Managing Security in Multi-Cloud Banking
Key Points
- Demo Bank started with a traditional, data‑center‑bound mobile banking app, which gave its IT team full visibility over security and compliance.
- To modernize, the bank refactored the app into microservices, gaining faster development cycles, component independence, and the ability to move workloads to public clouds.
- A new virtual‑assistant microservice was added that consumes AI, weather, and traffic APIs from public‑cloud providers, enriching the user experience but extending the attack surface beyond the secured data center.
- Operations flagged the resulting multi‑cloud exposure as a compliance and brand‑risk issue, highlighting the need for comprehensive security controls that span on‑premises and public‑cloud environments.
Sections
- Multi-Cloud Security Journey - The passage outlines how a fictitious bank transitions its mobile app to a microservices‑based, multi‑cloud architecture while addressing security and compliance challenges.
- Unified Multi‑Cloud Governance Solution - The speaker outlines how a single central control plane can enforce compliance policies across both on‑premise and cloud applications, ensuring IT operations, developers, and executives are satisfied while mitigating data‑loss risks.
Full Transcript
# Managing Security in Multi-Cloud Banking **Source:** [https://www.youtube.com/watch?v=BcV5wHyMhfs](https://www.youtube.com/watch?v=BcV5wHyMhfs) **Duration:** 00:04:18 ## Summary - Demo Bank started with a traditional, data‑center‑bound mobile banking app, which gave its IT team full visibility over security and compliance. - To modernize, the bank refactored the app into microservices, gaining faster development cycles, component independence, and the ability to move workloads to public clouds. - A new virtual‑assistant microservice was added that consumes AI, weather, and traffic APIs from public‑cloud providers, enriching the user experience but extending the attack surface beyond the secured data center. - Operations flagged the resulting multi‑cloud exposure as a compliance and brand‑risk issue, highlighting the need for comprehensive security controls that span on‑premises and public‑cloud environments. ## Sections - [00:00:00](https://www.youtube.com/watch?v=BcV5wHyMhfs&t=0s) **Multi-Cloud Security Journey** - The passage outlines how a fictitious bank transitions its mobile app to a microservices‑based, multi‑cloud architecture while addressing security and compliance challenges. - [00:03:09](https://www.youtube.com/watch?v=BcV5wHyMhfs&t=189s) **Unified Multi‑Cloud Governance Solution** - The speaker outlines how a single central control plane can enforce compliance policies across both on‑premise and cloud applications, ensuring IT operations, developers, and executives are satisfied while mitigating data‑loss risks. ## Full Transcript
How do you handle security in a multi-cloud world?
Many companies today
are moving some or all of their application topologies to the public cloud,
which leaves them with a multi-cloud environment that they need to manage.
And this introduces a number of risks
when it comes to handling challenges around security and compliance.
Let's took a take a look at an example of a fictitious company,
a bank called Demo Bank,
and how they handled this journey to multi-cloud
while maintaining the security and compliance they needed
to keep their customer's data safe.
So let's start at the beginning.
Demo Bank has a mobile application
that allows their clients to check their balances
and transfer money between accounts
and do all the things that most people can do on mobile banking applications.
Their customers are reasonably happy,
and they're providing industry standard capabilities for a mobile application.
Their IT operations team is pretty happy as well because,
since all of their components are running inside their data center,
they're easily able to monitor the security and compliance of the entire architecture.
But Demo Bank wants to modernize.
They want to give themselves the ability
to take advantage in the future of public cloud services
and add new capabilities to their application.
So the first thing they do
is they move their application to microservices,
and what microservices does, it allows them to decompose their application into smaller components,
which gives them advantages because they can be developed quicker
and independent of each other,
and they can also be portable
and move potentially to a public cloud should the company wish to do that.
So, once they've gone through this transformation,
their customers are in about the same spot as they were before.
The application is exactly as it was before.
The IT Operations team is happy.
They still have a security compliance view that covers the entire data center.
All the components are inside the data center.
But Demo Bank isn't done.
Their modernization journey takes them to adding a new microservice,
a virtual assistant.
This virtual assistant will connect to services in the public cloud.
In the public cloud, they'll take advantage of artificial intelligence services,
weather services,
and traffic services
to provide their clients with the closest ATM to them
and updates on whether that impending snowstorm is going to close their branch office
in the next couple of days.
This, of course, makes their end users very happy.
It makes their developers very happy
because they get to take advantage of new cloud services
and build them into their application.
Operations, on the other hand, has some concerns.
By opening up this connection to public cloud services,
we've now exposed potential risk to secure client data
in the system of record out to public cloud services.
This can expose Demo Bank to things that could tarnish their brand,
could cause them to lose customers and lose shareholder value.
So what's the solution?
They need to bring in a single central control plane
that allows them to put compliance policies
across all of their application components,
both on-premise and in the cloud,
that lets IT Operations check the box,
be happy that they have security and compliance
in the same way that they did
when they were managing the application on-premise.
So, at the end of the day,
when you add a multi-cloud environment
plus a control plane for governance and security,
your developers get to have their cake,
and your CEO gets to eat it too
when it comes to new clients
and not ending up on the front page of the Wall Street Journal for losing your customer data.
Thank you for watching this video.
To learn more, check out the next video in the series
where you can learn how the IBM Cloud Pak for Multicloud Management
can help you with all of your multi-cloud governance, risk, and security needs.