Apiture Digital Banking Migrates Hundreds of Customers from Datacenters to AWS

The Company

Apiture is a digital banking solution, serving over 450 financial institutions across the United States. As a joint venture between First Data Corporation (now Fiserv, Inc.) and Live Oak Bancshares, a leader in small business loans, Apiture was created in 2017 to create the digital banking platform of the future. Apiture’s API-first approach gives financial institutions the freedom to create the banking experience their account holders want, while offering competitive retail and commercial digital solutions across channels including online, mobile, voice, and watch.

The Challenge

Started as a joint venture, the company was created to provide next generation banking features from the cloud. It was tasked with moving its more than 450 bank and credit union customers to a new AWS-hosted platform within a year’s time.
While the banks would be combining its core banking data with Apiture’s platform to deliver features to consumers, they needed to maintain control of this sensitive banking data in their on-premise data center. The traditional approach of deploying hundreds of VPN connections was not going to work in this new cloud environment.

Other Challenges Included

  • Current networking technology was end-of-life and out of support
  • Deploying hundreds of connections had to be efficient to meet deadline
  • Many customers lacked the expertise needed to deploy networking technology
  • High availability had to be maintained to each bank’s core banking data
  • Stringent security and compliance standards must be met

Time was ticking to find a new solution that departed from the way they had previously solved networking problems.

APITURE Was Clear On Their Requirements

  • Cloud-first solution with support for cloud networking (high availability and failover)
  • Simple to deploy in basic data centers, advanced enough to deploy in enterprise organizations
  • State-of-the-art security
  • Compliant with all FFIEC and PCI standards
  • Able to deploy in all locations in about 6 months
“We needed a solution that would allow for our network to be managed like another cloud service.”
– Chris Fowler, Manager, Application Development

The Solution

Apiture explored using Cloud Services Routers from Cisco, but this solution would require the building of a new networking team. The complexity of configuration and management was immense. The building of a new team presented both time and cost challenges and was therefore dismissed.

SD-WAN was considered as an option that would provide a quicker path to implementation. SD-WAN solutions from VMWare (Velocloud) and Cisco (Meraki) were brought in alongside Trustgrid to be evaluated as proofs of concept.

VMWare’s solution was dismissed after multiple implementation partners failed to deploy a successful proof-of-concept and struggled with overlapping RFC 1918 subnets between Apiture’s AWS environment and financial institution environments. Cisco’s SD-WAN alternative presented favorable pricing and did offer some support for the overlapping subnet challenge but lacked formal AWS support. When deploying across hundreds of sites, this solution was deemed too tedious.

Trustgrid’s Zero Trust Network was able to elegantly deal with overlapping private subnets across hundreds of sites, natively support high availability and handle multi-region deployments in AWS. With its native support for AWS Transit Gateway, Trustgrid provided a simplified way to deploy new connections while maintaining the flexibility to scale across its numerous AWS VPCs.

First Data and Live Oak Bancshares took the lead on the security evaluation of Trustgrid – diving deep into the PKI, certificates, and automated patching. Additionally, Apiture and First Data vendor management teams thoroughly evaluated Trustgrid’s compliance status.

After thorough security and compliance vetting, Trustgrid was tasked to lead the charge on deploying new cloud network connections to all Apiture customers.


Deployments began at the start of the
new year with the goal of wrapping up by
mid-year. The major issue at this stage
was engaging each Apiture customer.
These banks needed a simple
deployment solution that didn’t
interfere with current operations or
require advanced expertise onsite.
Trustgrid Professional Services and
Apiture’s Customer Success Team
developed a comprehensive approach to
the problem. Hundreds of FIs attended
webinars, provided network configuration
information with secure online forms, and
conducted vendor due diligence.

Apiture AWS Connectivity Deployment Guide Example
“Working with the Trustgrid team has made a difficult job much easier. From planning through implementation, they were an excellent partner.”
– Jennifer White, Director Customer Success

Trustgrid then provisioned its networking software on off-the-shelf hardware appliances bearing the Apiture logo and shipped the appliance, along with a deployment guide, to each bank or credit union.

Upon receipt, the deployment guide instructed each financial institution to provide a power and network connection for the shipped device to allow for remote configuration of the new connection.

“The ease of deployment and centralization of configuration were dramatic improvements over previous processes”
– Brad Wisdom, VP of Engineering

The Results

Apiture’s cloud migration project was a huge success. Trustgrid was able to help the Apiture team by deploying several hundred hybrid cloud networking connections to banks and credit unions throughout the United States and its territories without hiring a new networking team.

With Trustgrid, Apiture was able to:

  • Migrate hundreds of network connections to AWS in about 6 months
  • Save hundreds of thousands of dollars annually compared to legacy solutions
  • Cut new customer deployment times from months to weeks
  • Automate compliance and security tasks, such as patching, requiring large teams and around-the-clock work
  • Achieve connectivity SLAs of 99.99% between AWS and banking customers.
We could not have done this without Trustgrid.”
– Brad Wisdom, VP of Engineering