Lori Beer, global chief information officer at JPMorgan Chase, says the bank has learned a lot during its transition to using services from outside cloud computing providers such as Amazon Web Services. Armed with this knowledge, Ms. Beer said in a recent interview, JPMorgan will soon give the green light to storing “highly confidential” data with cloud providers, a sign of the bank’s confidence in its revamped cloud strategy.
Ms. Beer’s comments are surprising because banks are typically hesitant to talk publicly about how they’re using emerging technologies. That’s especially true for cloud computing, where the idea of using servers and storage shared across multiple customers—sometimes referred to as the public cloud—has been a tough sell for highly regulated industries. But Ms. Beer, who joined JPMorgan Chase in 2014 and was previously CIO of its Corporate & Investment Bank, has accelerated JPMorgan Chase’s use of cloud services since taking the job in September 2017. With an increased focus on cybersecurity, she is building on the plan that her predecessor, Dana Deasy, set in motion before announcing his retirement from the company.
• JPMorgan CIO sees more use of public cloud infrastructure
• AI and machine learning are part of cloud strategy
• Company exploring blockchain for transaction verification
Under Ms. Beer, JPMorgan Chase has put more emphasis on artificial intelligence and blockchain to make its products easier to use and more secure. It has also beefed up its cybersecurity ranks and focused on hiring staff with experience building applications that run on AWS, Google Cloud, Salesforce and other cloud providers.
In media reports in 2016, Mr. Deasy voiced support for using storage and computing services from cloud providers like AWS, Microsoft and Google to augment the bank’s computing systems running in private data centers. Further highlighting the bank’s resolve, Mr. Deasy in late 2016 hired IBM veteran Harish Grama to serve as a dedicated CIO for JPMorgan Chase’s cloud business. A year later, it launched its first applications on cloud providers. Since then, however, JPMorgan Chase hasn’t given much indication of how its cloud transition is going.
Following is a transcript of our recent conversation with Ms. Beer, edited for clarity and brevity.
JPMorgan has made a lot of changes to its cloud strategy since 2016. Can you tell us what happened and describe your current approach?
What we talked about in 2016 was commitment to a multi-cloud strategy. When I became CIO a little over a year ago, we took a refreshed view of our cloud strategy. Frankly, one of the things I had to start with was getting the right talent in place. So our team now is totally refreshed with new talent—people who have built on the public cloud, people who understand the whole engineering ecosystem.
We reset...how we think about the risks and the controls, especially in our business—which is one of the most globally, systemically important banks. These are important decisions, especially in a “shared responsibility” model [in which cloud providers are responsible for securing their services from external attack, and customers are responsible for securing their applications]. We doubled down on our commitment to a multi-cloud, hybrid strategy, which means using private cloud plus three public cloud providers.
The other big thing was changing our approach to security. We basically built a 50-person cloud security team in Seattle. We’ve been focusing so much on our part of the shared responsibility model and public cloud that we’re comfortable saying that by the end of June, highly confidential data can go into the public cloud for JPMorgan Chase.
You’re obviously already deploying on multiple cloud providers, but how hard is it to get that up and running?
We focused on getting it right with AWS first, but since we have a multi-cloud approach, we’re applying our lessons to all of our providers, including Microsoft and Google. We ultimately want to have the ability for an engineer to say, “Here is the right place to go.”
What are your thoughts on cloud machine learning (ML)? The three providers are touting these services, but it sounds like you’re still in the early stages.
We did a whole mapping out of core infrastructure services and technology capabilities that we wanted to provide. It was AI and ML that drove our thinking to do more of a public-cloud-first mindset. We hired some great talent out of Google, like Apoorv Saxena (global head of AI at JPMorgan), who has been driving our AI and ML platform. For us, the AI/ML data, or things where we think going public-cloud native is actually a better approach from a business perspective, are going to be the lead use cases where you see us focusing more on public cloud.
What are some of the use cases for AI and ML? Why are you focused on it?
In [JPMorgan Chase CEO Jamie Dimon’s] letter to shareholders, he actually calls out several use cases for AI. I’ll give you one example: So many of our credit card algorithms around fraud use AI algorithms today. Applying machine learning, he has one example in there he cites where we saved $150 million. So it’s defense and protection. I have to do it in a cybersecurity space because the attackers are getting more sophisticated. I have to do it in the fraud customer-protection space.
We doubled down on our commitment to a multi-cloud, hybrid strategy.
Then you get into how it will drive the next level of efficiency and productivity: For example, a trader doing a request for a quote having real-time information to best meet the needs of a customer. So there will be real-time personalization, and we’re using virtual assistants much more in our internal help desks and to service customers. So there are definitely productivity opportunities. There are revenue generation opportunities, and it’s critically important for us in fraud, risk and control.
Do you have a hypothetical example of a development pipeline around cloud where there might be a new business model attached?
Our Interbank Information Network [a JPMorgan Chase blockchain-based service that helps more than 200 member banks process payments] is based on our Quorum blockchain that we built and open-sourced. If you think about complexity in payments, it’s not the speed of processing a payment—obviously that’s not a good use case for blockchain—but there is all kinds of information sharing that happens around payments. So if I am a remitter bank or a beneficiary bank in a cross-border scenario and have to share KYC [know your customer] information, that’s one application. Instead of an operations team picking up the phone and calling, I have a secure way of information sharing across the blockchain. So we could build a utility that actually facilitates the evolution of blockchain and financial services.
So the participants in the chain are using that app to verify transactions?
The Interbank Information Network created the ecosystem. Now, because it doesn’t require speed-of-light transactions, a blockchain transaction can work. One of the inventions we put in [Quorum] was privacy. Blockchain was built for security—you have this permissioned network. And we built the privacy capability so that only you can unlock and see that transaction in a permissioned network.
Are there other enterprise-facing blockchain applications that you’re exploring besides the Quorum use case?
Anything that looks and feels like a supply chain is a great [example]. So think about trade finance and the exchange of documentation. I think you’ll continue to see us in that payment ecosystem, coming up with new use cases. Time will tell if it can be helpful in digital identity.
Has what’s happened in the cryptocurrency markets affected the enthusiasm you’ve seen around the enterprise use cases?
No, because we really view blockchain distributed ledgers from a core technology perspective. Cryptocurrency and what has happened there is an application of it and that’s why we’re trying to make the distinction. In all of our use cases, we know the identity of the participants, which has to be known because of regulations and many other things, so it’s very different.
What’s the thing you hear most commonly on the operating committee from the non-technical people at JPM? What questions are they asking you?
The questions are always about speed—how are you enabling speed? And I don’t necessarily mean getting things done faster by taking shortcuts. It’s how are we building products and platforms so that if I want to orchestrate a new Chase customer experience, we can pull those micro services together and orchestrate that new capability faster, and that’s what the modern engineering really does for us.
The story has been updated to clarify that the Interbank Information Network isn't built on public cloud infrastructure.