Learn how SoftServe modified the platform to meet regulatory guidelines for a bank’s migration to a public cloud.
Your data workloads are becoming more complex and need to be managed in the cloud. However, in the finance sector, you need to be extra cautious with sensitive data when migrating to a public cloud platform such as Google Cloud’s Data Science PaaS.
Tweaking the platform to enhance security and encryption allows your organization to benefit from cloud-based data management while maintaining regulatory compliance.
The client
Our client, one of the largest custodian banks in the world, collects a massive amount of data and needed to migrate to the cloud to manage large, complex workloads.
The bank wanted to use Google Cloud’s Data Science PaaS as a platform to manage data and execute data workloads that would allow users to harness the power of their data. This would mark the bank’s first public cloud instance on GCP, and the team needed to ensure the solution is compliant with regulatory frameworks.
The challenge
Migration included setting up Google Cloud data infrastructure, building predictive models and machine learning algorithms in the bank’s perimeter, generating information and insights from data sets, and identifying trends and patterns. In the process, SoftServe discovered that:
- Google Cloud Identity Platform needed to be enhanced for compliance
- The lockdown process prevented simultaneous end-user access to multiple labs
- Policy-based access control was unable to govern permissions according to regulations
The solution
Using an infrastructure-as-code (IaC) approach in the Terraform Enterprise environment, SoftServe developed GitLab pipelines with additional security check-ins to extend current deployment functionality without significant architecture changes.
The team delivered an automated infrastructure on the cloud that serves as the heart of the bank’s data management system. The framework includes:
- Cloud security health checks
- Policy-as-code enforcement
- Encryption of data in flight and at rest based on compliance framework
- Vulnerability management
- Threat detection
The outcome
The solution improved security control with appropriate delegation of rights and increased flexibility in resource configuration and footprint. This ensures optimal performance, reduces costs, and improves scalability when designing and deploying data systems and applications. Data science teams can now get the required resources in a matter of hours rather than waiting weeks.
The platform was integrated with the client’s self-service portal to further reduce operational costs.
After the conclusion of the six-month project, SoftServe continues to support the GCP platform and assess other ways the bank can improve the ways in which it utilizes its data.
LET’S TALK about how SoftServe can customize your data management to foster collaboration and increase operational efficiency.
Tech stack
- HashiCorp Terraform Enterprise
- HashiCorp Vault
- GitLab
- Google Cloud Security Command Center
- Google BigQuery
- Google Cloud Storage
- Vertex AI Workbench
- Vertex AI
- CloudDNS
- Cloud Operations
- Cloud IAM
- Cloud Secret Manager
- Cloud KMS
- Artifact Registry