12 weeks post-migration support complete · Melbourne data center lease decommissioned · Client 5-person IT team fully trained on cloud operations & anomaly detection dashboard
Who we worked with
An Australian financial services firm managing $2.1B in client assets, running its core trading and portfolio management platform on a 12-year-old .NET Framework 4.5 application hosted across 14 on-premise Windows Server 2012 machines in a leased data center in Melbourne.
Infrastructure maintenance was consuming $620K/year, the system could only process 340 transactions per second before queuing, and deploying a new feature took 6–8 weeks. The firm had failed an internal PCI DSS audit 3 months before engaging us — with 11 critical findings and a 6-month window to remediate before facing potential regulatory action.
| Metric | Before | After | Change |
|---|---|---|---|
| Infrastructure cost | $620K/year (data center + hardware) | $340K/year (cloud) | 45% reduction |
| Transaction processing capacity | 340 TPS | 2,800 TPS | 8× increase |
| Feature deployment cycle | 6–8 weeks (manual) | 5 days (automated) | 85% faster |
| PCI DSS compliance | Failed internal audit (11 findings) | Full compliance (certified) | Audit-ready |
| System uptime | 97.2% monthly average | 99.95% | Near-zero downtime |
| Fraud detection time | ~4 hours (manual review) | 12 minutes (AI-flagged) | 95% faster |
A failed audit, aging servers, and a deployment gridlock
A 12-year-old .NET monolith on 14 Windows Server 2012 machines, a failed PCI DSS audit, and a deployment cycle so slow that competitors were shipping weekly while this firm waited months.
Crippling Infrastructure Costs
The firm was spending $620K/year on their Melbourne data center: $280K in rack space and power, $190K in hardware maintenance (several servers past end-of-life), and $150K in dedicated IT staff. Two servers had experienced hardware failures in the prior 18 months, each causing 6+ hours of downtime requiring emergency weekend maintenance.
$620K/year · 2 hardware failures in 18 monthsTransaction Processing Bottleneck
The legacy .NET application maxed out at 340 TPS. During market open (10:00 AM AEST) and quarterly rebalancing periods, the queue backed up significantly — portfolio managers reported 15–30 second delays on trade confirmations. The firm estimated $180K/year in delayed execution costs and missed market windows.
340 TPS ceiling · 15–30s trade confirmation delaysFailed PCI DSS Audit
An internal audit flagged 11 critical findings: unencrypted data at rest on 6 servers, shared admin credentials across the infrastructure team, no automated patch management (3 servers running unpatched Windows Server 2012 with known CVEs), and no intrusion detection system. The compliance team had 6 months to remediate before a potential regulatory action.
11 critical PCI DSS findings · CVEs unpatchedFeature Deployment Gridlock
Even a minor UI update required a 6–8 week cycle: 2 weeks of manual QA, 1 week of change advisory board review, and a scheduled weekend deployment window with 2 engineers on-site. The product team had a backlog of 34 features and bug fixes waiting. Competitors were shipping updates weekly.
34-item backlog · 6–8 week deploy cyclesFive phases, security first, zero transaction loss
A 32-week structured delivery — security-first assessment through full cutover — with a strangler fig migration pattern so the legacy system handled production traffic while each microservice was migrated one at a time.
Security Assessment
Wks 1–4Cloud & Security Foundation
Wks 4–12App Decomposition & Migration
Wks 8–24AI Anomaly Detection
Wks 18–28CI/CD & Cutover
Wks 24–32- Legacy Health Score™ assessment — scored 41/50 (Critical); prioritized security remediation alongside the migration plan; documented all 11 PCI DSS findings with a remediation timeline
- Built AWS environment with security as the foundation: VPC with private subnets, AWS WAF, GuardDuty for threat detection, KMS for encryption key management
- Implemented zero-trust architecture: every service-to-service call authenticated via mTLS, AES-256 at rest, TLS 1.3 in transit, least-privilege IAM policies
- Set up Azure as warm disaster recovery site with automated failover; passed interim PCI DSS compliance review at week 12
- Decomposed the .NET Framework 4.5 monolith into 8 microservices rebuilt in .NET 8 on ECS Fargate containers using a strangler fig pattern — one service at a time
- Migrated SQL Server to Amazon RDS PostgreSQL with parallel-run validation period — moved 7 years of transaction history (12.6M records), 48K client accounts, and 890GB of document storage
- Zero data loss across the full migration; legacy system continued handling production traffic throughout
- Built real-time transaction monitoring model using Amazon SageMaker, trained on 3 years of historical data (14.2M transactions) — identifies unauthorized trading, account takeover, and unusual volume spikes
- When flagged, system creates an alert with a risk score and routes it to the compliance team's dashboard within 12 minutes — down from 4-hour manual reviews
- During the 4-week pilot, the system identified 23 genuinely suspicious transactions that had previously gone undetected for 24–72 hours
- Built automated pipeline: GitHub → build → Snyk + SonarQube security scan → compliance check → staging → blue-green production switch with compliance approval gates
- Executed final cutover over a weekend with zero transaction loss and 23 minutes of planned maintenance window
- Decommissioned the Melbourne data center lease (90-day notice period); redeployed 2 of 3 dedicated infrastructure staff to cloud operations
- Trained the client's 5-person IT team on cloud operations, the CI/CD pipeline, and the anomaly detection dashboard
Real-time transaction monitoring — no in-house ML team required
14.2M transactions · 48K+ active accounts
4h manual review → 12 min AI-flagged (95% faster)
Every choice made for financial-grade security at scale
| Technology | Role | Why This Choice |
|---|---|---|
| AWS (ECS Fargate, RDS, S3, KMS) | Primary cloud infrastructure | Financial-grade security; Sydney region for data residency requirements |
| Microsoft Azure | Disaster recovery | Warm DR site with automated failover; Melbourne region for geographic redundancy |
| .NET 8 | Microservices backend | Natural upgrade path from .NET Framework 4.5; team familiarity accelerated delivery |
| PostgreSQL (RDS Multi-AZ) | Primary database | ACID compliance for financial transactions; Multi-AZ for high availability |
| Amazon SageMaker | AI anomaly detection | Managed ML for real-time transaction monitoring at 48K+ daily transactions |
| AWS IAM + GuardDuty + WAF | Security layer | Zero-trust architecture; automated threat detection and intrusion prevention |
| Snyk + SonarQube | Security scanning | Automated vulnerability detection embedded directly in the CI/CD pipeline |
| GitHub Actions + Docker + ECR | CI/CD pipeline | Automated deployments with compliance gates and blue-green switching |
| CloudWatch + PagerDuty | Monitoring & alerting | Real-time performance and security monitoring with automated incident escalation |
| Terraform | Infrastructure as Code | Reproducible, version-controlled infrastructure across both AWS and Azure |
Results that transformed the firm
Across cost, compliance, performance, and security — all delivered in 32 weeks with zero transaction loss during migration and full PCI DSS certification for the first time in 3 years.
Reduction
Capacity
Prevented (Q1)
Post-Migration
7 engineers, security-first delivery
A specialist team covering cloud architecture, .NET backend, security & compliance, DevOps, data engineering, and quality — with post-migration client training and data center decommissioning built into the engagement.
Cloud Architect
Legacy Health Score™ assessment, multi-cloud architecture (AWS primary + Azure DR), zero-trust security design
Backend Developer × 2
.NET 8 microservices, .NET Framework 4.5 → .NET 8 upgrade, strangler fig migration pattern execution
Security Specialist
PCI DSS and GDPR remediation, AWS IAM + GuardDuty + WAF, zero-trust mTLS implementation, Snyk + SonarQube integration
DevOps Engineer
ECS Fargate, Terraform IaC, GitHub Actions CI/CD with compliance gates, CloudWatch + PagerDuty monitoring
Data Engineer
12.6M transaction records migration, 890GB document storage migration, SQL Server → RDS PostgreSQL with zero data loss
QA Engineer + 32-Week Delivery
End-to-end transaction validation · 23-min planned maintenance cutover · Zero transaction loss · 5-person client team fully trained
What the client said
"We'd been putting off this migration for 3 years because every vendor we talked to couldn't answer the compliance question satisfactorily. I-Verve led with security from day one — they addressed our PCI DSS findings before we even started the migration. The AI fraud detection was a bonus we didn't expect to be this impactful. Our compliance team went from dreading audits to actually looking forward to showing off the new infrastructure."
Let’s bring your idea to life
Your innovative idea deserves a team that can bring it to life. Reach out to us today to discuss your project, and we’ll work with you every step of the way.