Field note

Most banking cloud migrations fail for the same architectural reason

Teams treat cloud like a faster data center instead of a different computing model. Banking workloads are not web apps - and lift-and-shifting a mainframe to the cloud buys you cloud costs with mainframe complexity.

Jul 14, 2025 · Navin Agrawal · Architecture · 2 min read

Most banking cloud migrations fail for the same architectural reason

Visual brief

Visual brief

Most banking cloud migrations fail for the same architectural reason

As of July 2025

Banking cloud migrations fail for one repeated reason: teams treat cloud as a faster data center instead of a fundamentally different computing model, then force banking workloads into assumptions built for web apps.

The cloud-native playbook assumes you can tolerate occasional failure, scale horizontally, and rebuild state from scratch. Banking systems require four-nines uptime, vertical scaling for peak loads, and stateful transactions that cannot be lost. Lift-and-shift a COBOL mainframe to the cloud and you get the worst of both worlds.

The mismatch is about assumptions, not tooling. Web-scale architecture is built to shrug off a dropped request and re-create state. A payment authorization cannot be dropped and cannot be approximate. When that gap is ignored, the migration produces cloud bills on top of mainframe complexity - and the project stalls.

Uptime bar

99.99%

what banking systems require. The cloud-native playbook assumes you can tolerate occasional failure - a different model entirely.

Auth latency

sub-100ms

the payment-authorization budget; multi-region cloud adds latency that kills it. Use edge and caching.

Data gravity

Egress

payment data is massive and sticky - egress costs destroy budgets. Process near the data, not in a distant region.

Banking cloud architecture, the reality check (as of mid-2025): banking workloads need 99.99% uptime, vertical scaling for peak loads, and stateful transactions, unlike the cloud-native assumption of tolerable failure and horizontal scale. What works: hybrid (keep core banking private, use public cloud for analytics and customer apps), an API wrapper/abstraction layer over the mainframe for gradual modernization, a SaaS reality check on vendor lock-in and data isolation, attention to data gravity and egress costs, and sub-100ms authorization latency via edge and caching.
The banks succeeding with cloud are not going cloud-first. They are going business-outcome-first and using cloud where it earns its place.

What actually works

Go hybrid: keep core banking on-premise or private cloud, and use public cloud for analytics, customer-facing apps, and batch. Wrap the mainframe in APIs so you can modernize gradually instead of betting the bank on a big-bang cutover.

Where budgets and latency die

Data gravity: payment data is massive and sticky, and egress fees wreck budgets - so process near the data. Latency: authorization needs sub-100ms, and multi-region hops blow that budget, so reach for edge compute and caching, not a distant region.

The banks succeeding with cloud are not going cloud-first - they are going business-outcome-first, and using cloud where it actually makes sense.

Was this useful?

Choose once.

Related Posts

View All Posts »
The broker pattern is older than the agentic-commerce headline

The broker pattern is older than the agentic-commerce headline

Stripe Shared Payment Tokens are the agentic-commerce headline, but anyone who ran a card tokenization rollout in 2014 recognizes the shape in five seconds. A scoped surrogate credential with a thin stable interface in front and brokered complexity behind is not new. Visa Token Service shipped it twelve years ago, and the architects who see the pattern early build the right systems instead of rebuilding every eighteen months.

Static payment routing could not handle the 2:47 AM wire

Static payment routing could not handle the 2:47 AM wire

A $2.3M wire hit the system at 2:47 AM on a Friday, the rule saw "large wire" and chose Fedwire, and Fedwire does not run weekends. The transaction waited until Monday. The fix is not a faster rule - it is routing that understands business context.

Consumer auth patterns fail the bank exam

Consumer auth patterns fail the bank exam

Authentication that works for web scraping becomes a compliance problem the moment an AI agent moves real money. Enterprise payment systems need certificate identity, scoped service accounts, and short-lived tokens - the things a banking examiner expects to see.

Tokenized money is a 2025 architecture problem, not a 2030 one

Tokenized money is a 2025 architecture problem, not a 2030 one

The BIS just blueprinted a tokenized unified ledger and JPMorgan put a deposit token on a public chain - in the same week. The hard part for banks was never the blockchain. It is retrofitting core banking to carry programmable money without a big-bang migration.