Criteria:

1. Improve operational efficiency and speed:

Firstly, cloud services provide scalability, allowing businesses to easily adjust their computing
resources based on demand. This agility can help companies quickly respond to changing
operational needs, ensuring resources are available when required. Secondly, cloud services also
handle the maintenance, updates, and patching of infrastructure and software, freeing up IT
teams to focus on more strategic tasks, ultimately improving efficiency.
2. The system must have flexible scalability:
Cloud providers offer a wide range of services that can be provisioned on-demand, such as
virtual servers, storage, and databases. This enables businesses to quickly add or remove
resources as required. Moreover, cloud platforms offer load balancing services that distribute
incoming traffic across multiple instances, ensuring that workloads are evenly distributed and
that applications remain responsive even during traffic spikes.
3. High security standards need to be maintained for data security, privacy, and compliance with
industry regulations:
Cloud platforms provide tools for monitoring security events and conducting audits to track and
investigate potential security threats, helping organizations maintain data security and
compliance. Cloud providers also often offer tools and services that help organizations manage
privacy controls, such as consent management and data anonymization, to meet privacy
requirements. Furthermore, cloud providers allow businesses to specify where their data is
stored, ensuring compliance with data residency and sovereignty requirements in various
regions and industries.
4. The ability to rapidly and easily incorporate new technologies, financial products, and market
volumes:
Cloud platforms offer APIs and integration tools to connect with third-party services, data
sources, and partners, facilitating the incorporation of new technologies and data. Also, it
enables faster deployment of new technologies and products through Infrastructure as Code
(IaC) and automation, reducing time-to-market. Furthermore, cloud providers offer managed
services for databases, serverless computing, and more. These services simplify the adoption of
new technologies, reducing the need for in-house expertise.
5. Needs to be cost effective:
Cloud providers typically offer a pay-as-you-go or consumption-based pricing model, where
organizations pay only for the resources they use. This eliminates the need for large upfront
investments in hardware and software. Not only, cloud computing eliminates the need for
organizations to maintain and manage physical servers and data centers, resulting in cost savings
related to hardware maintenance, cooling, and power consumption but also cloud providers
continuously optimize the use of resources, resulting in efficient utilization of servers, storage,
and networking equipment. This efficiency lowers operational costs.

Constraints:

1. Hardware limitations of the OATS system:

The limitations of the hardware infrastructure used by FINRA, particularly in terms of storage
and processing capacity, imposed technical constraints on their ability to handle large volumes of
data and complex queries efficiently. This affected their ability to conduct market surveillance
 and investigations effectively. Furthermore, the discontinuation of support for older hardware by
technology vendors presented a constraint. This necessitated a decision on investing in new
hardware.
2. Inflexible scalability:
The existing infrastructure had scalability limitations, and the traditional on-premises approach
constrained their ability to quickly adapt to changing market volumes. This was especially
evident during periods of peak market activity.
3. Cultural constraints:
There was resistance to adopting cloud computing technology within the organization.
Traditionalists valued the stability of proven technologies and were skeptical about the reliability
and security of the public cloud.
4. Security and Privacy concerns of the Cloud computing system:
Concerns about the security and trustworthiness of cloud providers were constraints, as moving
sensitive regulatory data to the public cloud raised security issues. If the security and privacy of
the cloud isn’t properly maintained it could have a risk of data leakage in the public cloud
environment. Data transfer between an organization's on-premises infrastructure and the cloud
may raise concerns about data interception.
5. Resource Allocation and Cost:
The substantial need for operators to uphold the current infrastructure and the challenge of
transferring active data to different storages, prompted by storage limitations, posed notable
resource limitations.
6. Storage limitations of the OATS system with the increasing volume of data:
The storage limitations of the OATS system forced the operators to move data in different
storages. This made the organization lose a lot of time when dealing with old data. Also, the
need for increasing storage constantly is not cost effective.

Implementation:

1. Assessment of Current Infrastructure:

We begin by conducting an in-depth assessment of the current on-premises infrastructure. This
assessment should include the hardware, software, human resources, and costs associated with
maintaining the existing infrastructure.
2. Cloud Service Selection:
For we have to select cloud providers first. We evaluate different cloud service providers such as
AWS, Google Cloud Platform (GCP), Microsoft Azure, etc. Determine which cloud provider aligns
best with FINRA's needs and the scalability required.
3. Data Migration Strategy:
We develop a comprehensive data migration strategy to transfer existing data and applications
to the cloud. Ensure data security, integrity, and minimal downtime during the migration
process. We can leverage cloud-specific data migration tools and services provided by our
chosen cloud provider. For example, AWS offers the Snowball service for offline data transfer.
Consider using third-party migration tools and services that can optimize the data transfer
process.
4. Security Measures:
 We begin this stage by understanding the specific regulations that apply to our organization.
Identify industry-specific and regional regulations that dictate data security and privacy
requirements. We categorize our data based on sensitivity, such as public, confidential, or highly
confidential. Determine which data should be kept on-premises or in a private cloud, and which
can be hosted in the public cloud. Develop and document comprehensive security policies and
procedures. Ensure they cover data access, encryption, authentication, and data retention.
5. Scalability Plan:
We start by understanding the current data volume and expected growth. Analyze the nature of
the data, such as structured, unstructured, or semi-structured. We segment the data based on
access patterns, importance, and performance requirements. Tier data into hot, warm, and cold
storage based on frequency of access. Then we implement data sharding or partitioning
techniques to distribute data across multiple resources. This helps in distributing the load and
optimizing performance.
6. Disaster Recovery and Redundancy:
We implement data replication and backup strategies for critical data and applications. Regularly
back up data to both on-premises and cloud-based locations to ensure data availability and
integrity. We set up monitoring tools and alerts to proactively detect issues or anomalies in our
hybrid cloud infrastructure. This allows for a rapid response and remediation. Then we create a
comprehensive disaster recovery plan that outlines the steps to take in case of a disaster or
outage. Include roles and responsibilities, communication procedures, and recovery workflows.
7. Training and Change Management:
Train the FINRA team in cloud technologies and ensure a smooth transition from on-premises to
the cloud. Address any cultural resistance to change within the organization.
8. Testing and Validation:
After deployment of the system, we conduct extensive testing and validation of the cloud-based
infrastructure to ensure that it meets regulatory requirements and operational needs.
9. Continuous Improvement:
We have to develop a culture of continuous improvement by regularly reviewing and optimizing
cloud resources and processes to ensure efficiency and cost-effectiveness.