Choosng the right mix isn’t about public vs private. It’s about the right workload and the right environment to get the right outcome.<\/p>\n
Garman says it would have been easy for AWS to turn away and concentrate on other customers, but it then spent the better part of the next decade working on the concerns of those banks in New York, many of which have since become customers.<\/p>\n
But while most banks in the world are now using cloud services, there are differing levels of adoption, particularly if the bank is old and is still using its on-prem mainframes. These banks are also more likely to run their core banking systems in-house. An exception here is TymeBank, which uses the Mambu cloud-native platform, which runs on AWS.<\/p>\n
Most banks in South Africa seem to be following a hybrid approach, layering public cloud over existing on-prem systems. Other than Tyme, most core banking platforms remain on mainframes, while customer facing workloads are being moved to AWS, Microsoft Azure and Google Cloud Platform (GCP). Absa and Standard Bank also use Salesforce, with Absa focusing on customer service and product sales, and Standard Bank using it to manage customer data. Oracle has a financial services footprint in Africa, and Standard Bank has partnered with Alibaba to support trade with China.<\/p>\n
\u201cChoosing the right mix isn’t about public versus private,\u201d says Richard Vester, chief executive of cloud at iOCO. \u201cIt’s about the right workload and the right environment to get the right outcome.\u201d This appears to be easier said than done, and architects at banks are spoiled for choice about where to put their workloads. What they will have to do is carefully test each hyperscaler offering to see what works best in their business. Among all the country\u2019s banks, Capitec stands out as a singular success story. It now has the largest number of customers, at around 24mn, or 60% of the country\u2019s adult population. And in late August, Capitec became the continent\u2019s most valuable bank by market cap at R424bn, passing FirstRand. From its origin as a microlender, it has grown its customer base into higher LSMs, and has rolled out more products. Anecdotally, it\u2019s a lot easier to take decisions at Capitec, particularly around technology, than it is at the behemothic banks.<\/p>\n
\nIf you use something like [Amazon] Block Express, you can
\npay half a million dollars for your storage a year.<\/p>\n
Andrew Baker, Capitec<\/p>\n<\/blockquote>\n
Capitec was the only bank invited to the keynote at AWS\u2019 annual summit in Sandton in August. Capitec has invested heavily in AWS, with a data lakehouse that processes over 1.5trn reports per month, which gives the bank around 27TB of analytical data. All its customers make around 15 000 card payments every minute. It’s also using machine learning service Sagemaker, and RedShift, the data warehouse service, from AWS.<\/p>\n
Capitec\u2019s CTO Andy Baker actually worked at AWS for a short stint in 2022 as director of engineering for EC2, after six years as Absa\u2019s CTO, and before that, a decade at Barclays. He says some workloads don\u2019t make financial sense if they\u2019re running in the cloud, such as databases with high I\/O and legacy SQL databases. \u201cIf you use something like [Amazon] Block Express, you can pay half a million dollars for your storage a year,\u201d he says.<\/p>\n
![\"Andrew](\"https:\/\/www.europesays.com\/ie\/wp-content\/uploads\/2025\/10\/bMtdIbtmQYyo5e3ZC6DDXit2N-I8rB5_mX2-ZTKZoVtmTyKnMAbibFSbwTrdeJFNBhEclkKdEYtWROt5BYbdbvaupiDJ7TLq5bGZ.jpeg\")
<\/p>\n
Andrew Baker, Capitec <\/p>\n
Storage in the cloud can be expensive, but so is maintaining large datacentres. He says another bank, which he doesn\u2019t name, had almost 20 000 square metres of datacentre space, an approach he has no interest in replicating.<\/p>\n
For him, the priority is speed and Capitec has grown at a remarkable pace in its 25 years of existence. Scaling quickly requires elasticity, and the cloud makes that possible. \u201cThere’s absolutely no advantage in taking what you have on-premise and dropping it in the cloud, and actually it\u2019s quite an expensive thing to do,\u201d he says, adding that it\u2019s exactly what Capitec did, which he says sounds like he\u2019s contradicting himself.<\/p>\n
Capitec had an issue around the fact that its production datacentre and its disaster recovery (DR) datacentre were 30 milliseconds apart, with one in Joburg and the other in Cape Town. \u201cSo that means if we want to go to DR, and one product fails, I have to move everything to that datacentre, and that\u2019s a lot of downtime. Our business imperative, to shunt everything into AWS, is that we wanted three datacentres right next to each other.\u201d This is what it found in the Amazon region in Cape Town. He says it believes in N+1 redundancy, which means that systems will have at least one backup component.<\/p>\n
DR is not good enough in this day and age, he says. \u201cYou need to be able to lose a datacentre and still have resilience.\u201d<\/p>\n
The reason it chose AWS is that it\u2019s in Cape Town, near Capitec\u2019s physical datacentre, which \u201csolves the physics problem\u201d. He also prefers its redundancy model. \u201cThe way Microsoft works is if it fails in Joburg, it fails-[over] to Cape Town. We wouldn\u2019t tolerate that; that wouldn\u2019t be an acceptable outcome for us. If Azure goes down in Isando, its DR is Cape Town. That\u2019s not a good place [to be]. Thirty milliseconds is going to break apart a lot of services. We want three availability zones right next to each other, five milliseconds, maximum, apart.\u201d<\/p>\n
Putting its cloud data processing capabilities to good use, Capitec is tackling one of the biggest problems faced by banks \u2013 fraud. The South African Banking Risk and Information Centre found that reported incidents of digital banking fraud doubled in 2024. That\u2019s a big problem, says Baker, and a complicated one to solve. It\u2019s also not something that can be solved using on-premise infrastructure because \u201cyou will not have the computational power and the tools and machinery to do inline inception of a payment\u201d.<\/p>\n
In the cloud, Capitec checks every payment against the national beneficiary database and uses AI to detect suspicious transactions in realtime. \u201cEvery payment from our 24mn clients for the last year has gone through that. We have a record of it, we know the references, we know everything,\u201d he says. In practice, that scale gives Capitec the ability to do things it couldn\u2019t on traditional infrastructure. Payments can be intercepted, slowed down if something looks risky, and only released once the models are satisfied. Clients get warned when they\u2019re about to send money to a suspicious beneficiary, with the system flagging patterns linked to scams like invoice fraud. But there\u2019s no point in protecting payments if the platform itself isn\u2019t resilient. Uptime is an important aspect of banking, especially when an app is the primary way customers are interacting with their money. Baker says that Capitec now does blue\/ green deployments during the day with zero downtime. This means it runs two identical production environments, which minimises risk.<\/p>\n
If its telemetry shows any problems during an update, the system rolls back instantly to the previous version. In the past, he says engineers would get up at 2am to push through changes and hope everything worked. The phones would then start ringing at 6:30am, and: \u201cYou\u2019d hear it hadn\u2019t gone as well as hoped.\u201d Today, updates are seamless, running in production without interruption. The impact has been dramatic: where Capitec once faced two or three major incidents in a week, now entire months can pass without disruption. The goal is zero downtime, a shift that has improved both engineering productivity and the client experience.<\/p>\n
Hyperscalers will offer much better uptime than what a business can do by itself, but what happens when there\u2019s a hyperscale outage? Would it not make sense to duplicate workloads in two clouds?<\/p>\n
\u201cYou can\u2019t really do it, practically,\u201d he says, adding there\u2019s a product called Crossplane that attempts to make a common control plain across all cloud providers.<\/p>\n
Running the same workloads on two clouds will also weaken the bank\u2019s security posture as it spans two identity and access management providers, which will mean you\u2019ll \u201cstart bifurcating your security controls. And, with an outage, you can get yourself in a mess. \u201cI always look at net risk, not gross risk. If the risk is too high, replicating to Azure doesn\u2019t make that risk lower. When, actually, was the last time you used that pathway [to the other cloud]? And then you find it\u2019s full of bugs and you\u2019ll duplicate all your payments. Great harm comes from great intentions. If we were in Microsoft, we wouldn\u2019t replicate to AWS either.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"It sounds like a simple equation. Banks need customers, and in order to understand those customers better, they…\n","protected":false},"author":2,"featured_media":142722,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[262],"tags":[84542,84543,314,18,19,17,82],"class_list":{"0":"post-142721","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-computing","8":"tag-best-practice-cloud","9":"tag-brainstorm-feature","10":"tag-computing","11":"tag-eire","12":"tag-ie","13":"tag-ireland","14":"tag-technology"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@ie\/115429162818106005","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/posts\/142721","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/comments?post=142721"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/posts\/142721\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/media\/142722"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/media?parent=142721"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/categories?post=142721"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ie\/wp-json\/wp\/v2\/tags?post=142721"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/www.europesays.com\/ie\/wp-content\/uploads\/2025\/10\/P1vSoh2fMoxbilNDgNBRRsuCtZAC4z-SYkjVgP6aISEUD_39WC7owdYFaEQ9BGencf8TBI4epn-55cJO2bZUdbaSRC6bG3C9cu0.jpeg\")
<\/p>\n![\"\"](\"https:\/\/www.europesays.com\/ie\/wp-content\/uploads\/2025\/10\/-oi9gBrkQNe2Oo5lJxqqvqMFT-dkbLGS-13YcbTq6wl_vBXLxvAmy7P95HyXS-aZfwOVLeVEEgcqktdYkTTAm9SFQleOu8R7zwXR.jpeg\")
<\/p>\n