Platform engineering and IDP: optimizing cloud and security for banks

In the banking and financial sector, where speed of innovation and uncompromising security are paramount, the growing complexity of cloud infrastructures presents a significant risk. This year and in the coming ones, we are witnessing organizations striving not just to adapt to these changes but to actively shape their future through the implementation of Platform Engineering and Internal Developer Platforms (IDP). These approaches enable a transition from reactive management to proactive control, optimizing cloud costs and significantly enhancing security.

Rising cloud costs: challenges for the banking sector

The rapid adoption of cloud solutions, which was a response to the need for flexibility and scalability, often leads to uncontrolled cost increases. Without proper visibility and management, cloud resources can be overprovisioned, orphaned, or inefficiently utilized. For banks, which handle significant data volumes and have stringent regulatory requirements, this is not only a financial risk but also a potential threat to security and compliance.

The lack of centralized control and visibility over cloud spending creates budget “black holes.” This necessitates the adoption of FinOps practices, which combine financial accountability with engineering expertise, ensuring transparency and manageability of cloud costs throughout the application lifecycle. This is where Platform Engineering becomes not just a technical solution but a strategic tool for financial optimization.

Platform Engineering as a response to cloud infrastructure complexity

Platform Engineering is a discipline focused on creating and maintaining internal developer platforms that provide developers with self-service capabilities, standardized tools, and automated workflows. Platform engineering teams act as internal service providers of components and tools for application delivery, significantly simplifying development and deployment.

According to Gartner, 80% of large software development organizations will establish such teams this year, compared to 45% in 2022. This indicates the industry’s deep understanding of the need for a centralized approach to infrastructure and development process management.

The advantage of Platform Engineering lies in the shift from a “shifting left” to a “shifting down” concept. While “shifting left” means transferring responsibility for security and quality to developers at early stages, “shifting down” involves embedding necessary capabilities directly into the platforms. This frees developers from routine tasks, allowing them to focus on creating business value, while the platform automatically ensures compliance with standards, security, and resource optimization, as noted in the State of Platform Engineering Report Volume 4.

Internal Developer Platforms (IDP): a tool for enhancing efficiency and security

Internal Developer Platforms (IDP) are the practical implementation of Platform Engineering. They are integrated sets of tools and services that provide developers with a single point of access to everything they need to build, deploy, and operate software. IDPs encapsulate the complexity of the underlying infrastructure, offering abstractions and automation.

For banks, IDPs are particularly significant. They enable:

• Accelerated time-to-market: Standardized templates and automated CI/CD pipelines reduce the time from idea to deployment.
• Enhanced security by default: IDPs can embed security policies, vulnerability scanning, and access management directly into workflows, ensuring compliance with standards like ISO/IEC 27001 and pci-dss-en/” class=”igng-autolink”>PCI DSS.
• Regulatory compliance: Through centralized management and automated log collection, IDPs simplify the creation of audit trails, which is critical for financial institutions.
• Cloud cost optimization: The platform can automatically apply resource optimization policies, monitor usage, and identify inefficient configurations.

Alliance member companies, such as Softline and SL Global Service, have experience in building and integrating comprehensive infrastructure solutions that form the foundation for effective IDPs. For example, the use of UnityBase (an open-source low-code platform developed by InBase) allows for the creation of flexible and secure backend systems that can be integrated into an IDP for data and business logic management.

A common pitfall: the illusion of automatic problem-solving with a new platform

One of the most common mistakes when implementing Platform Engineering and IDPs is the assumption that the platform itself will automatically solve all problems. A platform is a tool, and its effectiveness depends on its architecture, processes, and the culture of its use. Without clearly defined goals, an understanding of developer needs, and continuous iteration, an IDP can become just another isolated tool that fails to deliver expected value.

Platform Engineering is not a one-time project but a continuous process of evolution. It requires constant feedback from developers, analysis of usage metrics, and adaptation of the platform to changing business requirements and the technological landscape.

Architectural example: optimizing customer data management in a large bank

Consider a large bank facing the challenge of scattered customer data stored across dozens of systems. This complicates the creation of a unified customer profile, risk analysis, and GDPR compliance. Instead of each development team building its own microservices to access and process this data, the bank implements an Internal Developer Platform.

The IDP provides standardized API gateways and services for secure access to customer data, abstracting the complexity of integration with legacy systems. Developers can use ready-made components to build new products that automatically comply with security policies and regulatory requirements. For instance, to manage access to sensitive data, the IDP integrates with a centralized IAM and MFA system, ensuring a zero-trust-en/” class=”igng-autolink”>Zero Trust approach. This also allows for the automatic generation of an audit trail for every customer data request, significantly simplifying regulatory audits.

Furthermore, the platform can include tools for automatic data masking in test environments, reducing the risk of sensitive information leakage. This is an example of how an IDP not only accelerates development but also systematically enhances security and compliance.

AI in Platform Engineering: enhancing security and efficiency

Artificial intelligence plays a significant role in the evolution of Platform Engineering. According to the State of Platform Engineering Report Volume 4, 94% of organizations consider AI important for this discipline. AI can automate complex tasks, optimize resources, and improve security levels, transforming Platform Engineering into an even more powerful tool.

In practice, AI is already used for:

• Proactive monitoring and anomaly detection: AI algorithms can analyze large volumes of logs and metrics, identifying unusual behavior that may indicate a cyberattack or inefficient resource utilization. This allows for threats to be addressed before they cause significant damage.
• Automated resource optimization: AI can dynamically scale infrastructure, predict load, and optimize resource allocation to reduce cloud costs without compromising performance.
• Enhanced security: AI can analyze attack patterns, identify new threat vectors, and automatically apply protective measures. Given that phishing remains the leading initial access vector, as noted by ENISA, AI can help develop more sophisticated systems for detecting and preventing such attacks. Alliance companies, such as Softengi, are actively developing AI solutions to enhance cybersecurity and automate processes.
• Code and documentation generation: AI assistants can accelerate development by generating boilerplate code, test scenarios, and documentation, further increasing team efficiency.

Integrating AI into IDPs allows for the creation of more “intelligent” platforms that not only automate but also actively optimize and protect software development and operation processes.

Readiness checklist for implementing Platform Engineering and IDP

• Defined business objectives for implementation (reducing cloud costs, shortening time-to-market, enhancing security).
• Conducted a cloud cost audit to identify orphaned resources, overprovisioning, and forgotten environments.
• Established a platform engineering team with clear responsibilities as an internal service provider.
• Developed an IDP implementation strategy that considers the shift from “shifting left” to “shifting down.”
• Defined metrics for evaluating platform effectiveness (deployment time, error rate, developer satisfaction level).
• Developed a plan for integrating AI tools for security automation, monitoring, and resource optimization.
• Implemented FinOps practices to ensure visibility and control over cloud costs.