Background

Our client, a nation-wide niche bank specialised in customer financing solutions, has over a period of 20 years undertaken significant business development and expanded its digital footprint to support new services for their customers. The business needs have been met with an aging and diverging IT-environment that requires managing data coming from many different teams, tools, and locations within the company as well as from the outside. The goal of the cloud transformation project is to be able to run in a hybrid solution with public cloud coupled with on-prem resources, with new services and resources deployed in the cloud.

Creating a cloud operating model and empowering development teams to work with the cloud platform proved a difficulty. Specifically, setting up the account structure, networks and connections between cloud resources and resources in the on-prem environment. Being a bank, the client has strict regulatory requirements and needs to maintain high security standards, making sure any solution they decide on must be correctly configured, secure, and monitored. The client's SOC (Security Operations Center) should be automatically notified of any breaches and/or security misconfigurations.

Omegapoint was engaged by the client to support the development teams with guides on how best to utilise AWS Services, common tools usage, and design patterns. Development teams should have a straightforward way to develop, maintain, and keep their applications operational and secure.

Managing the migration

A prerequisite for the migration was to ensure sure that the strict security and compliance requirements of a bank are met and continuously monitored. To reach this, Omegapoint has set up an AWS Control Tower secure landing zone consisting of segregation-of-duties-based AWS accounts with AWS-native security controls using AWS Security Hub. Additionally, a centralized, secure network connected to existing on-premise locations was required, which was realized with Amazon VPC, AWS Direct Connect, and AWS Site-to-Site VPN. Once these pieces were in place, the application workload migration could be executed.

Application accounts are segmented by workload and environment and connected to the central network through AWS RAM. Application logs are copied and shipped to a separate account for safekeeping. Security is centralized with AWS Security Hub, Amazon Macie, and AWS Config connected to the SOC. Access to application accounts is granted via AWS IAM Identity Center, connected to Active Directory.

Assisting the development teams to migrate and become fast-paced in their new cloud environment, Omegapoint worked with developers on awareness and education around the account structure, cloud architecture, and self-service component provisioning with AWS CDK, as well as mentoring and supporting the development teams to become proficient in the new environment.

Omegapoint continues to man the cloud operations team and participates in the strategic governance of the platform.

Ready to innovate

The client now operates an AWS environment that meets the strict requirements of the Financial Supervision Authority. Migration of the workloads into the cloud was done seamlessly with zero downtime. With the security solutions, governance, and processes put in place by Omegapoint, the client can be confident in letting fast-paced development teams employ modern ways of working and a Secure Development Lifecycle (SDLC) in the cloud environment.

Powered by