workload, we engaged groups from across the company to build a risk framework for the cloud that met the same high bar for security and compliance that we meet in our on-premises environments. AWS worked with us every step of the way."
To implement the resulting cloud risk framework, Capital One relied on both people and technology. "One key early step we took was to establish a cloud governance function, consisting of risk managers and cloud engineers, to curate capabilities and controls that would keep us well managed as we moved applications into the cloud," says Brady, adding that this team has continued to update and refine the cloud-risk-control framework quarterly. "We developed and open-sourced a compliance-enforcement engine called Cloud Custodian, to automate detection and correction of policy violations so we could keep our teams inside the guardrails without restricting their ability to work creatively and innovate for our customers. We also built a reporting portal where we can see and measure compliance in the entire fleet of services throughout our complex, multi-account environment."
Long-term planning and a focus on education were the other main enablers of the successful Capital One cloudification strategy.
"In order for all stakeholders to feel comfortable with a big change like this one, it really helps to have a long-term view of where you're trying to go, and why," Brady says. "Right at the beginning, we developed a five-year road map that aligned our use of the AWS Cloud with the company's long-term business strategy. Being able to point to the value we were going to be able to get out of the cloud was key to getting company leaders on board and turning them into cloud champions themselves. Our most effective arguments were around how the cloud supports faster innovation, saving and finding value in more data, faster recovery from failures, and shifting resources from operations to higher value work."
Carefully tailored training programs were another tool Brady and his team used to establish and maintain broad support for the company's cloud journey. "For a successful cloud project, you must make sure that anyone who can influence it understands what you're doing and why," he says. "Obviously, you need to train engineers and developers in how to use the new tools. But you also have to make sure that business executives understand how exciting the cloud is for their business goals if they're going to be willing to make the significant investments you need to keep moving the ball down the field."
Now that Capital One has been cloud–first for several years—as part of a larger long-term strategy of reducing the company's data center footprint and expanding its use of microservices—the company no longer has to speak prospectively about the value of operating in the cloud and can instead point to concrete benefits. By using AWS, Capital One is powering agile DevOps processes that help it bring new features and products to market in weeks instead of months or years; feeding data to and providing powerful model training for cutting-edge machine-learning analysis and customer-service solutions; integrating its contact centers with its CRM and other key company systems; and attracting top entry-level and mid-career developers and engineers with the prospect of learning about and innovating on the latest cloud technologies.
At customer-obsessed Capital One, however, none of that would matter if the company couldn't point to how AWS is directly benefitting its customers. Brady says that's not a problem.
"In everything we do at Capital One, we always start from what our customers need and work back from there to figure out how to give it to them," he explains. "The most important benefit of working with AWS is that we don't have to worry about building and operating the infrastructure necessary to do that and can instead focus our time, money, and energy on creating great experiences for our customers."