PegaWorld 2025: Connect, Migrate, Succeed! Accelerate Your Pega Cloud Journey with "Cloud Secure Connect"

PegaWorld 2025: Connect. Migrate. Succeed. – Accelerate Your Pega Cloud Journey with Cloud Secure Connect

Hello Fabulous Las Vegas. It's fantastic to be here at PegaWorld with so many brilliant minds. In the next 30 minutes, we want you to take on a digital transformation journey, showing how you can benefit from Pega Cloud and how you can build more scalable network connectivity models to move even faster. So let's take off. How was your journey? Thank you. Jakub.

After the flight from Poland, with a layover in Amsterdam and all the great conversation I had here at the Innovation Hub, I'm feeling more connected than ever. It's great to be here. Okay. It's great that you had a pleasant flight. Greg's journey is a perfect metaphor. Just as he embarked on his travel from Poland to Frankfurt, landing in Vegas, probably navigating through different checkpoints and ensuring a smooth transition. Our clients can use Pega Secure Connect as their trusted aircraft.

This reliable aircraft ensures that each step of the way is secure, efficient, ultimately leading them to Pega Cloud. This is a great point in this presentation, we will share with you how you can benefit from the hub and spoke networking model. And just like the airlines have multiple hub and spokes, our client organizations have multiple spokes with Pega Cloud being a key destination.

Our goal is to make the journey to Pega Cloud as comfortable and seamless as possible, no matter how many other destinations you need to connect to our clients. Organizations are vast and differ from each other, but one pattern that works really well is the hub and spoke networking model. Many great results can be achieved faster with Pega Cloud connected to your hub as a spoke, and there is no better person to talk about client results than Cuba.

So my name is Jakub Stando and I'm leading a team of Cloud product managers at Pegasystems. I oversee network and infrastructure portfolio. When working with my team, we analyze and deliver all those capabilities that are part of Pega Cloud as a service experience. During my discussion with clients, I really I am really passionate about understanding how clients may solve different use cases through technology.

So since I mentioned about the product, let's now move on and discuss what are the benefits of Pega Cloud. So in our studies, we have observed significant benefits for clients who have transitioned from self-service Pega managed to Pega Cloud. With Pega Cloud, you can gain access to the full set of Pega's innovations, including advanced technologies like GenAI.

This position your business to leverage AI driven insights and automation, unlocking new levels of operational efficiency and creativity by continuously integrating those cutting edge capabilities. You can redefine what's possible within your industry and maintain a competitive edge. Our research indicates that clients using Pega Cloud can deploy over ten changes per week. This means that your business can add up to evolving market conditions and customer demands rapidly.

Time to market is critical factor in today's fast paced business landscape. Clients have reported a 25% reduction in time to market, which was enabled by Pega Cloud streamlined process and immediate access to the latest features. Focus on what matters. By offloading the operational complexities of managing and updating Pega, your team is free to concentrate on strategic initiatives that drive your business value.

Pega Cloud ensures that your systems are managed in a proper way, so you focus on innovations and customer satisfaction rather than IT maintenance. So why manage Pega yourself when you can do it better, more securely and cost effectively? So let's explore that into the details. I invited Greg to the stage to talk how Pega Cloud architecture really works. So thank you Jakub. I'm Grzegorz Lysko and I have the privilege of serving as Director of Cloud Architecture here at Pega.

With over a decade of experience in creating cloud solutions, throughout my career, I've been passionate about solving complex business challenges using technologies at Pega. I lead a team of talented cloud architects, which are dedicated to push the to push the boundaries of what cloud solutions can achieve. This allowed me to lead the development of cloud free, which brought improved scalability and operations.

When we embarked on the journey of developing cloud free, our primary focus was to enhance the capabilities that would maximize our clients potential. We aimed for improved scalability, allowing seamless growth and adaptability beyond even peak usage scenarios so your systems can handle the demands of tomorrow today. We also prioritized and enhanced fault tolerance. Enabling autonomous recovery and service restoration.

This means less downtime and more reliability, ensuring your business operations continue uninterrupted. Furthermore, we introduced independent service updates, increasing change velocity while delivering the latest functionalities and security enhancements. Our clients can benefit from the most advanced features without the hassle of manual infrastructure updates.

My architecture team and me are dedicated to ensuring that Pega Cloud remains a future proof solution, incorporating cutting edge technologies like generative AI and hence and enhanced disaster recovery. We are also committed to providing a state of the art delivery platform built on microservices and Kubernetes for improving operational efficiency and reliability.

I'm excited to share more as we continue how these innovations can benefit your organization as we continue through today's presentation. So our clients confirm that all these features are invaluable and hard to achieve when running Pega on their own. That's why we spend so much time helping our clients migrate to Pega Cloud at Pega. We have developed a seamless cloud migration process from our work with other clients. Let's look on this process on the high level.

So the first step is in our migration process is to evaluate your current state. So we conduct a comprehensive readiness assessment to understand your existing applications, infrastructures and business needs. This critical phase helps identify potential challenges and opportunities. So we are setting a solid foundation for a successful migration with the insight from the previous step. We craft a migration strategy that aligns with your specific goals and requirements.

This involves detailed planning to ensure that each step of the migration process is optimized for your unique situation. Our team works closely with you to define timelines, resources, and key milestones, ensuring clarity and alignment during the migration phase. We handle service provisioning and the actual migration of your applications to Pega Cloud. Our experienced team managed the process to ensure that all your applications are transferred securely and efficiently.

We leverage best practices to minimize downtime and ensure a smooth transition. And once you are on Pega Cloud, we focus on continuous improvement and enhancement of your cloud environment. So this can involve ongoing monitoring and optimization to ensure that your applications perform optimally and can adapt to future business needs. We are committed to helping you maximize the value of your Pega Cloud investment. So when I'm working with clients, I'm mostly involved in the planning and migration phase on different levels. And during this phase, our clients have to ask themselves a critical question. If internet connectivity is not a primary option for your business, then we provide Pega Secure Connect, which is part of Pega Cloud, and it fits perfectly into the hub and spoke model, which is a system design used to optimize the specific flow in networking and connectivity.

It can be used to optimize the flow of data between data centers or Pega Cloud. This model is a highly effective design for managing the flow of information and services within your network, providing both flexibility and scalability. At the core of the hub and Spoke model is a central hub which serves as the primary processing and distribution center. This hub functions as your main networking point, effectively managing all your peripheral connections to peripheral systems.

With Pega Secure Connect, you and your organization's retains full ownership of that hub, giving you full flexibility over your network architecture. Connected to the central hub are the spokes. The endpoints that were information and services are delivered or collected in this model. Pega acts as a vital spoke, seamlessly integrating with your primary hub and other systems. This integrations ensures efficient data flows and streamlined communication across your network.

Pega Secure Connect is the technology that provides a stable and reliable link between your hub and Pega Cloud. With speeds up to 100 gigabits per second, it can meet the most even differentiated use cases to maximize the flexibility. Pega Secure Connect offers a comprehensive portfolio of connectivity options that can meet the demands, even of the most advanced organizations. Okay, so let's talk about what Pega Secure Connect really delivers.

So the first connectivity type, AWS Direct Connect, provides a dedicated, cost effective, reliable and network connection from your enterprise network to Pega Cloud hosted on AWS, it leverages AWS public infrastructure to also connect to other AWS services. So if you already have the AWS account, you may also connect to those services. Public connectivity via Cloud exchange.

So this method utilizes your existing infrastructure as a service provider to enable rapid development and broad access to cloud services. The third option, AWS Privatelink, offers private, secure, and scalable connectivity between your VPC and Pega Cloud on AWS without exposing traffic to public internet. It simplifies network architecture and enhanced security by keeping the traffic with AWS network. The next connectivity option is offered for Pega Cloud on GCP.

It's the equivalent of AWS Privatelink. Private Service Connect and this option again enable private high performance connectivity between your GCP project to Pega Cloud. The last connectivity options that we offer as part of Pega Secure Connect is Google Peering, which established a public peering connections with Google's global network between again, Pega Cloud on GCP and your project. Out of all of those connectivity options, our clients usually choose AWS Privatelink.

To understand how it's set up, we have to start with a virtual Private Cloud VPC, which can act as a primary hub in your network, which serves all your connectivity needs. This allows you to connect multiple systems using technologies that best fit your organization organization's requirements and give you full control and flexibility. Pega Cloud provides a dedicated VPC for each client, which is which acts as a critical spoke in your network.

This dedicated VPC ensures maximum security and scalability, allowing your critical operations critical applications built on Pega to operate effectively and seamlessly. By isolating Pega applications, we create a secure enclave that can seamlessly integrate with your existing infrastructure for outbound connection. The setup process begins with setting up a network load balancer and a Privatelink endpoint service within the hub.

Once this is configured, our teams set up the necessary security policies and then create an endpoint that allows and that enables the traffic to flow from Pega to the to your systems. For inbound connectivity, we configure the network load balancer and the Privatelink endpoint service where whereby the client the client just configures the endpoint itself, enabling the traffic to flow.

And just to show how this setup can be easy for you, I've recorded a small, small demo with the steps needed to do for inbound connectivity. So we start with going into the AWS console. Then we go into VPCs. Here we are choosing endpoints and click of course Create endpoint. As I was saying, we're going with a network load balancer. Then we have to given the name of our endpoint. We provide the service name which you will receive from Pega. And in this case I have pre-created the VPC.

So it's very simple. We just provide the VPC name subnets. And availability zones. And for security policies we attach a security group to this endpoint. Now we wait until AWS establishes the connection. This takes around like a minute or two if everything is set up correctly, which is very fast and easy. And here we see that the connection is there. Although this setup is easy and fast, your organization may have additional network security needs.

That's why Pega Cloud offers additional set of networking capabilities like the client Managed inbound access control. So at Pega, we understand that the security and compliance are paramount for your organization. So that's why we have designed our inbound access control to give you the power to meet these needs effectively. So firstly, by default all inbound connections are denied.

This default denied ensures that only trusted entities can access your environment, significantly reducing the risk of unauthorized access. Secondly, our product offers granular control over network access so you can define specific network policies for each of your environment, giving your flexibility to tailor security settings to meet your unique requirements on different applications.

So whether you are controlling incoming traffic at the global level or managing at the specific Subpaths Pega Cloud gives you the precision you need to maintain robust security. Moreover, Pega Cloud three. So the latest version of the product empowers you with the self-service capabilities through the Pega Cloud portal. You can easily manage allow listing. This feature is designed to put control back into your hands, allowing you to adapt quickly.

And you don't need also to wait for the support team to execute that ticket. It's all about making our operations more agile and responsive. Let's explore how static inbound IPS can enhance your cloud operations and security with Pega Cloud advanced networking. You gain the ability to manage the traffic coming from the internet to Pega Cloud using a dedicated set of IP addresses.

The static IPS are a crucial component in ensuring predictability and stability of your network connections by subscribing to Pega Cloud Advanced Networking. You can request additional static IPS that are dedicated solely to your cloud environments. This dedication means you have consistent endpoints for all your inbound connections, greatly simplifying network management and troubleshooting.

Static inbound IPS provide a reliable point of access, which is essential in order to maintain robust security protocols. By knowing exactly where the traffic is going to, you can establish precise access policies and security measures. This setup also reduces the complexities and inefficiencies connected with dynamic IP address changes.

Okay, so now let's shift our focus to client Manage Outbound Access Control, a feature that helps you to manage and secure data flow from Pega Cloud to external services. With outbound access control, you have the tools needed to ensure your network meets advanced security and compliance requirements. So let's talk about granular segmentations. You can precisely control which integration services are accessible from your cloud environments.

By segmenting outbound connections, you can ensure that only necessary and approved services are accessible, minimizing the risk of unauthorized data transfer and enhancing security. Another key aspect is the default deny of outbound connections. This default settings forces a deliberate approaches to granting access and ensuring that only trusted endpoints are permitted, which significantly reduce exposure to potential threats.

Employing client managed outbound access control empowers you to improve your security posture, comply with regulatory standards, and protect against data breaches. So, let's wrap our technical section deep dive by revisiting the key benefits of Pega secure, connect and cloud networking options. We've seen how it simplifies how it enhances security and scalability, integrates through the hub and hub and spoke networking model, and all of that at great speeds and enterprise grade reliability.

Our offering is powerful and flexible enough that even the most advanced organizations can use it to integrate their systems with Pega Cloud. Now let's shift our our focus to how our clients are using those capabilities in real world scenarios, from banking to healthcare. Pega Secure Connect is transforming operations and accelerating innovation. Okay, so as we arrive at this pivotal point in our journey, let's blink all the technical insights together and focus on what truly matters.

That real world scenario. Now we'll bring together everything we have discussed so far by focusing on how Pega secure connect directly support your success. Connect. Migrate. Succeeded. Um, so yeah, I just want to say that connect. Migrate. Succeed, accelerate Pega Cloud journey with cloud secure connect is not just a slogan. And we'll now go through the example of how our clients use that capability to move through the digital transformation journey.

So we have worked with an organization running a business, critical Pega applications in their own cloud environment, and their application is accessed by users over the internet, and they use mobile devices to access Pega applications. They also rely on VPN to connect with various third party services. And like many of you, they face the challenge of scaling up and adding new integration, especially with service systems inside their secure corporate network.

So the client needed to meet all the regulatory requirements for financial services, which I which, as you can imagine, are highly regulated. And their long term was to expand rapidly and deliver the new feature faster and never compromise on security and compliance. So they decided to move to Pega Cloud and let's see how this journey looks like from the migration perspective. If you remember the migration framework, that's the almost the last one step. Okay.

Let's start by bringing Pega Cloud into the picture. Our first step was to establish a robust security network connectivity between the client's hub and Pega Cloud using Pega Pega secure AWS Privatelink. This foundation was critical not only for the initial migration, but also for ongoing long term operations by establishing the ingress connectivity. We allowed a secure movement of application and data from the existing database into Pega Cloud, ensuring that sensitive information was protected. In parallel, we established egress connectivity, empowering the new cloud based systems to communicate with third party systems and data sources. Both directions, inbound and outbound, were secured with a Pega secure Pega outbound access control and inbound access control, ensuring compliance with industry standards and the organizational and internal organizational policies.

Before executing the migration to production in production, we validated the entirety connectivity process in lower level environments. This includes a set of comprehensive checks and tests to guarantee a seamless experience and minimize any risks of disruption. Once we confirm everything was operating as expected, we initiated the actual migration, securely transferring the data and application over the established private link connection.

After that, we performed a smooth cutover allowing users to start working with the new environments. Post-migration. The client entered a rapid growth phase that and quickly onboarded additional systems and new integrations, scaling their operations while maintaining their security and compliance posture. Thank you for this example and deep dive. So we invite you to accelerate your digital transformation by using the full potential of Pega as a service experience when moving to Pega.

You get the access to the latest capabilities. You can truly focus on delivering business value and leaving the operational activities for us. Use Pega Service Connect to establish dedicated connectivity so you can follow your organization's security standards and improve security posture. Remember that you have self-service capabilities which allows you to manage your own environments on Pega Cloud.

When delivering your network and connectivity and when thinking how it can look like, please analyze the future state and adopt hub spoke model for better scalability and security. Owning the hub on your site improve even further than security and control. Finally, if you need any additional capabilities to strengthen the allow listing mechanism, use Pega advanced networking connectivity to secure the egress and keep the static IPS for inbound connection.

So that's all what we prepared now for you. And now it's time for the questions. So if you have questions, there is a mic on the right and left side. We are here to answer the question. Yep. So the VPC setup which is needed on AWS, is it done by Pega. Or it has to be done by the clients. So, uh, we delegate that to the client because we want to offer you, uh, the full ownership and control over that VPC, that VPC, the VPC for Pega Cloud is, of course, set up by us.

Uh, and we manage that VPC as part of our offering, uh, and make sure that it's secure and and and scalable. So that's two VPC needed. So um, depending on what your, what your question is about in the hub and spoke model that we we've discussed. Yes. So one VPC was the Pega Cloud VPC where the environments are running. And the second VPC was the was the hub that we described. Yes. So yeah we're where we're establishing that connection using for for example Privatelink. Yes.

So that VPC is something you control because in the end if you need Pega secure connect, this means that you have some kind of like data center or cloud presence where you need private connectivity. So Pega Secure Connect is more for use cases where, um, internet is not enough, as we were saying. So for example, you have like a private database or system of record that is internal to your organization and then you need to connect to it privately, not via the public internet. So here private links works really well because it uses a dedicated AWS backbone. Yes. So this means that the data that you're getting reading using Pega from, uh, from a database or some kind of service that you have in your own data center doesn't go through internet, which is much more secure. And you mentioned that's the preferred way of connection where there are some others also. Right. So yes, as we mentioned, Pega Secure Connect has more connectivity options.

And they were they were listed here. Okay. And it handles the voice packets also for Voice AI processing. Yes. Yes. But here we would have to dive more into the use case how your network architecture looks like. But privatelink that or like generally Pega secure Connect is works really well with all the protocols. So it basically a tcp IP, all the TCP IP based traffic and UDP traffic works seamlessly there. Okay. Thank you.