Why ING Direct's Private Cloud Will Take Some Time To Deliver

Online bank ING Direct has shifted its entire infrastructure to a private cloud. That's an impressive move (and the first time a local bank has done it), but the real measure of its usefulness won't be apparent until new applications start being deployed on it.

It's not surprising that a bank has chosen the private cloud approach. Financial institutions have long shown reluctance to embrace any kind of public cloud, driven by a combination of legislative concerns and long-entrenched "not built here" syndrome. Hybrid cloud is often rejected on the same basis.

ING's Zero Touch project, which took 12 months to implement, saw the bank's production environment transferred onto a cloud-based system. That will allow new instances and test environments to be speedily rolled up.

"We see cloud technology as a real enabler," COO Simon Andrew said in a statement announcing the rollout. "Completing the project has opened up space for us to innovate and create rather than simply operate and maintain the supporting infrastructure."

The key lesson here? The 12 months was needed simply to replicate what already existed. To actually deliver any innovation will take longer.

Building a private cloud also requires interacting with a large number of vendors, since every element needs to be specified. ING Direct worked with Dimension Data, Cisco, NetApp, F5, Microsoft, WardyIT, Readify and TCS.


    Any bank that limits you to a 4 digit pin for an online password should be avoided like the plague. The picture tells it all. This is not a bank you can trust to know anything about online security.

      I'm pretty sure that the PIN can be longer than 4 characters - but I agree that banking passwords that are so limited (can only be numbers) aren't exactly ideal.. It was fine back when INGDirect only allowed you to transfer between linked accounts - the worst that could happen if someone got into your account is that they'd be annoying. But now that there are regular accounts, it's insufficient.

      The security is in the random keypad together with the pin.

        That is not entirely true. The randomisation of the key pad is to stop an "over the shoulder attack". In other words, someone looking at what buttons you press, but not being able to read the numbers on the key pad.

        What ever the input interface is, the web browsers posts data to the server anyway. A would be attacker would just have a bot that does the HTTP post to the server. Rinse, repeat until a comination is found. I've looked at this a bit.

    No it cant, it HAS to be 4 and only 4.

    Furthermore, client access number is that a number, and a good chance its sequential.

Join the discussion!

Trending Stories Right Now