International Bank Securely Scales Customer-Facing Cloud Service with Anjuna
- Enhanced customer digital experience, reducing the risk of churn
- Improved regulatory compliance for protecting customer data
- Reduced mainframe transaction costs
- Gained control over sensitive data in the cloud
- Established blueprint for future cloud migrations
Background
A multinational bank headquartered in London experienced significant growth in its customer-facing digital services during the pandemic as more customers opted to bank online. However, this growth, coupled with new cloud applications, strained the bank's systems, resulting in high latency, degraded customer experience that could lead to churn, and growing mainframe transaction costs.
Challenges
The bank's customer-facing digital system was a hybrid system that had already partially moved to the cloud. However, to scale better and handle increased customer load, the bank needed to move more components, including the operational data store (ODS) which is used to offload transactions from the mainframe into a MongoDB database. This would provide scalability, agility, and cost savings. However, for a long time, the bank was unable to embark on this part of the project due to concerns over data protection and regulatory compliance. Specifically, protecting data-in-use and avoiding having keys and personally identifiable information (PII) in cleartext in the cloud were critical internal security policies that needed to be addressed before leveraging the cloud fully. This hindered the bank's ability to use the cloud in its existing state.
Solution
To overcome the bank's security concerns regarding data protection and regulatory compliance, the bank needed a solution that would enable them to securely operate its ODS layer in the cloud while safeguarding sensitive data during processing. Anjuna was selected as the solution due to its straightforward Confidential Computing approach that does not require modifications to the bank's existing applications. Using Anjuna, the bank migrated its ODS layer to a confidential environment in the cloud based on AWS Nitro Enclaves, allowing them to achieve the elasticity they required to scale this part of the architecture, safeguard PII and keys inside the isolation of the secure enclaves, and complete the implementation without making changes to its applications, resulting in a fast time to security and value.
In the new architecture, sensitive data is initially encrypted within the data center using an encryption key managed by AWS Key Management System (KMS). The encrypted data is then synced to MongoDB, the caching layer in the cloud. The ODS layer, which is secured in AWS Nitro Enclaves using Anjuna, retrieves the encrypted data from MongoDB and decrypts it using a key from AWS KMS. Anjuna's attestation feature ensures that only legitimate ODS instances operating in AWS Nitro Enclaves can decrypt the data from MongoDB, guaranteeing the protection of customer PII. This secure infrastructure prevents any attackers, rogue insiders, or cloud provider admins from accessing and exfiltrating data and encryption keys from memory, ensuring robust data protection for the bank's customer-facing digital system.
"With Anjuna, we were not only able to move to the cloud while protecting customer data, but we could also do it in a fraction of the time and a fraction of the operating costs. An absolute game-changer that helped us stay on top of our cloud-first mandate." - CIO, Large International Bank
Results
By leveraging Anjuna Confidential Computing Platform, the bank achieved several outcomes that improved its operations and customer experience:
- Enhanced customer digital experience: The bank's customers no longer experience delays in checking their account balances and making transactions, improving satisfaction and reducing the risk of churn.
- Improved regulatory compliance: The bank can now meet regulatory requirements and internal security policies for protecting data in use when running workloads in the cloud.
- Reduced mainframe transaction costs: The ODS layer's caching of mainframe data resulted in fewer transactions against the mainframe, leading to lower costs.
- Greater control over sensitive data in the cloud: The bank can benefit from using the cloud with the assurance that its sensitive data is secured, even in the case of a cloud infrastructure breach.
- Blueprint for future cloud migrations: The successful migration of the ODS layer to the cloud with Anjuna's solution has provided the bank with a repeatable pattern for migrating other applications to the cloud and protecting new ones directly in the cloud.