Cloud Native Niche Bank
Background
Our client, a nation-wide niche bank specialised in customer financing solutions, has over a period of 20 years undertaken significant business development and expanded its digital footprint to support new services for their customers. The business needs have been met with an aging and diverging IT-environment that requires managing data coming from many different teams, tools, and locations within the company as well as from the outside. The goal of the cloud transformation project is to be able to run in a hybrid solution with public cloud coupled with on-prem resources, with new services and resources deployed in the cloud.
Creating a cloud operating model and empowering development teams to work with the cloud platform proved a difficulty. Specifically, setting up the account structure, networks and connections between cloud resources and resources in the on-prem environment. Being a bank, the client has strict regulatory requirements and needs to maintain high security standards, making sure any solution they decide on must be correctly configured, secure, and monitored. The client's SOC (Security Operations Center) should be automatically notified of any breaches and/or security misconfigurations.
Omegapoint was engaged by the client to support the development teams with guides on how best to utilise AWS Services, common tools usage, and design patterns. Development teams should have a straightforward way to develop, maintain, and keep their applications operational and secure.
Managing the migration
A prerequisite for the migration was to ensure sure that the strict security and compliance requirements of a bank are met and continuously monitored. To reach this, Omegapoint has set up an AWS Control Tower secure landing zone consisting of segregation-of-duties-based AWS accounts with AWS-native security controls using AWS Security Hub. Additionally, a centralized, secure network connected to existing on-premise locations was required, which was realized with Amazon VPC, AWS Direct Connect, and AWS Site-to-Site VPN. Once these pieces were in place, the application workload migration could be executed.
Application accounts are segmented by workload and environment and connected to the central network through AWS RAM. Application logs are copied and shipped to a separate account for safekeeping. Security is centralized with AWS Security Hub, Amazon Macie, and AWS Config connected to the SOC. Access to application accounts is granted via AWS IAM Identity Center, connected to Active Directory.
Assisting the development teams to migrate and become fast-paced in their new cloud environment, Omegapoint worked with developers on awareness and education around the account structure, cloud architecture, and self-service component provisioning with AWS CDK, as well as mentoring and supporting the development teams to become proficient in the new environment.
Omegapoint continues to man the cloud operations team and participates in the strategic governance of the platform.
Ready to innovate
The client now operates an AWS environment that meets the strict requirements of the Financial Supervision Authority. Migration of the workloads into the cloud was done seamlessly with zero downtime. With the security solutions, governance, and processes put in place by Omegapoint, the client can be confident in letting fast-paced development teams employ modern ways of working and a Secure Development Lifecycle (SDLC) in the cloud environment.
AWS Control Tower
AWS Organizations
AWS Security Hub
Amazon Macie
AWS Config
Amazon S3
Amazon CloudWatch
Amazon VPC
AWS RAM
Amazon EventBridge
AWS Lambda
AWS IAM
AWS IAM Identity Center
AWS Cloud Trail
AWS Transit Gateway
AWS NAT Gateway
AWS Network Firewall
Amazon Elastic Load Balancer
AWS PrivateLink VPC Endpoints
Amazon Route 53
AWS CDK
Amazon SQS
Powered by
About Omegapoint
Founded in 2001, Omegapoint is a leading expert in cybersecurity and cybersecure digitalisation. We are currently an Advanced Tier Consulting Partner with AWS which we first joined in 2012, early on recognizing the significance of the cloud and the monumental changes it would bring to the industry.
Omegapoint consists of a group of sharp and kind consultants who share a passion for development in general and security in particular. We are proud to call ourselves a learning company, built on a culture of constant improvement and furthering of skills. With a watchful eye on industry developments and the privilege of highly experienced colleagues, we take pride in our ability to offer our clients a complete portfolio of services for cloud and AWS, structured around three pillars: cloud advisory, cloud implementation, and cloud life cycle management. With over 1 000 employees and offices in Sweden, Norway and Denmark, we are well positioned to help customers in the whole of the Nordic region.