« CASE STUDIES

Bankwest: Building cloud native platform

A cloud native platform which enables developers to deliver secure and compliant cloud services quickly and easily.

Tags

Enterprise DevOpsAWSFinancial Services

Date

June 2019

Client

Bankwest

The Client

Bankwest is a wholly owned subsidiary of Australia’s largest bank, CBA.

With a reputation as a challenger brand, Bankwest positions itself as approachable and easy to deal with – relying heavily on digital channels and products such as the new Halo, contactless payment ring.

Business Innovation

In order to defend its market leading position against digital disruptors, Bankwest has invested heavily in technology led innovation. Part of this is creating an environment where small, autonomous teams of developers can deliver value quickly.

To enable this vision, development teams need both functional autonomy and technical autonomy – the ability to deploy the tools and process they need to deliver quickly.

Cloud Native Platform

However, Bankwest exists in a rigid regulatory environment and it must protect its brand while empowering its developers.

The Problem

Bankwest turned to Mechanical Rock to design and build a secure and scalable Cloud Native Platform, where developers could experiment easily and build production quality applications within a well-controlled framework.

The Cloud Native Platform at Bankwest defines a flexible and robust security model which allows developers space to experiment while providing visibility and control over the platform:

  • A self-service catalogue allows developers to simply provision application environments from templates which include baked-in security controls;
  • A partitioned sandbox allows developers to conduct experiments with minimal overhead and bureaucracy;
  • Automated controls prevent excessive costs and ensure regulatory security and compliance needs are met.
Diagram showing icons of people and AWS.AWS secure and scalable Cloud Native Platform

The Solution

Security at Speed

Continuous delivery requires a fundamentally different approach to security and compliance. When your developers work at the speed of thought, you can no longer rely on cumbersome manual processes to keep you safe, your security must be automated.

Using concepts derived from Behaviour Driven Development, the team at MechRock helped Bankwest define a comprehensive security model that was implemented with a combination of AWS native security services and off-the-shelf tools.

Following a DevSecOps model, linting tools are embedded in the development pipeline, preventing vulnerabilities or insecure resources from being deployed.

When coupled with a least-privilege security model, this ensures that developed applications are safe and secure, and it gives the development teams the confidence to experiment in a safe environment.

Diagram outlining the traditional IT security process and the new DevSecOps process with Cloud NativeDevSecOps process with a Cloud Native Platform

Self-Service Development Catalogue

In order to provide developers with a catalog of compliant resources, a pipeline was developed to publish CloudFormation templates for common AWS resources.

Developers can then pick and choose resources to use on their projects, safe in the knowledge that they are compliant with the platform’s best security standards.

When new changes are published via the pipeline, resources that are out of compliance are flagged. It is then up to each dev team to remediate their app to meet the new platform standards.

The platform also uses AWS CloudTrail, AWS Config and custom Lambdas to flag changes to configuration that don’t meet enterprise standards – delivering continuous compliance as code.

The Bankwest Cloud Native Platform provides a developer experience second to none – easy, scalable and safe, it releases development teams to innovate easily & safely in the cloud.

Process to provision resources from the self service development catalogueProcess to provision resources from the self service development catalogue

The Benefits

  • Certificates and other administrative tasks are automated in the platform, removing the overhead from developers and improving operational reliability
  • The use of infrastructure-as-code allows rapid experimentation while reducing overhead costs from under utilised resources (no more idle environments)
  • Behaviour Driven Infrastructure allows ‘dashboard’ visibility of the rules and configuration applied to environments
  • Compliance as Code drives continuous assurance through controls which are applied every time code is committed


THINK WE CAN HELP YOU?

Get in Touch

Reach out to us and a member of our team will be in touch right away.

contact@mechanicalrock.io