Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Mammoths Stumping in the Cloud Era: Meeting EU Regulations by Being Cloud Native and Cloud Agnostic

Mammoths Stumping in the Cloud Era: Meeting EU Regulations by Being Cloud Native and Cloud Agnostic

This item in japanese

Financial institutions are well known for their conservative approach in multiple areas, and technology is no exception. Many of them are still running mainframe solutions built a long time ago. But together with the times, the banks are changing too: at KubeCon EU mBank, a Polish bank, showed how it managed to marry Cloud Native and Cloud Agnostic principles to also satisfy the EU regulation in the field.

Even more than other sectors, the European financial sector is a highly regulated field. The industry relies on the strict regulations of various organizations like The European Banking Authority (EBA), The European Insurance and Occupational Pensions Authority (EIOPA), and The European Securities and Markets Authority (ESMA). Extracting the gist of their recommendations, they focus on five key areas:

  • Data and systems security
  • Location and processing of data
  • RIsk assessment 
  • Access and audit rights
  • Exit strategies from cloud outsourcing arrangement without business operation disruption

While cloud native technologies provide the means through which the organizations can build and run scalable and resilient applications in the cloud, a cloud-agnostic approach to delivering software is focused on the independence of the application from the underlying type of cloud or cloud provider. This can allow applications to be moved between clouds or even run on multiple clouds at the same time. The intersection of cloud native and cloud-agnostic enables financial businesses to deliver robust, scalable systems that also satisfy regulations.

A layered cloud native reference architecture is shown below. This aims to provide clear guidelines that allow engineers to deliver cloud agnostic systems.

Starting at the microservice level, the organization must ensure that small teams build autonomous services within the boundaries of the domain context, allowing them to be developed and deployed independently. The composition of multiple microservices allows the formation of a more resilient application. A strong emphasis needs to be made on the self-containing data layer in the microservice as well. 

Infrastructure as Code provides the mechanisms through which teams can obtain the abstraction level needed to keep them independent from the cloud that will ultimately be used for deployment purposes. By using products following the guidelines of the Cloud Native Computing Foundation (CNCF), engineers can ensure that their services remain agnostic and could provide the right mechanism to be able to build an appropriate exit strategy. As the following diagram shows, there are multiple options in each of the needed categories.

Even though it seems that the financial mammoths are still far away from the benefits of modern cloud native software, they are taking steps toward the cloud while still keeping the regulation in mind. Starting from a cloud center of excellence, mBank created a cross-discipline team that continues to drive cultural change towards open source adoption for building cloud native skills. In order to ensure that it is possible to meet the regulations, clear standards are created and promoted, always keeping the "automate first" strategy in mind.

About the Author

Rate this Article