The constant talk of ‘seamless migration’ and ‘cloud first strategy’ can sometimes result in burnt out engineering teams and security risks nobody wants to look at. Iress, a leading tech company in financial services, decided to embark on decade long push to transform, accelerate, and above all, stay relevant. Technical debt, too many tools, and the shiny appeal of cloud might all get in the way of even the best intentioned, thought-through migration strategy.
When Iress first kicked off its migration, Principal Cloud Platform Engineer Craig Wilson was leading the charge.
“We just couldn’t keep up. New clients meant scrambling for hardware…sometimes waiting months just to get started,” stated Wilson.
That delay was more than just inconvenience; in a fintech world where speed and reliability are currency, it became a hinderance. The move to the cloud should have solved these problems. On paper, it did. But with so many cloud journeys, new bottlenecks emerged. While on-prem headaches dissipated, cloud management and security gaps took their place instead.
After managing custom infrastructure into AWS, Iress made a play for efficiency via JFrog’s SaaS platform. It would be the third time they tried to go all in. However, the first time not all features were ready. The second, budget axed the project. Only on the third go after the pain of self-hosted management became too much, Iress managed a full blown switch.
“This time, we completed migration in two months, and shut down the old environment in five,” Craig shared.
But ease came with new trade offs. All the so-called “time-saved” managing infrastructure? As Craig quietly revealed, “We started spending that time on new issues: tooling gaps, patching security holes, dealing with SaaS limitations.”
Iress trying to match customer and market demands embraced agile, DevOps, and the whimsical dream of same day production releases. But every step towards velocity was met with new roadblocks, compliance, vulnerabilities, and the roadmap for DevSecOps maturity.
“I’ll get asked for example…‘Can we deploy to production today?’ Sure, if you want to skip tests, skip compliance, skip security checks.” Craig’s not being glib; this is the real risk.
Companies want velocity but rarely see the invisible cost of going faster.
“You either build the right gates, or you fly blind. Sooner or later, something breaks,” added Wilson.
In regulated environments, speed without oversight isn’t an innovation strategy, it can become a big problem and an even bigger one with the regulators on your back.
Vendors are claiming the ‘single pane of glass’ but for Iress, the view is fractured. Tool sprawl isn’t a side effect; it’s the reality.
“Every new hire pushes their favourite tool, and suddenly we’re running three secret scanners and drowning in alerts,” Craig explained.
Worse, procurement and licensing cycles mean obsolescence is built in. Teams compromise, picking whatever bundles best with what they already own, even if it leaves critical blind spots. Like the rest of the industry, Iress feels the pressure to deploy AI everywhere, from coding copilots to operational agents. The desire isn’t just FOMO, it’s survival. But as Wilson warned, there’s a growing concern between what’s possible and what’s safe.
“Some say, ‘Let the agents handle everything.’ But who will check if the agent makes the right call? That’s how data leaks and access disasters happen,” continued Wilson.
Tools and platforms promise independence, but with every additional automation comes the chance of losing sight of what it means. The line between innovation and the next incident is still to be discovered.
“You want to go faster, but every layer adds risk, friction, and cost. Simplify, if you can. But don’t fool yourself… nobody gets to escape trade offs.”
Tools help, but processes and proper risk management matter more.
