Skip directly to search

Skip directly to content

 

How Can Banks Create a Secure, Optimised Cloud-Enabled Architecture?

 
 

Banking | Adriana Calomfirescu |
09 November 2022

This article was co-authored by Pierre Kovacs.

Banking industry leaders sit between a rock and a hard place when it comes to their IT estates. On the one hand, agile fintech start-ups are putting pressure on banks to modernise legacy IT systems and meet rising customer expectations. On the other, strict regulations and increasingly savvy cybercriminals mean data and system security remains paramount.

With the right cloud adoption frameworks and a host of security and optimisation tools from leading cloud providers, technology leaders in banking and capital markets can find the best of both worlds and deliver a secure, optimised cloud-enabled architecture.

This blog will explore what cloud-enabled architecture means for banks, what to look for in an adoption framework, and how major cloud platforms offer tools to enhance security and optimise system performance.

WHAT IS CLOUD-ENABLED ARCHITECTURE?

There are many routes to the cloud, so it’s worth clarifying what we mean by cloud-enabled architecture – and why this method can be so appealing for banks.

Cloud-native is one approach to adopting cloud solutions. It involves using cloud services as the building blocks for new technologies – combining cloud-based microservices to build a new solution or relying on tools like artificial intelligence (AI) and machine learning (ML), which many cloud providers offer as out-of-the-box functions.

While banks may look to cloud-native approaches when designing new services, that won’t always be suitable when dealing with mission-critical legacy systems. In these cases, a cloud-enabled architecture can be more appropriate.

A cloud-enabled approach involves taking a system built for on-premises architectures and hosting it in the cloud – preferably with as few changes to the system as possible. Lift-and-shift approaches to migration are the most common examples of cloud-enabled architecture.

KEY CONCEPTS FOR CLOUD-ENABLED ARCHITECTURE

Simply moving a previously on-premises workload to the cloud is no guarantee of security and performance. But you can apply a few general concepts across workloads and platforms to ensure your cloud-enabled architecture is optimised and secure.

Cloud security principles

Most cloud providers offer tools to help control who has access to systems and data and to ensure bad actors can’t intercept data in transit or at rest.

For access controls, Identity Access Management (IAM) and Role-Based Access Control (RBAC) form the foundation of identity management. IAM controls which users can execute certain actions, while RBAC offers more granular control of how entire user groups use systems. Both play an essential role in securing cloud-enabled architecture.

Data encryption is another key consideration for cloud-enabled security. Whichever cloud provider you work with, you’ll want to assess its credentials around Transport Layer Security, encryption at rest, dynamic data masking, predicate-based filtering, and column- and row-level security.

Another security feature to look out for is the private infrastructure option available on many popular cloud platforms. The largest providers offer direct connections between their data centres and a customer’s premises – bypassing the public internet to provide improved security.

Data optimisation principles 

Moving previously on-premises workloads to faster, more performant cloud architecture often improves performance by default. But there are other things to consider that can further optimise the flow of data across your organisation’s systems.

Unlike fixed on-premises infrastructure, where new instances of a piece of data require costly hardware in another location, cloud data can be easily replicated across different sites to simplify and streamline access.

Similarly, you can quickly deploy extra cloud instances and resources to scale with demand or deploy new features. And if customers who need your data are in the same cloud, there are even potential benefits to having co-located data that can reach customers faster.

And, of course, cloud data instances can be decommissioned just as quickly once you no longer need them – freeing up budget for use elsewhere.

WHAT DOES EACH CLOUD PROVIDER OFFER TO SUPPORT CLOUD-ENABLED USE CASES?

Every major cloud provider offers generous toolsets to help banks deliver a secure and streamlined cloud-enabled architecture. Some of the most well-known cloud providers go even further, offering unique data security and optimisation tools.

Microsoft Azure 

Part of the Azure cloud platform, Microsoft Purview assists with data governance, security, and optimisation in the cloud. It includes four powerful tools:

  1. Data Map can map processes from end to end to improve data discovery and enhance access controls
  2. Data Catalog empowers teams to browse their entire data estate and enrich data with useful business terminology and context
  3. Data Estate Insights offers data governance teams a visual, centralised view of their data to simplify management
  4. Data Sharing delivers a central system for regulating data access and improving controls while streamlining how data is shared with consumers


Amazon Web Services (AWS)

AWS offers several interconnected features to help with data management and security.

Glue Data Catalog is a centralised metadata repository that works with other AWS services to secure and optimise data. It can be used alongside AWS Lake Formation and AWS policies to control data access. When used with CloudTrail, AWS’ service for account governance and compliance, it also provides auditing and logging.

There’s also Amazon Macie, which uses machine learning and pattern matching to identify and secure sensitive data residing in AWS S3 buckets.

Google Cloud Platform (GCP)

GCP also offers a suite of security tools that connect with most of its other data solutions. Cloud DLP (Data Loss Prevention) can discover sensitive data, mask it, and even measure the risk of re-identification in the case of tokenised data.

Google’s cloud suite also includes Dataplex, a centralised service for discovering, managing, and governing data. Dataplex offers a place for centralised control and distributed ownership while unifying distributed data to bridge the gap between silos. It can even let teams manage data lakes, warehouses, and marts through a single tool.

GET THE MOST FROM CLOUD-ENABLED ARCHITECTURE WITH THE RIGHT APPROACH

With so many cloud providers, tools, and migration frameworks, it can be difficult to know which ones are the right fit for your bank and its IT stack. While the proper solution might fit one of the use cases above, it’s worth mentioning that a multi-cloud solution could be the best answer in your case if you need to combine tools offered by different cloud providers.

That’s where a partner like Endava can help. Technology- and platform-agnostic, our experts can give you an unbiased view of which platforms and approaches will deliver maximum value in your cloud-enabled journey. And we have extensive experience in protecting data and designing systems with security and governance in mind.

If you’re looking to make the most of cloud-enabled architecture but have questions about how to get the most out of today’s providers, solutions, and tools, our experts can guide you.

Adriana Calomfirescu

Global Head of Data Delivery

Adriana has 25+ years of progressive leadership experience across the analysis, design, and implementation of information technology and data systems. She’s responsible for identifying technology trends in the data world and ensuring a constant growth of the technical competences in the data discipline, while also providing governance for the Data projects at Endava. Starting with a small, dedicated team of data engineers in 2015, under Adriana’s leadership, the Data Delivery discipline has grown to include over 400 associates in 17 locations across the globe.

 

Related Articles

  • 11 October 2022

    Buy vs. Build in Banking: Which Option is Right for You?

  • 23 August 2022

    5 Ways to Fix Your Data Spine in Banking

  • 31 August 2021

    Personalised Banking: How to Get Ahead of Ever-Changing Client Value Propositions

  • 13 July 2021

    The Transformation Trifecta: Cloud, Digital and Open Banking

  • 05 May 2021

    Artificial Intelligence: Where Does The Real Value Lie?

 

From This Author

  • 26 July 2022

    Is Data Mesh Going to Replace Centralised Repositories?

Most Popular Articles

Current Challenges in the Transportation & Logistics Industry
 

Transportation & Logistics Insights | Brian Estep | 22 March 2022

Current Challenges in the Transportation & Logistics Industry

4 Buy Now Pay Later Trends Set to Disrupt the Industry
 

Payments | Annmarie Mahabir | 22 February 2022

4 Buy Now Pay Later Trends Set to Disrupt the Industry

How Tech is Changing Sports Betting for the Better
 

Innovation | Andy Davies | 18 November 2022

How Tech is Changing Sports Betting for the Better

5 Things We Learned at World Aviation Festival 2022
 

Mobility | Vojin Rakonjac | 23 November 2022

5 Things We Learned at World Aviation Festival 2022

Cyber Security Incidents in Australia Highlight the Need for a Balance Between Risk and Innovation
 

Payments | David Marsh | 23 November 2022

Cyber Security Incidents in Australia Highlight the Need for a Balance Between Risk and Innovation

The Era of Ecosystems and the Rise of Open Insurance
 

Insurance Insights | Robert Anderson | 22 November 2022

The Era of Ecosystems and the Rise of Open Insurance

Top Challenges in Warehouse and Distribution Centers
 

Transportation & Logistics Insights | Brian Estep | 01 March 2022

Top Challenges in Warehouse and Distribution Centers

Staying relevant in the buoyant cross-border payments market
 

Payments | Peter Theunis | 15 November 2022

Staying relevant in the buoyant cross-border payments market

How the Board Game Catan Conquered the Digital World
 

Innovation | Moritz Hampel | 27 July 2021

How the Board Game Catan Conquered the Digital World

 

Archive

  • 23 November 2022

    5 Things We Learned at World Aviation Festival 2022

  • 23 November 2022

    Cyber Security Incidents in Australia Highlight the Need for a Balance Between Risk and Innovation

  • 22 November 2022

    The Era of Ecosystems and the Rise of Open Insurance

  • 18 November 2022

    How Tech is Changing Sports Betting for the Better

  • 16 November 2022

    4 Ways Insurers Can Leverage Technology to Differentiate Themselves

  • 16 November 2022

    The future of banking in the Nordics – being digital and personal

  • 15 November 2022

    Staying relevant in the buoyant cross-border payments market

  • 15 November 2022

    3 Experts’ Insights on the Complicated Relationship Between Fintechs and Banks

  • 09 November 2022

    How Can Banks Create a Secure, Optimised Cloud-Enabled Architecture?

  • 08 November 2022

    Tech is Good for You: How Wearable Edge Devices Changed Healthcare

  • 01 November 2022

    How Microservices Can Upgrade the Customer Experience

  • 25 October 2022

    How Technology Can Help Monitor the Circular Economy

  • 18 October 2022

    Why it’s time for banks to let go of legacy IT

  • 11 October 2022

    Buy vs. Build in Banking: Which Option is Right for You?

  • 04 October 2022

    The Rise of Super Apps: How Banks Can Compete

  • 27 September 2022

    AI Art in Game Production – an XDS 2022 Table Discussion

  • 20 September 2022

    Payments Data Monetisation is Key to Driving Sustainable Growth

  • 13 September 2022

    Navigating the Healthcare Ecosystem

  • 30 August 2022

    hey y’all! I’m Ashley Grant

  • 23 August 2022

    5 Ways to Fix Your Data Spine in Banking

  • 16 August 2022

    De-risking Digitalisation

  • 09 August 2022

    hi, I’m Brian Estep

  • 02 August 2022

    hey! I’m Lia Rollman

  • 19 July 2022

    The New Ways of Issuing Cards

  • 12 July 2022

    Scores on the Door: Rating Autonomous Vehicles

  • 06 July 2022

    Data-Driven Impact: Don’t Settle for Less

  • 06 July 2022

    We’re in Nottingham – a Q&A on Endava’s New Delivery Centre in the UK

  • 05 July 2022

    hey, I’m Chris Hart

  • 28 June 2022

    Platforms: a Blessing or a Curse?

  • 23 June 2022

    A Payments View on Marketplaces – How to Be(come) Successful

  • 21 June 2022

    Intelligent Commercial Underwriting

  • 14 June 2022

    The Future of Supply Chain: What’s Next?

  • 31 May 2022

    The Future of Autonomous Vehicles in T&L

  • 26 May 2022

    hello! I’m Hannah McCarthy

  • 24 May 2022

    Going Native: Why Cloud-Native Services are Essential

  • 19 May 2022

    How to Tackle Legacy – Breaking Down Walls Between Change and Run

  • 17 May 2022

    Advantages of a Yard Management System

  • 12 May 2022

    Are Phones About to Become the New POS Terminals?

  • 10 May 2022

    The Digital Economy is an Upgrade of Smart Cities and Communities

  • 05 May 2022

    hello! I’m Sumita Davé

  • 03 May 2022

    Physical Automation in the T&L Industry

  • 28 April 2022

    zdravo! I’m Andrej Kotar

  • 26 April 2022

    Open Banking in the US

  • 20 April 2022

    hello! I’m Paul Maguire

  • 19 April 2022

    Digital Automation in the T&L Industry

  • 12 April 2022

    How Do Banks Embrace Embedded Finance – Have the Fintechs Already Won?

  • 06 April 2022

    ESG Data Architecture is a Business Imperative – How to Get Started

  • 05 April 2022

    hi! I am Roy Murphy

  • 05 April 2022

    Modernizing the Shipping and Cargo Process

  • 30 March 2022

    The Metaverse Evolution and Learning from the Games Industry

  • 29 March 2022

    Do Androids Dream of Trading Electric Sheep for Digital Wood? An Introduction to Automated Game Design

  • 23 March 2022

    Real-Time Payments in Australia – Why Corporates Should Get on Board

  • 22 March 2022

    Current Challenges in the Transportation & Logistics Industry

  • 16 March 2022

    bok! I’m Sanja Cvetkovic

  • 15 March 2022

    Rapidly Transforming: Healthtech Trends in 2022

  • 08 March 2022

    How to Digitize Warehouses and Distribution Centers

  • 01 March 2022

    Top Challenges in Warehouse and Distribution Centers

  • 28 February 2022

    Tackling CIB Legacy at its Core

  • 23 February 2022

    salut! I am Isabela Buhai

  • 22 February 2022

    4 Buy Now Pay Later Trends Set to Disrupt the Industry

  • 15 February 2022

    salut! I’m Natalia Ciobanu

  • 14 February 2022

    Product-Led Innovation – a Q&A with Joe Dunleavy

  • 01 February 2022

    Buy Now Pay Later: Will Regulation Burst the Bubble?

  • 31 January 2022

    Innovation Will Spur Ireland’s Race to the Top

  • 28 January 2022

    The Value of Digital and Automation in the Product Returns Process

  • 26 January 2022

    Virtually Disrupted? Keeping Pace with Accelerating Customer Expectations

  • 19 January 2022

    The 3 Big Ps in Modern Insurance: Personalisation, Prediction and Prevention

  • 18 January 2022

    An Introduction to Mobility as a Service in the US

  • 12 January 2022

    Buy or Build? A Game-Changing Question in Insurance

  • 12 January 2022

    hello! I’m Paul Willoughby

  • 11 January 2022

    Payment Service Providers 2.0

  • $name

We are listening

How would you rate your experience with Endava so far?

We would appreciate talking to you about your feedback. Could you share with us your contact details?