Westpac will spend the next year deploying new “secure routers” to its 550 branches, with post-quantum cryptography preparations playing a part in its decision.
Westpac’s Wayne Bonnet on stage at Cisco Live.
General manager of secure network services Wayne Bonnet told Cisco Live in Melbourne that the bank is upgrading from Cisco 4000 series integrated services routers (ISRs) to 8200 series “secure routers”, which the vendor unveiled at its US conference in late June.
One of the marketing points for the 8000 series routers is that the processor can be programmed “to secure WAN transport in [the] post-quantum era.”
Bonnet said that all of the bank’s approximately 550 branches will be upgraded in FY26, with the rollout expected to take 12 months.
That will require personnel onsite “to connect the devices”, but initial configuration will be pushed to the devices automatically.
Once in place, ongoing updates to the devices will also be somewhat automated.
“We probably do around 1000 changes a month, and we currently track about 30 percent of those changes [as being] fully automated,” Bonnet said.
“Obviously, we want to take that a lot further in the future.”
Bonnet said the bank has a five-year asset life for its routers.
“We’ve always got to look ahead for that period to see what new developments are going to come out within that five years,” he said.
“From a security perspective, being aware of post-quantum cryptography’s been really important to us. I wouldn’t want to bet that someone’s not going to crack the quantum problem in the next five years.
“So when we made the decision with the devices and with Cisco, that was very front-of-mind and really key to it from a security perspective.”
Post-quantum cryptography is seen as necessary to defend against the security threat posed by future quantum computers – and Westpac is far from alone in factoring it into their current security and technology strategy.
Bonnet said that another factor in the router choice was creating a “unified branch approach” to networking technology,
“Something that our team raised when we were making the decision with what technology to go with was bringing together routing, switching and wi-fi as one ecosystem,” he said.
“The team was adamant that that needed to be provided through one vendor because that way we didn’t get fingerpointing at the branches.
“If we had a problem, it was very clear who we were working with to resolve it.”
Agentic AI in network operations
Also on the bank’s radar for the next 12 months is monitoring “new developments in agentic AI … to help with operations.”
“We have copious amounts of data from the observability platforms that we’ve got,” Bonnet said.
“We think that agentic AI is going to unlock how we use that data and how much value we get out of it.”
Bonnet said that the secure network services team he leads at Westpac has a remit covering “all connectivity for the bank, both domestically and internationally” as well as the bank’s “observability function” covering applications and infrastructure.
He described Westpac as a “heavy ThousandEyes user”. Cisco bought ThousandEyes back in 2020.
“We use that specifically on the WAN to monitor the overlay and the underlay,” he said.
“On many occasions, it has found or proven that we’ve had a carrier make a change, especially on the international network, to divert traffic through another location, which has increased latency.
“All we’ve seen before we’ve looked into ThousandEyes is the application performance decrease, so having that clear telemetry and visibility through ThousandEyes has been really helpful.”
Branch connectivity
Bonnet said that Westpac had recently completed an upgrade to branch network connectivity.
“Six years ago when I started in the role, we had a 10Mbps MPLS link [to the branches]. We probably used about half the bandwidth there,” he said.
“We then increased that to be dual carrier 100Mbps links over fibre with a 4G backup, and we thought, ‘That’s going to serve us forever’.
“We just increased all of those sites to 250Mbps dual carrier links, and [we’re] about to deploy 5G as a transport backup there as well.”
Bonnet said there are also plans to upgrade branches from wi-fi 6 to wi-fi 7 access points, although a timeline was not discussed.