Mark Novak is part of one of JPMorgan’s most interesting technology teams. Working under Marco Pistoia, the head of global technology applied research, Novak works on future developments in cybersecurity for the bank. His specialism is cybersecurity when it comes to the cloud. When Novak says big changes are coming, it’s therefore worth taking note.
In a largely ignored presentation at a cloud computing conference earlier this year, Novak laid out what he predicts will be the next big trend in banking technology: the confidential cloud. With banks already struggling to find experienced engineers for their current lucrative cloud roles, Novak's prognostication provides an opportunity to get ahead of what may be the next big trend in banking technology careers.
The confidential cloud will revolutionize cloud computing in finance, says Novak, who's based in Seattle and joined JPMorgan last year after 21 years at Microsoft. "Confidential cloud is to traditional cloud what traditional cloud is to legacy on-premise datacentre," he declares. It's not just a glow-up. It's, "an entirely new operating system affecting literally everything about how applications are architected, developed, deployed and governed."
Instead of rushing to take AWS certifications, engineers who want to future-proof their careers may therefore want to familiarize themselves with the confidential cloud. It's "absolutely certain" that heavily regulated institutions like JPMorgan will be asked to use confidential cloud services at some point, says Novak. And moving to those services is a huge amount of work, not a simple "lift and shift" operation.
Novak says the critical difference between confidential cloud services and the traditional cloud model is that the traditional cloud is built on a model of "trust but verify", whereas the confidential cloud is all about, "verify then trust." The variance may sound subtle, but the implications are big.
In a confidential cloud environment, the cloud is trusted only to accurately bill the user for compute, network and storage consumption, and the assumption is that the hosting environment itself may be hostile. This entails a switch to a different kind of model.
"When I buy water or electricity from a utility company, I do not have a representative of that company sitting in my living room observing what I do with their product, but with cloud computing, most of what is done in the public cloud can be examined since the cloud service provider ultimately has the super-user privilege to everything running there," says Novak. "Confidential computing promises to replace that model with that closer to a video game console where the consumer of the service (e.g., gaming or video streaming) is in physical possession of the device but cannot take it over."
The new approach must be applied not only to the code that relates to applications (in JPMorgan's case, all 2,700 of them), but to the compiler, to code taken from open source libraries, to platform hardware and to the code behind supporting services. The weakest links get attacked first.
In the case of a high frequency trading application, this means looking at the market information stored in a database, at the ingestion service that accesses the information, and at external order execution services. Throughout the verification process, the functional requirements are high because any downtime will have implications for profitability. "Every time you need to start a compute instance you are now introducing fragility and potential for downtime," says Novak. And when you roll out updates, you may need to introduce new keys, and therefore changes to key access policy.
These complexities mean that moving to the confidential cloud can involve entirely rewriting some code to suit the new environment.
Engineers who understand the new requirements and their limitations, and who can keep critical trading infrastructure functioning will be assured of future employment in banks. Shifting to the confidential cloud will entail a "mountain of work," says Novak. With traditional cloud technologists commanding packages of $200k+ in financial services, positioning yourself to climb that mountain could turn out to be a very lucrative move indeed.
Click here to create a profile on eFinancialCareers. Make yourself visible to recruiters hiring for top jobs in technology and finance.
Have a confidential story, tip, or comment you’d like to share? Contact: firstname.lastname@example.org in the first instance. Whatsapp/Signal/Telegram also available (Telegram: @SarahButcher)
Bear with us if you leave a comment at the bottom of this article: all our comments are moderated by human beings. Sometimes these humans might be asleep, or away from their desks, so it may take a while for your comment to appear. Eventually it will – unless it’s offensive or libelous (in which case it won’t.)