This article was co-authored by Pierre Kovacs.
Banking industry leaders sit between a rock and a hard place when it comes to their IT estates. On the one hand, agile fintech start-ups are putting pressure on banks to modernise legacy IT systems and meet rising customer expectations. On the other, strict regulations and increasingly savvy cybercriminals mean data and system security remains paramount.
With the right cloud adoption frameworks and a host of security and optimisation tools from leading cloud providers, technology leaders in banking and capital markets can find the best of both worlds and deliver a secure, optimised cloud-enabled architecture.
This blog will explore what cloud-enabled architecture means for banks, what to look for in an adoption framework, and how major cloud platforms offer tools to enhance security and optimise system performance.
WHAT IS CLOUD-ENABLED ARCHITECTURE?
There are many routes to the cloud, so it’s worth clarifying what we mean by cloud-enabled architecture – and why this method can be so appealing for banks.
Cloud-native is one approach to adopting cloud solutions. It involves using cloud services as the building blocks for new technologies – combining cloud-based microservices to build a new solution or relying on tools like artificial intelligence (AI) and machine learning (ML), which many cloud providers offer as out-of-the-box functions.
While banks may look to cloud-native approaches when designing new services, that won’t always be suitable when dealing with mission-critical legacy systems. In these cases, a cloud-enabled architecture can be more appropriate.
A cloud-enabled approach involves taking a system built for on-premises architectures and hosting it in the cloud – preferably with as few changes to the system as possible. Lift-and-shift approaches to migration are the most common examples of cloud-enabled architecture.
KEY CONCEPTS FOR CLOUD-ENABLED ARCHITECTURE
Simply moving a previously on-premises workload to the cloud is no guarantee of security and performance. But you can apply a few general concepts across workloads and platforms to ensure your cloud-enabled architecture is optimised and secure.
Cloud security principles
Most cloud providers offer tools to help control who has access to systems and data and to ensure bad actors can’t intercept data in transit or at rest.
For access controls, Identity Access Management (IAM) and Role-Based Access Control (RBAC) form the foundation of identity management. IAM controls which users can execute certain actions, while RBAC offers more granular control of how entire user groups use systems. Both play an essential role in securing cloud-enabled architecture.
Data encryption is another key consideration for cloud-enabled security. Whichever cloud provider you work with, you’ll want to assess its credentials around Transport Layer Security, encryption at rest, dynamic data masking, predicate-based filtering, and column- and row-level security.
Another security feature to look out for is the private infrastructure option available on many popular cloud platforms. The largest providers offer direct connections between their data centres and a customer’s premises – bypassing the public internet to provide improved security.
Data optimisation principles
Moving previously on-premises workloads to faster, more performant cloud architecture often improves performance by default. But there are other things to consider that can further optimise the flow of data across your organisation’s systems.
Unlike fixed on-premises infrastructure, where new instances of a piece of data require costly hardware in another location, cloud data can be easily replicated across different sites to simplify and streamline access.
Similarly, you can quickly deploy extra cloud instances and resources to scale with demand or deploy new features. And if customers who need your data are in the same cloud, there are even potential benefits to having co-located data that can reach customers faster.
And, of course, cloud data instances can be decommissioned just as quickly once you no longer need them – freeing up budget for use elsewhere.
WHAT DOES EACH CLOUD PROVIDER OFFER TO SUPPORT CLOUD-ENABLED USE CASES?
Every major cloud provider offers generous toolsets to help banks deliver a secure and streamlined cloud-enabled architecture. Some of the most well-known cloud providers go even further, offering unique data security and optimisation tools.
Part of the Azure cloud platform, Microsoft Purview assists with data governance, security, and optimisation in the cloud. It includes four powerful tools:
- Data Map can map processes from end to end to improve data discovery and enhance access controls
- Data Catalog empowers teams to browse their entire data estate and enrich data with useful business terminology and context
- Data Estate Insights offers data governance teams a visual, centralised view of their data to simplify management
- Data Sharing delivers a central system for regulating data access and improving controls while streamlining how data is shared with consumers
Amazon Web Services (AWS)
AWS offers several interconnected features to help with data management and security.
Glue Data Catalog is a centralised metadata repository that works with other AWS services to secure and optimise data. It can be used alongside AWS Lake Formation and AWS policies to control data access. When used with CloudTrail, AWS’ service for account governance and compliance, it also provides auditing and logging.
There’s also Amazon Macie, which uses machine learning and pattern matching to identify and secure sensitive data residing in AWS S3 buckets.
Google Cloud Platform (GCP)
GCP also offers a suite of security tools that connect with most of its other data solutions. Cloud DLP (Data Loss Prevention) can discover sensitive data, mask it, and even measure the risk of re-identification in the case of tokenised data.
Google’s cloud suite also includes Dataplex, a centralised service for discovering, managing, and governing data. Dataplex offers a place for centralised control and distributed ownership while unifying distributed data to bridge the gap between silos. It can even let teams manage data lakes, warehouses, and marts through a single tool.
GET THE MOST FROM CLOUD-ENABLED ARCHITECTURE WITH THE RIGHT APPROACH
With so many cloud providers, tools, and migration frameworks, it can be difficult to know which ones are the right fit for your bank and its IT stack. While the proper solution might fit one of the use cases above, it’s worth mentioning that a multi-cloud solution could be the best answer in your case if you need to combine tools offered by different cloud providers.
That’s where a partner like Endava can help. Technology- and platform-agnostic, our experts can give you an unbiased view of which platforms and approaches will deliver maximum value in your cloud-enabled journey. And we have extensive experience in protecting data and designing systems with security and governance in mind.
If you’re looking to make the most of cloud-enabled architecture but have questions about how to get the most out of today’s providers, solutions, and tools, our experts can guide you.