Contact us
Contact us

Reducing security and compliance risk for a critical banking platform on AWS

Cloud and security specialists reviewing AWS platform monitoring dashboards for a critical banking environment.

At a glance

An Australian bank needed to reduce security, compliance and operational risk across a critical document storage platform that supports banking services and manages more than 20 TB of sensitive records. Cevo helped the bank move to a supported, maintainable solution, strengthening its security posture, improving audit readiness and maintaining continuity for critical banking services.

Capabilities

Cloud Evolution

Industry

Financial Services

Business challenge

One of Australia’s leading banks relied on a critical document storage and retrieval platform to support important internal and customer-facing banking services. The platform managed more than 20 TB of sensitive records, including financial documents, customer information and application materials.

The platform ran on Amazon EKS and used Kubernetes with an Ingress NGINX controller to manage traffic into the environment. This ingress controller was approaching end of support, which meant it would no longer receive ongoing updates, bug fixes or security patches.

Although the platform would continue to operate, the bank faced increasing risk over time. Unsupported software can expose critical services to unpatched vulnerabilities, make it harder to demonstrate software currency during audits, and increase operational risk when issues cannot be resolved through a supported pathway.

The bank needed to address the issue before it became a larger security, compliance or service continuity problem. It required an experienced AWS partner to assess the Kubernetes environment, identify a supported ingress solution, and deliver the migration safely across critical financial services workloads.

Solution

The bank engaged Cevo to help define and deliver a practical migration path for its critical document storage platform. The priority was to reduce risk without disrupting banking services, creating unnecessary change for application teams or weakening the operational visibility already in place.

Cevo led the assessment, solution design and migration, while also supporting the bank’s internal teams with reusable runbooks and guidance for future adoption.

Assessment and solution selection

Cevo began by assessing the bank’s existing environment, including the platform architecture, ingress configuration, security requirements and operational dependencies. This gave the bank a clear view of its options and supported an informed decision based on risk, supportability, cost, implementation effort and long-term maintainability.

A key consideration was choosing a solution that would fit within the bank’s existing AWS environment and operating model. The replacement ingress platform needed to support the same core traffic management requirements, integrate with existing monitoring and security controls, and provide a clear path for future patching and vulnerability management.

Following the assessment, the bank selected F5 NGINX Ingress Controller as the preferred solution. This aligns with the internal team’s existing skills and configurations, reducing migration complexity while improving confidence in ongoing support and security maintenance.

Migration and delivery

Cevo delivered the migration using a phased and controlled approach to minimise risk and maintain service continuity. Lower-risk environments were migrated first, allowing the team to validate functionality, performance, observability and rollback processes before progressing to production. This helped reduce delivery risk and gave stakeholders confidence that the migration could be completed without disruption to critical services.

The solution continued to run on Amazon EKS and retained integration with existing AWS services, including Elastic Load Balancing, Amazon Route 53 and Amazon CloudWatch. This allowed the bank to strengthen the platform’s supportability while maintaining consistency with its established cloud architecture, security controls and operational practices.

To support adoption beyond the initial migration, Cevo also developed runbooks, migration guidance and reusable patterns for internal teams. These assets helped turn the project from a one-off remediation activity into a repeatable approach for managing similar platform lifecycle risks across the bank.

Outcomes

The migration reduced security, compliance and operational risk across a critical banking platform while maintaining continuity for services that support sensitive customer records and banking processes.

Key outcomes included:

  • Reduced security risk: Removed reliance on unsupported ingress technology, reducing exposure to unpatched vulnerabilities and strengthening the bank’s security posture over time.
  • Improved compliance and audit readiness: Helped the bank maintain supported and maintainable software components, making it easier to demonstrate software currency in audit and assurance activities.
  • Migrated four application platforms: Moved four platforms from unsupported ingress technology to a supported solution, reducing risk across a broader part of the bank’s application environment.
  • Maintained service continuity: Completed the migration without disruption to critical banking services.
  • Strengthened operational resilience: Established a more sustainable foundation for ongoing patching, vulnerability management and lifecycle control.
  • Preserved operational visibility: Maintained existing monitoring, logging and alerting practices, avoiding downstream rework and operational impact for internal teams.
  • Enabled broader adoption: Provided reusable runbooks, migration guidance and standardised patterns to support consistent adoption across other teams.

Enjoyed this customer story?

Share it with your network!

You may also like