☁️ Now available · Production-ready

Bring Your Own Cloud.
Keep your control of destiny.

Run Moroku's digital banking platform inside your own AWS or Azure account. Your data stays in your VPC, your bills come direct from your hyperscaler, and you keep the autonomy that matters most for CPS 230, data sovereignty, and operational resilience — without giving up the cadence of a managed SaaS.

Talk to our team See the deployment options
Why banks choose BYOC

The reasons your board has been asking about it

BYOC isn't a checkbox — it's a strategic decision about where your platform lives, who controls it, and what it takes to evidence that to your regulator.

🛡️

Data sovereignty by design

Your customer data never leaves your cloud account. Encryption keys stay yours. Access policies are yours to define and audit. The vendor never holds the keys to your kingdom.

📋

CPS 230 alignment

APRA's Prudential Standard for Operational Risk Management asks regulated banks to evidence continuous oversight of every material service provider. Running your platform in your cloud is the most direct way to demonstrate that.

🔐

Control of destiny

If your contract ever has to end — or your vendor ever has to change — you keep the infrastructure, the data, and the operational continuity. No black-box transition. No "vendor will hold our deposits" moment.

💼

Cloud commitments at work

Most banks already have AWS or Azure spend commitments. BYOC turns that committed spend into platform infrastructure rather than dual-paying for vendor-hosted SaaS on top of underused capacity.

🔍

Audit reach

Internal audit, external audit, and regulator inspections all get direct visibility into the environment. No vendor reports to wait for. No quarter-end PDFs that are stale on arrival.

⚙️

Existing tooling preserved

Your SIEM, your observability stack, your alerting, your IAM — they all keep working. Moroku integrates into your operational ecosystem rather than asking you to maintain a parallel one.

Three deployment paths

Choose the cloud configuration that fits your posture

Moroku supports three deployment models. Each delivers the same banking platform — Money, Flow, Odyssey — and the same Cockpit observability surface. The difference is who runs the underlying infrastructure.

A

Moroku-Managed SaaS

Moroku operates the platform on AWS in our standard multi-tenant deployment.

  • Lowest unit cost · multi-tenant economics
  • Fastest time to live · weeks, not quarters
  • No cloud account required from the customer
  • Full Cockpit observability included
  • Best for credit unions and challenger banks moving quickly
Typical fit
Speed to market · standard regulatory posture
Bring Your Own Cloud
B

BYOC · Your AWS Account

Moroku deployed into your AWS account. Cross-account IAM. Your data, your bill, your VPC.

  • Customer-owned VPC · data never leaves your account
  • Customer-managed encryption keys (BYOK / KMS)
  • AWS infrastructure billed direct to you
  • Moroku operates under managed-service agreement
  • Auditor and regulator see the environment directly
  • Full Cockpit observability included
Typical fit
Regulated banks · CPS 230 critical operations
C

Azure-Native Deployment

Moroku replatformed onto Azure for institutions standardised on Microsoft cloud.

  • Single-cloud profile for institutions on Azure
  • Entra External ID for customer identity
  • Azure infrastructure billed direct to you
  • Moroku operates the deployment
  • Full Cockpit observability included
  • Best when paired with Azure-hosted core banking
Typical fit
Microsoft-aligned institutions · co-located core
How it works

From signed contract to production, in four phases

Each phase is a defined deliverable with defined acceptance. No black-box implementation, no surprise scope.

1

Landing zone design

Joint design session: account structure, network topology, IAM trust boundaries, KMS key strategy. We deliver a Terraform-backed reference architecture for your environment.

2

Provisioning

Your team runs the Terraform; Moroku validates. VPCs, subnets, KMS keys, IAM roles, observability hooks — all provisioned in your account, owned by you.

3

Platform deployment

Moroku deploys Money, Flow, Odyssey, and the Cockpit observability surface into your provisioned environment. CI/CD pipelines wired to your account.

4

Hypercare & handover

Six weeks of elevated SLA support post go-live. Direct Slack channel. Fortnightly showcases. Steady-state operational responsibilities transition cleanly.

Shared responsibility

Who does what, in plain English

BYOC introduces a shared responsibility model. We make it explicit up front so there are no ambiguities at audit time.

Area Moroku You AWS / Azure
Application code & releases Owns
Cloud account & billing Owns
Encryption keys (BYOK) Owns
Network configuration Co-design Provides
Platform operations Operates
Hyperscaler infrastructure Operates
Identity & SSO Owns
Audit log access Writes Owns
Incident response Leads Engages
Regulator notifications Owns
Cockpit ALPHA · GA OCT 2026

Cockpit ships with every BYOC deployment.

BYOC gives your team the cloud account. Cockpit gives them the live operational picture inside it — and across every other material service provider on your CPS 230 register. One console for releases, security posture, audit log, and ticket SLAs. Bank-controlled access via your SSO.

  • Real-time platform health for every component running in your cloud account
  • Continuous CPS 230 evidence — material service provider register, exit playbook, BYOK posture, audit log
  • Connector framework for every other vendor on your register: core banking, payments, KYC, Open Banking, GL, document generation
  • Two-way Jira sync with live SLA clocks on every ticket — bug reports, change requests, RCA links
Request alpha access
Uptime · 90 days
99.987%
↑ within tolerance
Tickets within SLA
14 / 14
↑ 30-day rolling
Avg response
1h 47m
Premium support
Critical incidents
0
↑ 90-day window
Honest guidance

When BYOC is the right call — and when it isn't

BYOC is a real commitment. We'd rather tell you upfront when it doesn't pay back, even if it costs us the deal.

Good fit

BYOC will pay back when…

  • You operate as an APRA-regulated ADI with material service provider obligations
  • Your board or risk function has explicitly raised data sovereignty concerns
  • You have existing AWS or Azure spend commitments to leverage
  • Your security team requires direct access to logs, network flows, and KMS
  • You've previously been burned by vendor opacity — and the board remembers
  • You want auditors and regulators inspecting the actual environment, not vendor reports
Rethink

Stay with managed SaaS when…

  • You're a credit union or challenger optimising for time-to-market over autonomy
  • Your platform team is small and stretched, and operational burden is a real constraint
  • Your CPS 230 obligations are satisfied through Moroku's standard observability surface
  • You don't yet have the cloud cost commitments to absorb infrastructure billed direct
  • You'd rather move quickly now and revisit cloud ownership at contract renewal
APRA CPS 230 · Operational Risk Management

BYOC is one of the cleanest ways to evidence material service provider oversight.

Under CPS 230, every regulated bank must demonstrate continuous oversight of the providers behind its critical operations. Running your digital banking platform inside your own cloud account simplifies that evidence: your auditor can inspect the environment directly, your SIEM ingests the log streams natively, and your incident response team operates inside familiar tooling. BYOC isn't the only path to compliance — Moroku's managed SaaS satisfies the standard too, via the Cockpit observability surface — but for institutions where the board has explicitly asked for cloud control, BYOC is the most direct answer.

Frequently asked questions

The questions every CIO asks

Is BYOC available in production today?
Yes. BYOC is a generally-available deployment model for Moroku Money, Flow, and Odyssey. Cockpit, the observability surface that ships with every BYOC deployment, is currently in alpha with general availability targeted for October 2026. Existing BYOC customers receive Cockpit at GA at no additional charge for the Moroku-source observability surface; third-party connectors are licensed per source.
Does BYOC cost more than managed SaaS?
Yes — typically by a meaningful margin across a five-year term. The cloud infrastructure that Moroku absorbs into managed SaaS pricing moves to the customer's account directly, and the operational cost of running a single-tenant deployment (bespoke pipelines, dedicated observability, reduced multi-tenant leverage) adds back at least as much. We price BYOC honestly: a modest monthly uplift relative to SaaS, plus your hyperscaler bill direct, plus a one-off setup. We can walk you through the five-year TCO comparison in a discovery call.
How long does BYOC deployment take?
From signed contract to production go-live, typically 4–6 weeks longer than our standard managed SaaS deployment. The additional time is in landing zone design, account provisioning, and IAM trust establishment. We provide Terraform reference architectures and run the design phase as a joint workshop with your platform team.
Can we move from managed SaaS to BYOC later?
Yes. Cockpit's exit-rights framework specifically preserves the option to migrate from managed SaaS into a BYOC arrangement at any point during the contract. We've designed the data, key, and configuration export flows for this case. Many customers start on managed SaaS to move quickly and revisit BYOC at contract renewal once cloud commitments and platform team capacity are in place.
Which hyperscalers are supported?
BYOC is generally available on AWS today. Azure is supported as a deliberate replatform — paths and timelines vary by institution. We do not currently support Google Cloud, but if it's on your roadmap we're happy to discuss it.
What happens at contract end?
You keep the AWS or Azure account, your data, your encryption keys, your audit log, and your operational configuration. The Moroku application code and proprietary services come down on a documented runbook. Cockpit's exit-rights framework formalises the transition with defined deliverables and a tested playbook — not a "we'll figure it out at the time" promise.
Who's responsible if something breaks at 3am?
Moroku owns platform operations under managed-service agreement, even in a BYOC deployment. Our operations team monitors via Datadog and CloudWatch, with auto-escalation to a duty engineer. Your team gets visibility through Cockpit and notifications via your nominated channels (Slack, email, phone). The shared responsibility model is documented above and codified contractually.
How do you ensure isolation between Moroku's access and our data?
Cross-account IAM with explicit, time-bounded access patterns. Moroku does not hold your encryption keys — KMS is yours. Privileged access requires Just-In-Time elevation, every action is logged to your audit log, and the elevation itself surfaces in Cockpit. We can walk you through the trust policy in detail during procurement.

Ready to talk about your cloud posture?

A 45-minute discovery call walks through your CPS 230 obligations, existing cloud commitments, platform team capacity, and which deployment path fits. No pitch deck, no preconceived answer — just a genuine assessment of whether BYOC pays back for your institution.

Book a discovery call See how we run support
Set an appointment