Commerzbank Automates Cloud Security with Google Cloud's Invisible Security Framework
Commerzbank, a leading German financial services company, eliminated manual security processes and reduced security task execution from hours to milliseconds by implementing an automated "invisible security" approach on Google Cloud.
Value Results Summary
Commerzbank, a leading German bank serving 28,000 corporate client groups and 11 million customers, faced a critical challenge in its cloud transformation: maintaining strict regulatory compliance and security standards while migrating to the cloud at scale. With a goal to run 85% of its decentralized applications in the cloud by 2024, the bank needed to automate time-consuming manual security processes that were consuming thousands of employee hours annually. The company partnered with Google Cloud to build security into the foundations of its cloud operations from day one, rather than treating it as an afterthought.
Commerzbank's Cyber Center of Excellence developed an innovative "invisible security" framework leveraging Google Cloud's native services, including BigQuery, Cloud Logging, Cloud Functions, Cloud Run, Cloud Pub/Sub, and Security Command Center. The four-step approach automatically provisions encryption keys, configures firewall settings, segregates applications and data, and encrypts all data at rest without requiring manual intervention from employees. When a developer creates a database or uploads data to Cloud Storage, security controls are applied automatically within milliseconds, ensuring compliance before the user can interact with the resource.
Since going live in September 2021, invisible security has delivered measurable impact across Commerzbank's operations. Tasks that previously took hours to days—including provisioning cryptographic keys, which required 1,800 manual interventions totaling multiple years of work—now execute automatically in milliseconds. The system has eliminated human error in security configurations while freeing employees from repetitive manual work, allowing teams to focus on business-critical initiatives instead of security maintenance. With hundreds of thousands of cloud assets now protected by the automated framework, Commerzbank has established industry standards that other financial institutions can reference for their own secure cloud transformations.
