Skip directly to search

Skip directly to content

 

How Can Banks Create a Secure, Optimised Cloud-Enabled Architecture?

 
 

Banking | Adriana Calomfirescu |
09 November 2022

This article was co-authored by Pierre Kovacs.

Banking industry leaders sit between a rock and a hard place when it comes to their IT estates. On the one hand, agile fintech start-ups are putting pressure on banks to modernise legacy IT systems and meet rising customer expectations. On the other, strict regulations and increasingly savvy cybercriminals mean data and system security remains paramount.

With the right cloud adoption frameworks and a host of security and optimisation tools from leading cloud providers, technology leaders in banking and capital markets can find the best of both worlds and deliver a secure, optimised cloud-enabled architecture.

This blog will explore what cloud-enabled architecture means for banks, what to look for in an adoption framework, and how major cloud platforms offer tools to enhance security and optimise system performance.

WHAT IS CLOUD-ENABLED ARCHITECTURE?

There are many routes to the cloud, so it’s worth clarifying what we mean by cloud-enabled architecture – and why this method can be so appealing for banks.

Cloud-native is one approach to adopting cloud solutions. It involves using cloud services as the building blocks for new technologies – combining cloud-based microservices to build a new solution or relying on tools like artificial intelligence (AI) and machine learning (ML), which many cloud providers offer as out-of-the-box functions.

While banks may look to cloud-native approaches when designing new services, that won’t always be suitable when dealing with mission-critical legacy systems. In these cases, a cloud-enabled architecture can be more appropriate.

A cloud-enabled approach involves taking a system built for on-premises architectures and hosting it in the cloud – preferably with as few changes to the system as possible. Lift-and-shift approaches to migration are the most common examples of cloud-enabled architecture.

KEY CONCEPTS FOR CLOUD-ENABLED ARCHITECTURE

Simply moving a previously on-premises workload to the cloud is no guarantee of security and performance. But you can apply a few general concepts across workloads and platforms to ensure your cloud-enabled architecture is optimised and secure.

Cloud security principles

Most cloud providers offer tools to help control who has access to systems and data and to ensure bad actors can’t intercept data in transit or at rest.

For access controls, Identity Access Management (IAM) and Role-Based Access Control (RBAC) form the foundation of identity management. IAM controls which users can execute certain actions, while RBAC offers more granular control of how entire user groups use systems. Both play an essential role in securing cloud-enabled architecture.

Data encryption is another key consideration for cloud-enabled security. Whichever cloud provider you work with, you’ll want to assess its credentials around Transport Layer Security, encryption at rest, dynamic data masking, predicate-based filtering, and column- and row-level security.

Another security feature to look out for is the private infrastructure option available on many popular cloud platforms. The largest providers offer direct connections between their data centres and a customer’s premises – bypassing the public internet to provide improved security.

Data optimisation principles 

Moving previously on-premises workloads to faster, more performant cloud architecture often improves performance by default. But there are other things to consider that can further optimise the flow of data across your organisation’s systems.

Unlike fixed on-premises infrastructure, where new instances of a piece of data require costly hardware in another location, cloud data can be easily replicated across different sites to simplify and streamline access.

Similarly, you can quickly deploy extra cloud instances and resources to scale with demand or deploy new features. And if customers who need your data are in the same cloud, there are even potential benefits to having co-located data that can reach customers faster.

And, of course, cloud data instances can be decommissioned just as quickly once you no longer need them – freeing up budget for use elsewhere.

WHAT DOES EACH CLOUD PROVIDER OFFER TO SUPPORT CLOUD-ENABLED USE CASES?

Every major cloud provider offers generous toolsets to help banks deliver a secure and streamlined cloud-enabled architecture. Some of the most well-known cloud providers go even further, offering unique data security and optimisation tools.

Microsoft Azure 

Part of the Azure cloud platform, Microsoft Purview assists with data governance, security, and optimisation in the cloud. It includes four powerful tools:

  1. Data Map can map processes from end to end to improve data discovery and enhance access controls
  2. Data Catalog empowers teams to browse their entire data estate and enrich data with useful business terminology and context
  3. Data Estate Insights offers data governance teams a visual, centralised view of their data to simplify management
  4. Data Sharing delivers a central system for regulating data access and improving controls while streamlining how data is shared with consumers


Amazon Web Services (AWS)

AWS offers several interconnected features to help with data management and security.

Glue Data Catalog is a centralised metadata repository that works with other AWS services to secure and optimise data. It can be used alongside AWS Lake Formation and AWS policies to control data access. When used with CloudTrail, AWS’ service for account governance and compliance, it also provides auditing and logging.

There’s also Amazon Macie, which uses machine learning and pattern matching to identify and secure sensitive data residing in AWS S3 buckets.

Google Cloud Platform (GCP)

GCP also offers a suite of security tools that connect with most of its other data solutions. Cloud DLP (Data Loss Prevention) can discover sensitive data, mask it, and even measure the risk of re-identification in the case of tokenised data.

Google’s cloud suite also includes Dataplex, a centralised service for discovering, managing, and governing data. Dataplex offers a place for centralised control and distributed ownership while unifying distributed data to bridge the gap between silos. It can even let teams manage data lakes, warehouses, and marts through a single tool.

GET THE MOST FROM CLOUD-ENABLED ARCHITECTURE WITH THE RIGHT APPROACH

With so many cloud providers, tools, and migration frameworks, it can be difficult to know which ones are the right fit for your bank and its IT stack. While the proper solution might fit one of the use cases above, it’s worth mentioning that a multi-cloud solution could be the best answer in your case if you need to combine tools offered by different cloud providers.

That’s where a partner like Endava can help. Technology- and platform-agnostic, our experts can give you an unbiased view of which platforms and approaches will deliver maximum value in your cloud-enabled journey. And we have extensive experience in protecting data and designing systems with security and governance in mind.

If you’re looking to make the most of cloud-enabled architecture but have questions about how to get the most out of today’s providers, solutions, and tools, our experts can guide you.

Adriana Calomfirescu

Global Head of Data Delivery

Adriana has 25+ years of progressive leadership experience across the analysis, design, and implementation of information technology and data systems. She’s responsible for identifying technology trends in the data world and ensuring a constant growth of the technical competences in the data discipline, while also providing governance for the Data projects at Endava. Starting with a small, dedicated team of data engineers in 2015, under Adriana’s leadership, the Data Delivery discipline has grown to include over 400 associates in 17 locations across the globe.

 

Related Articles

  • 11 October 2022

    Buy vs. Build in Banking: Which Option is Right for You?

  • 23 August 2022

    5 Ways to Fix Your Data Spine in Banking

  • 31 August 2021

    Personalised Banking: How to Get Ahead of Ever-Changing Client Value Propositions

  • 13 July 2021

    The Transformation Trifecta: Cloud, Digital and Open Banking

  • 05 May 2021

    Artificial Intelligence: Where Does The Real Value Lie?

 

From This Author

  • 26 July 2022

    Is Data Mesh Going to Replace Centralised Repositories?

Most Popular Articles

A legal view on the ownership and future of AI-generated works
 

AI | Hannah McCarthy | 28 March 2023

A legal view on the ownership and future of AI-generated works

Championing Women in Tech
 

The Endava Experience | Lucy Gallagher | 24 March 2023

Championing Women in Tech

5 Ways Capital Markets Firms Can Ensure Resilient Operations to Improve Credibility and Efficiency
 

Business | Thomas Cohen | 23 March 2023

5 Ways Capital Markets Firms Can Ensure Resilient Operations to Improve Credibility and Efficiency

Buenas! I’m Leticia Chajchir
 

Meet the SME | Leticia Chajchir | 15 March 2023

Buenas! I’m Leticia Chajchir

4 Ways to Improve Customers’ E-Commerce Search Experience
 

Next Gen Insights | Satchell Drakes | 14 March 2023

4 Ways to Improve Customers’ E-Commerce Search Experience

4 Healthcare Innovations That Can Benefit People and Profit
 

Innovation | Adrian Sutherland | 28 February 2023

4 Healthcare Innovations That Can Benefit People and Profit

Hey, I’m Lewis Brown
 

Meet the SME | Lewis Brown | 21 February 2023

Hey, I’m Lewis Brown

Top Considerations for Financial Services Providers Entering the Cross-Border Payments Space
 

Payments | Zoya Lieberman, CTP | 17 February 2023

Top Considerations for Financial Services Providers Entering the Cross-Border Payments Space

Better Together: Harnessing the Power of Digital Ecosystems
 

Innovation | Justin Marcucci | 13 February 2023

Better Together: Harnessing the Power of Digital Ecosystems

 

Archive

  • 28 March 2023

    A legal view on the ownership and future of AI-generated works

  • 24 March 2023

    Championing Women in Tech

  • 23 March 2023

    5 Ways Capital Markets Firms Can Ensure Resilient Operations to Improve Credibility and Efficiency

  • 15 March 2023

    Buenas! I’m Leticia Chajchir

  • 14 March 2023

    4 Ways to Improve Customers’ E-Commerce Search Experience

  • 28 February 2023

    4 Healthcare Innovations That Can Benefit People and Profit

  • 21 February 2023

    Hey, I’m Lewis Brown

  • 17 February 2023

    Top Considerations for Financial Services Providers Entering the Cross-Border Payments Space

  • 13 February 2023

    Better Together: Harnessing the Power of Digital Ecosystems

  • 09 February 2023

    What to Include in a Customer Re-Engagement Content Library

  • 07 February 2023

    Supercharging Wealth Management with Hyper-personalisation

  • 02 February 2023

    How Innovating the Insurance Customer Journey Creates a Competitive Advantage

  • 30 January 2023

    G’day, I’m David Marsh

  • 26 January 2023

    Empowering Underwriting and Unlocking Revenue with Legacy Insurance Data Sets

  • 24 January 2023

    Four Stakeholders Who Win the Most When Healthcare Innovates

  • 23 January 2023

    Journey to the Centre of the Cloud with AWS – Part 3

  • 20 January 2023

    Journey to the Centre of the Cloud with AWS – Part 2

  • 18 January 2023

    Journey to the Centre of the Cloud with AWS – Part 1

  • 17 January 2023

    The 4 Most Common Mistakes in Retail Site Design

  • 13 January 2023

    Boost and bolster your innovation. Three tips to help get it to the next level.

  • 10 January 2023

    5 Questions in Smart Energy That Will Define the Net Zero Transition

We are listening

How would you rate your experience with Endava so far?

We would appreciate talking to you about your feedback. Could you share with us your contact details?