How IaC Best Practices Helped Vast Bank Deliver a First-of-its-Kind Crypto Banking Platform

HQ’d in the heart of Tulsa (OK), Vast bank was aiming to disrupt the market by being the first US-based bank to offer seamless integration between traditional banking and cryptocurrency trading, while remaining a key player in their local community

‍

Vast Bank had a goal to disrupt the banking and financial services industry by being the first US-based bank to offer cryptocurrency alongside traditional banking to increase their digital footprint nationally

While Vast Bank’s focus was to disrupt the market by introducing the ability to seamlessly buy, sell, and hold crypto with available funds from their checking account, they needed to introduce modern security, observability, scalability, and reliability into their AWS platform.

As part of the migration and modernization effort for Vast Bank, Protagona designed and implemented a comprehensive set of observability and security solutions that sat on top of the AWS platform. From the onset, infrastructure-as-code and complete CI/CD automation were paramount, incorporating industry-leading tooling to help enforce best practices to enhance visibility, monitoring, and security across the enterprise.

After conducting value stream mapping workshops with Vast leadership, Protagona scoped and established a suite of observability tools to provide critical process monitoring, synthetic transactions, real-time log shipping, aggregation and filtering –including AWS services and open source software alike. The initiative was dubbed Vast Knows First.

Compliance data was aggregated across Vast AWS’ footprint, correlated and kiosked for internal consumption, auditing, and evidentiary requests leveraging Lambda and S3.

Performance and workload logs were funneled centrally for aggregation and analysis into OpenSearch, while still making use of CloudWatch for alerting and alert routing. Leveraging AI and predictive capacity models reduced alert signal-to-noise ratio by 40%.

On the security front, Protagona built a continuous monitoring platform based on industry standard frameworks and Security Hub, to rapidly detect, prioritize and remediate findings. The CI/CD workflow was modernized with a shift-left mindset that reduced the introduction of new and repeat security risks. This DevSecOps approach helped reduce their high-crit backlog by 60% while improving code reusability.

The overall solution provided tactical advantages through centralized observability of security data. Iterative refinements ensured the right information reached the right stakeholders. This modernized platform and workflows gave Vast Bank improved visibility, control and posture to satisfy regulators and internal mandates in their AWS environment.

‍