Case Study: How BOK Financial Managed Its Cloud Migration
LOS ANGELES — When you’re deploying a business-critical application to the cloud, it’s nice to not need the “war room” you’ve assembled to troubleshoot Day 1 problems.
When BOK Financial, a financial services company that’s been moving apps to the cloud over the last three years, was launching its largest application on the cloud, its engineers supported it with a “war room type situation, monitoring everything” according to BOK’s Andrew Rau.
“After the first day, the system just scaled like it was supposed to … and they’re like, ‘OK, I guess we don’t need this anymore.’”
In this On the Road episode of The New Stack’s Makers podcast, Rau, BOK’s vice president and manager, cloud services, offered a case study about his organization’s cloud journey over the past four years, and the role HashiCorp’s Vault and Cloud Platform played in it.
Rau spoke to Heather Joslyn, features editor of The New Stack, about the challenges of moving a very traditional organization in a highly regulated industry to the cloud while maintaining tight security and resilience.
This episode of Makers was recorded in October at HashiConf in Los Angeles and sponsored by HashiCorp.
Upskilling for ‘Everything as Code’
In late 2019, Rau said, BOK Financial deployed one small application to the cloud, an initial step on its digital transformation journey. It’s been building out its cloud infrastructure ever since, and soon ran into the limits of each cloud provider’s native tooling.
“Where we struggled was we didn’t want to deploy and manage our clouds in different ways,” he said. “We didn’t want our cloud engineers to know just one cloud provider, and their technology and their tech stack. So that’s when we really started looking at how else can we do this. And that’s when Terraform was a great option for us.”
In 2020, BOK Financial began using HashCorp’s open source Terraform to automate the creation of cloud infrastructure. “We made a conscious effort to really focus on automation,” Rau said. “We didn’t want to do things manually, which is really that traditional data center, how we’ve done things for decades.”
In tandem with adopting Terraform, BOK Financial’s teams began using GitOps processes for CI/CD. But doing “everything as code,” as Rau put it, “required a lot of upskilling for some of our staff, because they’ve never done version control or automation capabilities. So in addition to learning Terraform, and these other cloud concepts, they had to learn all of that.”
The challenge, though, has been worth it: “It’s really empowered us to move a lot faster, and give our application teams the ability to deploy at their pace, versus waiting on other teams.”
Seeking Automated Security
It took about a year, Rau said, to get BOK Financial’s developers comfortable using Terraform, largely because many were new to version control procedures and strategies.
Because the company works in a highly regulated industry, handling customers’ financial data, security is of utmost importance.
“We had users’ credentials for our clouds, and we had them separated out based on the type of deployment that [developers] were doing,” said Rau.
“But it wasn’t easy for us to rotate those credentials on a frequent basis. And so we really felt the need that we want to make these short, limited tokens, no more than an hour for that deployment. And so that’s where we looked at Vault.”
HashiCorp’s secret storage and management tool proved an easy add-on with Terraform. “That’s really given us the ability to have effectively no credentials — long-lived credentials — out there,” Rau said. “And secure our environment even more.” And because BOK’s teams don’t want to manage Vault and its complexities themselves, it has opted for the HashiCorp Cloud Platform to manage it.
For other organizations on a cloud native journey, Rau recommended taking time to do things right. “We went back to rework some things periodically because we learned something too late,” he said.
Also, he advised, keep stakeholders in the loop: “You need to stay in front of the communication with business partners, IT leaders, that it’s going to take longer to set this up. But once you do, it’s incredible.”
Check out the podcast to learn more about BOK Financial’s cloud native transformation.