Migrating to the Cloud at Scale with Fidelity

At swampUP 2023, JFrog’s annual user conference, Gerard McMahon, Head of Application Lifecycle Management (ALM) Tools and Platforms at Fidelity Investments, shared Fidelity’s cloud migration story and how it supports the overall company philosophy. He explored the company’s focus on ensuring employee satisfaction while delivering great software and value to customers. He talked about the importance of the company’s platform strategy, and described the role of JFrog Artifactory in securing the software supply chain and running the business. In this blog, we’ll recap McMahon’s swampUP 2023 session.

Key takeaways:

– Fidelity focuses on employee satisfaction and developer experience as a means to deliver great software and value to its customers.

– The company started its cloud journey in 2016 and has since migrated 60% of its portfolio to the cloud.

– Fidelity’s platform strategy is centered around consolidating its IT infrastructure, standardizing on selected platforms, and promoting reuse and leveraging of modern technologies.

– Fidelity leverages Artifactory for curation in securing the software supply chain.

– Fidelity uses a repository to store all pipeline steps that a developer can execute during the development process, which aids in compliance, support, and security.

Fidelity company background

Founded in 1946, Fidelity Investments is a private, family-owned company headquartered in Boston and has about 42.2 million customers and 70,000 associates worldwide. About 18,000 of Fidelity’s associates are technologists who use the tools and platforms that McMahon’s group manages.

Fidelity has always had two central goals: to strengthen and secure its customers’ financial well-being, and to create a workplace where people can develop their careers. McMahon sees these goals as being deeply connected, emphasizing the link between employee satisfaction and the quality of software produced. He suggests that happy employees lead to great software, which in turn leads to customer retention.

Fidelity’s focus on delivering value was highlighted during the stock-trading frenzy around GameStop (GME) in January 2021. Many other companies saw their trading support systems crash, but Fidelity didn’t. Not only did being available during this peak trading time strengthen existing customer loyalty, but it resulted in quite a few new customers as well and is hailed as a critical success in recent years.

Technology as a core focus

From the very beginning of the company, technology has always been core to the business, and it receives significant investment year-over-year. In 2016, Fidelity started its cloud journey when their first product application was deployed to the cloud. Then in 2019, the company launched its multi-cloud hybrid strategy. Today, they have about 60% of their portfolio (or approximately 6500+ applications) in the public cloud, with a goal of +90% by 2026.

“Technology – going all the way back to the beginning of the company – has always been core to the business.” – Gerard McMahon

Cloud and Platform Engineering at Fidelity

McMahon explains that the primary job of his group, Cloud and Platform Engineering, involves:

• Helping teams get their applications through the software delivery process and then deployed into the cloud
• Enabling them to create infrastructure or use IaC (infrastructure as code) capabilities
• Allowing them to deploy onto whichever compute they want
• Making sure that teams follow all the related guardrails set for them

Over time, Cloud and Platform Engineering found high levels of redundancy as associates across teams were doing the same things over and over again. There were also high operational costs for monitoring, observing, alerting, performance testing, and generally making sure that applications behaved as expected. This directly conflicted with Fidelity’s company objective to increase business value delivery, since so many hours on the keyboard were being spent on things that didn’t directly create business value.

Cloud journey thus far

McMahon says that FinOps drives everything they do. One of the major ways they’ve reassessed how they’re managing costs is by moving from data centers to the cloud. The FinOps program has been effective in managing cloud expenses, realizing significant cost per-hour decreases since 2020. Fidelity’s FinOps journey is documented on Fidelity’s Medium site.

While FinOps was an initial driver of Fidelity’s migration to the cloud, McMahon explains that it wasn’t entirely a cost play: the cloud enables Fidelity’s teams to use new technologies, new services, and unlock innovation. In fact, McMahon reports that considerable business value has been realized across business units, most notably around innovation, scale, and agility.

The decision to scale

The cloud provides scalability, resiliency, and reliability. But McMahon stands firm that if you don’t have a way to build applications and manage your artifacts continuously it doesn’t matter. He says you need the kind of operational support that will allow you to operate 24/7 – and there’s a cost to this operational support: the cost of running the business.

When the team realized how much redundancy there was, and how many hours were being spent on maintenance and operations, they realized that they needed an expanded approach to properly scale. In response, McMahon’s team shifted their focus from simply migrating to the cloud to adopting a cloud + platform approach. This would enable the team to have fewer people managing the distribution network that supports the rest of the organization, making their operations as scalable and effective as possible.

Evolution from cloud to cloud + platform

McMahon’s vision is to enable Fidelity’s digital future with secure, stable, and scalable cloud services and platforms. The goal of an evolution from cloud to cloud + platform was to make it easy for application teams to deploy workloads to public cloud (and on-premises when necessary) by establishing and evolving core and common platform capabilities to create the foundational building blocks for Fidelity applications.

“It’s about creating core and common capabilities that everybody can build upon.” – Gerard McMahon

When the team started this process, they had a quarter of a million pipelines across multiple tools. So to ensure security and compliance, they needed to build a flexible system of common, reusable tools and frameworks that associates could stitch together in a way that still allows them to do what they need to do, but in a standard way. To do this, McMahon’s team put checks and balances along the way that provide in-the-moment feedback to developers so they can adjust their approach as needed and keep moving forward.

With the cloud + platform focus, Fidelity teams can now use the same capabilities and processes for any deployment and then directly manage their workloads once deployed. McMahon and his team achieved this by driving consistent platforms and capabilities that can be shared across the enterprise to achieve scale and deliver value. It also gives them the insight they need to drive security and compliance.

McMahon views cloud enablement as the foundation for all other core and common technology platforms. With it, McMahon concludes, Fidelity can drive best practices and standards across software delivery, container management, API, observability, event/data streaming, and operational data platforms. And to ensure their core capabilities and platforms evolve as new technologies and use cases emerge, the team has created a process where associates can express their opinions and requirements, effectively bringing the voice of the developer into the fold.

Continuous learning

On Fidelity’s cloud journey, like any journey, you learn along the way. As part of this continuous learning process, Fidelity implemented what the company calls “Learning Tuesdays” where every Tuesday is dedicated just for learning. The philosophy behind learning Tuesdays is this: if teams want to innovate and learn the latest technologies, they have to be given the space, capacity, and time to do so.

As a result, cloud knowledge has significantly increased through 1,000+ learning programs and 3,500+ industry cloud certifications delivered to 70K+ associates. These cloud learnings, in combination with close collaboration with cloud partners, have led to improved resiliency practices for Fidelity.

Two ongoing needs: security and high availability

There are two key requirements that Fidelity has for its technology: security and high availability. McMahon says that not only does Fidelity need to verify that the things they bring into their ecosystem are safe, but they also need constantly available source control, CI/CD, and artifact systems. These are the critical systems that power the business, and they need to be as available and resilient as the applications they create to be used by customers. Without security and availability, McMahon warns, you quickly lose customer confidence.

To achieve better security, Fidelity will expand the use of its software delivery platform to be the proxy for the internet such that ALL third-party dependencies come through RT JFrog Artifactory as a proxy for the public internet and all third-party dependencies. This way, Fidelity developers can scan it once – the first time – to make sure it’s safe, keeping operations moving smoothly and swiftly. Armed with continuous scanning capabilities, if something that was deemed safe initially becomes a vulnerability in the future, developers are able to see that immediately and adjust course as needed. The solutions Fidelity uses also give them what McMahon refers to as “detective-level controls” when it comes to monitoring. This enables the team to track the health of their systems and applications so they can identify and correct issues as early as possible.

When it comes to high availability, a core architecture concept with the JFrog Platform deployment is the Blue-Green approach. This pattern not only supports seamless upgrades and the ability to test at-scale, but it also provides an additional layer that can be added in an active-active capacity for unusually high load demands. This approach allows Fidelity to continue providing value for customers, even in situations such as the 2021 GameStop frenzy.

It’s the scalability offered by cloud in combination with the pillars of security and high availability that allows Fidelity to lead the financial services industry in the areas of tech and innovation.