Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Xinja Bank: AWS Journey


Published on

  • Be the first to comment

  • Be the first to like this

Xinja Bank: AWS Journey

  1. 1. 1
  2. 2. XINJABANKLTD2019 2 Xinja Bank: AWS Journey Greg Steel - CIO AWS Taiwan October 2019
  3. 3. XINJABANKLTD2019 3 Xinja is an independent, 100% digital ‘neobank’. Designed for mobile. Made for people.
  4. 4. XINJABANKLTD2019 4 1. No dickheads… However good they may be. No dress code, but sometimes you need to look smart :-). No power trips because of a hierarchy. Intellect, customer experience and implementation is all that matters. 2. Everything is in the cloud. 3. We use real-time data to evaluate our business and we reward staff on a quarterly basis with an entirely discretionary profit share. No one gets a share of the profit if our investors aren’t making money and our customers aren’t happy. 4. We are here to make money, that’s why we exist, and we don’t screw people over to do it. We don’t lie to our clients in person or in marketing. We don’t engage in immoral lending; if our grandmother would think it was wrong, then it is. We aim to make lots of money ethically and we are proud of it. 5. No one is entitled to work at Xinja. It is a huge honour to represent people’s hopes of a new bank and we earn that honour every day. Xinja’s 10 Golden Rules
  5. 5. XINJABANKLTD2019 5 6. We look after our people bloody well. We stand by them if they are in genuine need. 7. We are truthful and direct with each other. Everyone says what they think in a robust, challenging, edgy environment. That means we won’t be the right place for everyone to work, and that’s ok. 8. We only hire people better than us. We never, ever settle because we need a body. We do psychometric testing to get the best people, every time. 9. About half our team, executive and board will be female, if they aren’t we aren’t recruiting the best people. We actively seek all types of diversity combined with brilliance. 10. If you discriminate against someone because of who they love/sleep with, you’re a dickhead… Please see rule 1. Xinja’s 10 Golden Rules
  6. 6. XINJABANKLTD2019 6 Xinja approach
  7. 7. XINJABANKLTD2019 7 Principle: Xinja is building a new bank to help customers do better Fact: Cloud is the answer for modernisation, security, agility & cost Xinja unleashes the power of our technology suppliers like AWS
  8. 8. XINJABANKLTD2019 8 Xinja Overview ● Composed from many world-class, modern, cloud- based services ● Xinja Services layer is an event-based microservices architecture that provides integration between all services, and is where we innovate ● Xinja Data layer is where we aggregate all data and deploy a range of data pipelines 8
  9. 9. XINJABANKLTD2019 9 Why Cloud? ● Cost! Try building a new Bank in a Datacentre! The people-costs alone would be devastating. Time factors would be unworkable. ● Skillsets. Traditional build requires Infrastructure Architects, Network Architects, Security Architects, engineers, contracts, many suppliers, etc. At Xinja this was all done by one architect, 2 devops staff, and help from key suppliers ● Agility. We did not know what the end-state would look like, we built our infrastructure, networks and security through trial and error (and loads of testing). You simply cannot do this with traditional infrastructure ● Automation. On the Cloud everything can be automated. Automation collateral is managed like source code, it captures design, configuration and knowledge. We automate everything!
  10. 10. XINJABANKLTD2019 10 Why AWS? At Xinja we prioritised Speed-to-market, Security and Quality. We chose to embrace AWS, taking full advantage of sophisticated services that provide: ● Great outcomes especially when services are used the way they are designed to be used - AWS Best Practices are Gold ● Strong Information Security Xinja has been able to satisfy the Australian Regulator’s latest Cyber Security standard CPS-234 We have also deployed a fully PCI-compliant solution using low-cost serverless infrastructure ● Agility, Scalability and Robustness Allowed us to meet unknown challenges
  11. 11. XINJABANKLTD2019 11 AWS Services that Xinja uses
  12. 12. XINJABANKLTD2019 12 AWS Services Used ● VPCs, Subnets, Security Groups, NACLs, Peering. We also overlay our AWS network with Aviatrix Gateways for VPN and enhanced Peering ● EC2 and DynamoDB to build Kubernetes and Kafka clusters plus utility services. Moving to Confluent (hosted Kafka) and EKS. ● Data Pipelines used to provide backup/recovery for Kafka and DynamoDB ● S3 and EC2 for SFTP Gateway, moving to Transfer ● Direct Connect to a Virtual Router service in Equinix to give us connectivity to the world ● Workspaces for our Virtual Desktop Infrastructure ● S3, Glue, Athena, QuickSight for Datalake, ETL, Data warehouse and BI. Experimenting with Machine Learning ● Trusted Adviser, Config, CloudWatch, etc to provide monitoring information
  13. 13. XINJABANKLTD2019 13 Xinja’s innovation and business differentiation supported by AWS
  14. 14. XINJABANKLTD2019 14 Innovation Goals ● Event-driven microservices banking architecture ○ Kafka clusters built scalable on EC2 supporting Event Sourcing pattern ○ EKS providing simple, robust, scalable container deployment ○ DynamoDB, a NoSQL DBaaS providing resilience, backup/recovery ● Artificial Intelligence to help customers ○ Data services built with EKS and DynamoDB provide highly available data to support AI platforms ○ Machine Learning used to understand customers and support insights ○ Support Gamification of customer engagement to help customers do better ○ Support chat-based interaction using bots and humans
  15. 15. XINJABANKLTD2019 15 Innovation Goals ● Agile Data Pipelines ○ Xinja logs every raw Event to S3 Datalake. AWS Glue is used to transform data into consumable form for reporting and analytics ○ Athena and Redshift used for Data Warehouse ○ Automated deployment tools (Cloud Formations and Terraform) used to rapidly modify and evolve Data Pipelines ○ Glacier used to offload Datalake for long-term storage of events ○ Rapid deployment of Dashboards and Analytics via QuickSight
  16. 16. XINJABANKLTD2019 16 Information Security, Assurance and Compliance
  17. 17. XINJABANKLTD2019 17 Banking Regulation is a large, demanding landscape of Standards, Guidance and Legislation Xinja develops comprehensive Policies, Procedures and Guidelines, overseen by strong Governance Cyber-Security Controls are implemented to protect Customers and Xinja BankingStandardsandGuidance Legislation Xinja Policies, Procedures and Guidelines Controls
  18. 18. XINJABANKLTD2019 18 Security and Assurance ● Standards ○ The Australian Prudential Regulation Authority (APRA) is an independent statutory authority that supervises institutions across banking, insurance and superannuation. APRA have established standards for Risk, Outsourcing, Business Continuity and Information Security, along with detailed guidance ○ Australian Privacy Act 1988 ○ Payment Card Industry Data Security Standard ● Cyber Security Strategy ○ Xinja uses a NIST-based framework to define target maturity across a wide range of Information Security control domains ○ Key control domains for which Xinja relies on AWS service support and integration include Network Security, Host Protection, Data Loss Protection, IAM, Operations and Security Monitoring
  19. 19. XINJABANKLTD2019 19 How AWS supports Xinja’s Security Strategy ● AWS Shared Responsibility Model provides comprehensive Assurance for all relevant security standards across AWS Services ● AWS Assurance program provides evidence of the design and effectiveness of controls baked in to AWS services ● AWS Best Practices and SOC Reports on AWS Artifact provide guidance for customer usage of services to provide optimum outcomes ● AWS Trusted Adviser continually monitors best practice alignment ● AWS Config custom rules validate services are used properly ● Xinja conduct regular reviews against the AWS Well-Architected Framework, engages AWS partners such as Itoc
  20. 20. XINJABANKLTD2019 20 Questions