Going digital with DevOps
A strong and innovative financial services sector is essential for emerging economies around the world to take the next step in their development. In South Africa, Nedbank Group is among a small handful of institutions leading the country’s charge into the digital age. One of the country’s four largest banks, Nedbank initiated a cloud-first strategy in 2019, with the goal of bringing all its workloads to the cloud for greater efficiency, cost effectiveness, and security. The shift also ushered in the bank’s transition to a DevOps philosophy aimed at getting new financial products and services such as Rapid Payments — the company’s first foray into real-time payments — to market faster and gaining a first-mover advantage in a yet-untapped market. “Our organization has 25,000 people and only 20% of them work in IT,” says Freddy Ambani, Nedbank’s Head of Cloud Operations. “With so many new projects and enhancements ongoing while we’re still in the middle of a massive cloud migration, we realized very quickly relying on a central team to set up all the infrastructure by themselves would take forever and just wasn’t workable.”
Overcoming marketplace pressures to be a first-mover in new digital banking initiatives
Migrating all workloads to the cloud, while simultaneously transitioning to DevOps
Accelerating time to market of new services by eliminating manual effort by central IT to provision cloud infrastructure for developers
Inspiration for a new ecosystem and culture
Previously, standing up the infrastructure that underpins the bank’s key applications and services was time and resource intensive. Due to supply chain issues, procuring new hardware could take up to three months, followed by several more months of dead time. This resulted in long stretches with zero revenue and significantly delayed project delivery timelines.
“Our aspiration is to enable every developer to be as productive as possible with hyper-automation for consumption of all our cloud services, which will improve time to market,” Ambani explains. “But it also requires a significant cultural shift, so we needed something easy to learn and simple to use.” Along with key colleagues like Rapid Payments product owner Jayshree Maistry and Business DevOps Lead Darryn George, Ambani aimed to standardize infrastructure provisioning through an infrastructure as code (IaC) solution that helped developers simply and easily procure the infrastructure they needed without IT assistance.
Initially, the bank used a range of open source products, including HashiCorp Terraform Community, but quickly outgrew that approach. “One issue we always had was ensuring app teams used a specific module we’d written and properly stored the state file,” Ambani says. “We needed to simplify the process for provisioning infrastructure by upgrading to an enterprise-grade solution if we were to move faster and take advantage of the head start we had on the rest of the market.”
After a brief evaluation period, Nedbank upgraded to HashiCorp Terraform Cloud because of the solution’s robust automation capabilities, enhanced scalability and security, and platform-agnostic design that made it easily compatible with the bank’s existing AWS-Microsoft Azure-Kubernetes-MongoDB tech stack. With Terraform Cloud, Nedbank has an expansive self-service ecosystem of reusable infrastructure modules developed by the bank’s subject matter experts with input from practitioners across the organization.
Now, any developer can request resources via a GUI that triggers a call for an immediately deployable infrastructure module — all while adhering to the bank’s stringent security and operational standards, which are automatically applied and logged in a configuration audit trail for visibility and control. Using a GUI helps developers quickly provision resources without needing to be a Terraform expert or familiar with HashiCorp Configuration Language (HCL). “For the central team, Terraform Cloud makes it easy to manage our entire environment because it delivers a single workflow for both AWS and Azure and comes with built-in policies and encryptions,” Ambani says. “More importantly, it’s helped us foster a culture of collaboration and ongoing improvement to the IaC practice that serves both our near-term and long-term organizational goals.”
A well-timed transformation in a well-regulated industry
Ambani says Terraform Cloud has drastically reduced the amount of time and energy it takes to stand up critical infrastructure that supports the bank’s product development and enhancement efforts. “Infrastructure procurement that used to take several months now happens in just a few minutes with Terraform Cloud,” he says. “We’re able to complete projects at 25% lower resource costs and have been able to move more than 1,000 virtual machines a month using the Terraform Cloud pipeline, saving us tens of millions of rand over the past couple of years.”
In addition to raw cost savings, the bank is also lowering risks and frustrations. Attaining near-instant infrastructure saves IT staff time by eliminating the distractions of responding to escalations from the application teams. Meanwhile, implementing Terraform Cloud and HashiCorp Vault Enterprise for identity-based security automation and encryption as a service substantially strengthens the bank’s security posture, a necessity in a highly regulated sector like financial services.
Ambani anticipates extending Nedbank’s reliance on Terraform and, potentially, other HashiCorp solutions, because of their technical strengths — and because of the ongoing support the bank receives from the professional services team. “Working with the HashiCorp team has been an absolute pleasure as they truly want to help Nedbank move forward and succeed,” Ambani says. “They proactively offer advice and take feedback from us regularly, and then come up with ideas that help us incrementally improve our operations to reach our business goals.”
Delivered infrastructure to application teams in minutes versus months
Saved 25% on project delivery costs, totaling more than R20 million, or 1 million USD, in two years
Improved security and lowered compliance risks with Terraform’s encryption management and audit features
Nedbank implemented HashiCorp Terraform Cloud to enable a simple self-service environment for developers and create a marketplace where any team can contribute new modules to improve the overall IaC practice.
Freddy Ambani Head of Cloud Operations Nedbank
Freddy Ambani is the Executive for Cloud at Nedbank Group. He is responsible for driving the organization's journey to the Cloud and he is also responsible Cloud Operations. Under his leadership Nedbank has achieved substantial milestones in their Cloud adoption journey while realizing costs and efficiency gains in multiples. He has over 19 years industry experience working in Education, Consulting and Financial services. He is passionate about technology with specific interests in getting organizations to adopt new technologies to drive growth and do good for society. Freddy has experience delivering large infrastructure and application projects focusing on stability, security, efficiencies, and cost saving initiatives.
Jayshree Maistry Technical Product Owner Nedbank
Jayshree Maistry is an Executive Technical Product Owner in Payments with 22 years banking industry experience leading complex payments projects across multiple technological evolution. She is experienced in Domestic and Real time payments that is driving financial inclusion in South Africa. Jayshree is highly adaptable and dynamic which has seen leading modernizing payments in the cloud adopting Modern dev ops principles and tools to ensure agile delivery.
Darryn George Business DevOps Lead Nedbank
Darryn George is a Business DevOps Lead at Nedbank Group. He is currently responsible for managing and maintaining the Container Platforms and DevOps Tools, and has 5+ years of experience in implementing and managing CI/CD pipelines, infrastructure as code, and cloud platforms. He is also passionate about optimizing software development processes and delivering high-quality software products.
- Infrastructure :
- AWS (1%), Microsoft Azure (43%), on-premises (bare metal) (56%)
- Workload type:
- Linux (30%), Windows (70%)
- Container runtime:
- 28 AKS Clusters / 9 EKS Clusters
- Storage :
- 18 PB