Starting a cloud journey

Establishing a Robust and Secure Google Cloud Platform Foundation

This project encompassed the architecture, development, and ongoing management of our company’s Google Cloud Platform (GCP) environment. The initiative aimed to establish a secure, scalable, and adaptable cloud foundation to support a diverse range of business applications.

Key Responsibilities and Achievements:

  • GCP Platform Architecture and Development: Led the design and implementation of the entire GCP platform, encompassing core components such as compute (GCE), networking (VPCs, Shared VPCs, Routing, Firewalls, NAT, Gateway, DNS), data analytics (Dataproc, BigQuery), security (IAM, Organization, VPC Service Controls, KMS), and more. This involved defining the overall structure, security posture, and operational processes for the cloud environment.

  • Infrastructure Automation: Utilized Terraform (Terraform) to orchestrate and automate infrastructure changes, ensuring consistent and repeatable deployments. This streamlined upgrades, minimized manual intervention, and improved overall infrastructure reliability.

  • Cross-Functional Collaboration: Partnered with multiple application teams (Natural Language Processing, Reporting, Risk, Trading, Machine Learning) to deliver proof-of-concept projects and prototypes, demonstrating the value and feasibility of leveraging GCP for diverse business needs.

  • Security Enhancement: Collaborated closely with internal security teams (CISO/Sec Arch) and Google Cloud security specialists to mitigate risks related to data exfiltration. This involved implementing robust security controls, including VPC Service Controls, secure routing configurations, and encryption using Key Management Service (KMS).

  • Hybrid Cloud Connectivity: Established a secure hybrid cloud environment by setting up and configuring an Interconnect (Cloud Interconnect) between on-premises infrastructure and GCP. This enabled secure and high-bandwidth data transfer between the two environments.

  • Connectivity Troubleshooting: Played a key role in troubleshooting and resolving connectivity issues, working closely with networking and infrastructure partners, as well as Google Cloud support.

  • Feature Advocacy: Worked directly with Google Cloud to advocate for and influence the development of new features required by the bank, ensuring alignment between our needs and the GCP roadmap.

  • Stakeholder Management: Built strong relationships and trust across all levels of the organization, effectively influencing and negotiating with various teams to achieve project objectives.

  • Mentorship and Coaching: Provided coaching and mentoring to engineers in a variety of areas, including GCP, Java, Git, and general software engineering principles, fostering internal skill development and knowledge sharing.

Technical Scope:

The project covered a wide range of GCP services and technologies, including:

  • Compute: Google Compute Engine (GCE)
  • Networking: Virtual Private Cloud (VPC), Shared VPC, Routing, Firewalls, Network Address Translation (NAT), Cloud VPN Gateway, Cloud DNS
  • Data Analytics: Dataproc, BigQuery
  • Security: Identity and Access Management (IAM), Organization, VPC Service Controls, Key Management Service (KMS)
  • Other: Various other GCP services relevant to the specific application prototypes and proof-of-concept projects.

Outcomes:

This project successfully established a robust and secure GCP foundation, enabling the bank to leverage the cloud for a variety of business applications. The use of Terraform for infrastructure automation improved operational efficiency and reliability. Strong cross-functional collaboration and stakeholder management ensured alignment between business needs and technical implementation. The project also fostered internal skill development through mentorship and coaching, empowering engineers to effectively utilize GCP.