Safeguarding data sovereignty with a robust, secure, and reliable hybrid cloud

A government department  | Government

Business opportunity

To fuel world-class innovation and provide citizens with valuable new services faster, at lower cost, one high-growth, tech-forward country is aspiring to an AI-native future. A deep understanding of what it takes to enable generative and agentic AI at scale led them to prioritize a crucial first step — an agile, flexible cloud infrastructure. All government ministries were encouraged to quickly pursue migration to public cloud.

The ministry of urban affairs was one of the first to embrace the opportunity. However, the leaders were concerned about privacy and security risks, given that they held volumes of sensitive data, including citizens’ names, addresses, personal details, and eligibility for public housing.

Mature programmer, tablet and stylus with report, overtime work or project email review. Web design, night or update thinking for man, cloud computing and agency research or online communication.

Technical challenge

The Ministry was running the majority of its core systems in a containerized environment on Red Hat OpenShift. For security purposes, these Kubernetes clusters were in an isolated, air-gapped on-premises environment, and the lack of direct internet access added complexity to management, maintenance and ongoing software upgrades.

Targeting smoother upgrades, higher availability and more consistent performance, they needed a partner to help with migration to a Kubernetes platform. IT leaders identified Amazon EKS Anywhere as a potential replacement for Red Hat OpenShift and a steppingstone to cloud. Making these technology changes would allow them to standardize on AWS-native Kubernetes, simplify operations, and integrate more easily with AWS services — but they lacked internal knowledge of the solution.

 

Our solution

Together, the Ministry and Kyndryl migrated from OpenShift to Amazon EKS Anywhere — an on-premises solution for simple management and operation of Kubernetes clusters.

After successfully running on EKS Anywhere for six months, the Ministry took Kyndryl’s recommendation to migrate to Amazon EKS Hybrid Nodes. This solution makes the control plane —the brain of the Kubernetes platform — a managed service on AWS, significantly reducing the administrative burden for the Ministry. The Ministry’s worker nodes — and the sensitive data they contain — remain on-premises, simplifying compliance.

As the Ministry migrates workloads to the public cloud, the most critical will go on EKS Hybrid Nodes, leaving almost zero on-premises infrastructure.

Kyndryl also streamlined operations for the Ministry’s IT team with a comprehensive GitOps CI/CD pipeline using ArgoCD. This enables the automated management of infrastructure and application updates, helping ensure that changes are consistently applied across all environments.

The joint team took an infrastructure-as-code (IaC) approach to the on-premises infrastructure, using Terraform to automate provisioning and management to ensure consistency and repeatability. This IaC approach also accelerates deployments, facilitates version control, and provides an auditable foundation for future expansions.

 

Want to know how to sharpen your AI strategy?

Take the AI assessment

The power of partnership

Kyndryl worked closely with AWS Partner Solutions Architects to ensure conformance to AWS best practices, helping to create a secure and robust solution for the Ministry. Aligning their platform with the AWS ecosystem will help reduce future migration complexity and enable hybrid cloud operations.

What progress looks like

Kyndryl helped the Ministry confidently adopt a hybrid Kubernetes platform that spans on-premises infrastructure and public cloud. The combination of EKS Hybrid Nodes, Terraform, GitOps and Kyndryl's expertise has given them a robust, secure, easy-to-maintain platform that ensures data sovereignty. Results include:

20%

lower support costs

35%

reduction in on-premises administration effort

99.95%

availability for critical services, a 25% improvement

faster implementation of new services

By moving from OpenShift to EKS Anywhere / EKS Hybrid Nodes, the Ministry gains:

  • Operational consistency with AWS EKS used in the public cloud
  • Native integration with AWS services for Identity and Access Management (IAM), observability, security and networking
  • A simpler migration path to the AWS ecosystem in the future

Need a digital version of this story?

Download pdf

Meet the team

Ido Vapner

CTO and Head of Alliances for Central Eastern Europe & Eastern Mediterranean
Kyndryl

Yogev Safrani

Director of Delivery
Kyndryl

What’s your next digital business challenge? Let’s tackle it together.

Talk to an expert

More IT modernization stories

Arizona Department of Transportation

Arizona Department of Transportation dramatically reduces average time of customer visits to Motor Vehicle Division offices with self-service options on a fast network connecting to cloud-based systems.
Learn more

Automotive Manufacturer

A leading automotive manufacturer's move to public cloud improved systems availability, observability and customer satisfaction.
Learn more

Schneider Electric

Schneider Electric is migrating to Amazon Web Services (AWS) to support their IT modernization effort.
Learn more