Securing the Future - Raiffeisen Bank's Cloud Journey

Hello, hello, hello. Finally, we are here. Thank you for having us today. Today, we are going to share with you our experience very briefly and leave some time maybe for your potential questions on how we did that and what is our key lessons from our migration path. But I, me personally, I know how boring could be the such kind of presentations and most probably in each and every conference you saw the same. Like we migrated to cloud during one year or during two months or during two moments. Cloudflare is the same. We will try to make it not so boring this time and share the key learnings we have after we received after we suffered a little bit and the key learnings not from technical perspective, I'm sorry, but from a mindset perspective. Hope it will help you to rethink a little bit the format of using Cloudflare, of leveraging Cloudflare and not only using it as a tool. So the first, just for you to understand our conditions before, frankly speaking, it was super typical. You can take every bag at any European country. It will be the same as we mentioned at the slide. So legacy infrastructure, data center, not core business yet. We have few because of resilience, because of business continuity. Thank you, Dora. Thank you, everybody to have us on board. VPN, now it's VPN less, more or less better, but again, it was 2020, 2021. So a little bit different. And yep, no observability. Yep. Approved cloud migration as usually without McKinsey this time. So we saved approximately 85 million and eight years. But a little bit more preparations was at our agenda because we felt something and we decided that we need to speed up. So the war speed us up a little bit at the middle of January, 2022, when cyber attacks started, we thought, okay, let's even speed up a little bit more, but it's still not enough. So at the middle of February, we were under heavy, for us heavy. So it's not heavy in terms of figures. Definitely most of us nowadays met with even like more powerful attack. It was a typical DDoS, but for us, it was quite powerful that time. So imagine the conditions, me waiting for twins in clinic, the team across Ukraine work, tried to solve the question with iRules on F5. If you're using F5, probably you will understand me. I will not ask to raise your hands. Let's not make this physical exercise this time, but definitely you know what is F5, okay? So we decided in the middle of the day, let's move because we cannot manage. We have no observability. It's stuck. CPU, memory, it's stuck. So we cannot manage. We disabled all AI features, all these cute features, cozy features, but it still doesn't work. So decision, let's go. In the middle of the night, we finished the first step. The obvious first step is to migrate DNS. We were lucky enough to have a new client bank on board. We were lucky enough to have most of our client services at the web. So we managed to migrate all critical resources until the beginning of morning, 16 February, 2025. Till the end of March, 2022, we complete migration to Cloudflare and at December 2024, we switched off legacy, pure legacy features of our infrastructure. So we, right now, we even don't use Cloudflare Spectrum before we need to, because we have specific client bank for legal entities and we cannot move out or step out from that. Yeah. Can you just bring it back? And I'm here not just to stay in front of the slides. Not for that. So I will tell the story how it was from my side, because he was in the clinic and the guys were like stressed from C security guys were stressed. I remember the day I called Zhenia and said, Zhenia, let's go to Cloudflare. We did it many times, hundreds of times. So it's super easy. We can do it right now. Because as Zhenia mentioned, we have infrastructure based on F5 and he actually trust the guys and he said, no, no, let's give them a chance to sort it out. They told me that they will finish in five minutes. I said, okay Zhenia, I can wait one hour and in one hour I'll call you back. And in case if you still will be convinced that your guys will be okay, we will not migrate. So Zhenia called me in five minutes and said, okay, let's go to the Cloudflare. So the easiest thing is to do this migration, because everyone knows how to do it, because you already probably did it for your pet projects or your own project or your mom's site, whatever. So we actually started this migration. And why I love Cloudflare, and this is really matters, because you can just log into their site, create account, and that's it. No calling to agent, no bureaucracy, nothing. You just create an account and you're doing this migration smoothly or how you prefer it, whatever. So call to Zhenia, approved, done. We are starting to migrate our main site, which is Raytheis in UA. And the biggest problem was you cannot even imagine. Oh, maybe we can ask the audience. Can you guess what was our main problem during that migration? I mean, 15 February evening. No. Next. Again? No. Close, but... No. Can you be a little louder? Again? Again? Man, you are freaking right. You are freaking right. We had no clue how to log in. The problem, we just joined to the company like a few months before, and the guy who was responsible for DNS just left the company, and he moved. Yeah, he said that my credentials are written in notebook, in special paper. You can just open this notebook and find all credentials you need. Where we can find your laptop? We don't know. And that's the reason why actually we started in the evening, and we migrate in the middle of the night just because we spent five more hours to find this laptop credentials, et cetera. I actually was surprised. I called the provider and said, guys, we're in that kind of situation. Can you help us? Yeah, and actually, we didn't find any credentials. We convinced them that we are who we are, and they like sent new credentials to our official email address, and we were lucky with that. And definitely, we go forward to tell the other stories. Yep. So, just we mentioned here our challenges during immigration, and before, again, I hope it's the same boring for you as for me, so we can skip this particular slide and move next. So, what we thought and our expectations before the immigration completely, to be frank, was completely met with the reality because, to be frank, zero from our teammates knew how to work with Cloudflare before. We knew because we previously from the tech company, now from fintech company, so we did use Cloudflare a lot before, but our teams know. So, the main feature from Cloudflare, and it was mentioned as well, our colleagues at the previous panel discussion. So, the motto of Cloudflare, according to my personal view, should be the next. Cloudflare, it simply works, dot. That's it. Usually, speaking about security products, I'm asking my counterparties, which phone do you have? And usually, it depends on the region, it's region-specific question or answer, okay? Usually, people answer, oh, I have an iPhone, okay? Cool. Let's do physical exercise. iPhone. Android. iPhone. Cool. Android. Okay. So, usually, answering that question, my next question is, how much instructions did you read to be able to use your iPhone? How much time did you onboard on that? Approximately zero, yeah? You switch on and you use. The same for Cloudflare. So, from zero to hero should be the second motto of Cloudflare. Definitely, they have unlimited protection capabilities, according to current capabilities or capacity of channels. For sure, you can use GitOps. For sure, developers will love that, because you can integrate with your processes, and so on. But they have even features for those who are scared. And probably, some of you use that. We not, but I will explain it a little bit later. You can use Magic Transit if you still have this old-school integration, so L4 or L3 levels, and you can use Spectrum if you have no clue about your product. You just need to road traffic somehow, and you need to use some tunnel, and you can enable Spectrum. So, question about migration speed. Definitely, it's not the same every time when you just migrate DNS, and that's good enough. That's not good enough, because most of us, we have different infrastructures. But, as I promised you, the key lessons we learned about migration in a big organization, bloody enterprise, I would say, even bigger than Cloudflare in terms of number of employees, and not bigger in terms of IT infrastructure. For sure, it's almost impossible nowadays. So, you need to think about your infrastructure and the company not from tools perspective, but from mindset perspective. And the very straightforward question, because probably some of you will ask us that question. So, guys, you have a fancy story with L7, everything on application layer. Spoiler, not, but okay. Most. What do you think about what could be different complexity? Your story is too cozy. I will say no, but I will ask you a very straightforward question. If in 2025 you still use L3, L4 integrations with your partners, can you please answer me the question, why? And the second question, what for? If your partners cannot leverage L7 API integrations, maybe you need to think about your partners or help your partners. Because that's Ukraine, even National Bank of Ukraine can use that. That's not a rocket science. Sometimes you need to break several eggs to make an omelet, definitely. So, remember that thing. This is the key. If you need to onboard, read some instructions, usually you're choosing the wrong product. So, in case with Cloudflare, definitely for us it was the right product, but it depends on the complexity of your infrastructure. Yet, if you're thinking that you need to wait something until board will approve your immigration, if you need to wait something until somebody will provide you enterprise account because you're limited with something, the answer is simple. No, you're not limited. All your limits just here in terms of Cloudflare, you need to be prepared because you know why. I will not explain your story of Ukraine and so on, definitely you know. You need to be prepared. But the last one was a joke, but who can joke with two bald men on the stage speaking about better being bald than broken? Yeah. So, we were several times in some specific situations when we were almost destroyed. And I couldn't say that it's Cloudflare who managed to support us and save us. But during the wartime, we have more connections with Cloudflare than just typical business. I don't know if you know or not, but I will tell that. I hope it's not prohibited to tell. So, during tough times the first year, Cloudflare supported a lot Ukrainian companies, sometimes provided it free of charge. Sometimes helped with engineers, sometimes helped with specific attacks, sometimes helped to sort out some infrastructure questions. So, it's a little bit more than just a company. For me personally, it's about relations moving out from just your contract sometimes. And it's super valuable and important, I believe, for every company to have such a partner. Grigory, do you want to? Okay, okay. I'll spend half a minute for you to explain why I personally love Cloudflare and why I'll do it. Because I was chased by guys from Cloudflare and they asked me to sell a little bit, but from my personal experience. Previously, I told you a story how we immigrated to Cloudflare. I'll tell you a story why I actually, and we are still keeping a relationship with Cloudflare, and even more, we are making internal selling in our Eiffenbach International Group and also some companies from Tallinn. So, I don't know, do you remember or not, this time in 2020, 2014, 2015, there was a big problem with SSL certificates. It was Let's Encrypt, which was hard to implement for the beginners, for the newbies, for the rookies or whatever. And what Cloudflare did, when HTTP2 was implemented, it was a huge advantage for all shops, network units, for all Internet resources. And what Cloudflare did, and still does, they are providing this service for free and easy to use. As Zhenya mentioned, one of the advantages of Cloudflare is you can be here from zero to here. The way from zero to here takes you minutes. And now, I call them early adopters because they find technology, they catch the inspiration, they catch the opportunity, and they provide this opportunity for you and mostly for free, which is personally important for me. Because when I'm choosing technology, what I'm usually doing, I'm a big fan of open source and inner source inside the company or inside the group. So, I'm opening GitHub and trying to find how many contributors, how many commits, how many stars, how many other things this product has. So, the same was with me with Cloudflare. Cloudflare supports as many as I know people. Every single engineer who I talk to, who I talk with, knows Cloudflare and respects Cloudflare. Yeah, they have a lot of competitors, but you actually know why you are right now here, etc. And today is AI era. And you will know it from the next speakers. And what I personally love, when we needed AI gateway in order to make our landscape safe, keep it safe, and allow all our accounts, whoever used public models, Cloudflare was here. Cloudflare said, yeah, we have technology. Yeah, it's still, if we will talk about maturity level, it's on a crawl level. But as I told early adopters, when you need technology, they are providing it for you. Not yet perfect, but you will do nothing. You will take care about your business. You will take care about things which make you happy. And they will take care about the other stuff. And your product become better and better day by day, because they are taking care about it. I'm telling that looks like they paid me some money, but it's not like that. I have in my pocket many vendors who are doing like that. Oracle, not in the list, but... Guys, I didn't receive. If you paid him to call me, please. I'll not. So using the last 40 minutes, I want to just say thank you to Cloudflare. I want to buy you to at least try technology which they showed, which they are providing, and most of them are for free. And for most of you, it will be more than enough. Thank you very much, guys. Thank you.