Secure Financial Reporting Solution for App Performance Analytics

In regulated financial services, data is both a strategic asset and a regulatory liability. Organisations need fast, reliable access to insights to compete, yet every additional layer of access increases the risk of overexposure, non-compliance, and operational complexity.

Most analytics solutions fail in this environment, not because of a lack of capability, but because they prioritise accessibility over control. Data is duplicated, permissions become difficult to manage, and auditability is treated as an afterthought rather than a foundation.

Mesoform was engaged by a regulated financial client to solve this challenge directly. The objective was to enable self-service analytics at scale, without compromising on security, compliance, or operational discipline.

The result is a modern analytics solution that allows business teams to move quickly and confidently, while ensuring sensitive financial and personal data remains tightly governed, fully traceable, and never unnecessarily exposed.

---

 

Vision

The regulated financial organisation set out to fundamentally redefine how internal teams interact with performance and financial data. The goal was not just to improve reporting, but to establish a long-term, governed analytics foundation capable of scaling with the business without introducing additional risk.

At its core, the vision was to deliver a solution that:

• Enables self-service access to trusted insights for traders, analysts, and marketing teams
• Maintains strict control over sensitive financial and personal data, ensuring it is never unnecessarily exposed or duplicated
• Embeds auditability and traceability into every stage of the data lifecycle
• Aligns with regulatory expectations around data minimisation, access control, and operational transparency

A key principle underpinning the design was intentional simplicity. Rather than defaulting to real-time architectures, the solution was deliberately built around controlled, batch-oriented data access. This ensured consistency, predictability, and cost efficiency, while still meeting business requirements.

This was not a reporting upgrade. It was a shift towards a security-first, compliance-aligned analytics model designed to support long-term, data-driven growth.

 

Scope

Operating within a regulated financial context introduced a set of constraints that shaped both the design and implementation approach.

 

Regulatory and compliance constraints

The organisation was subject to strict requirements governing the handling of financial data and personally identifiable information. This introduced several non-negotiable conditions:

• Sensitive data could not be freely replicated across systems
• Access needed to be tightly controlled and fully auditable
• Data flows had to be transparent, traceable, and justifiable

Any new solution needed to enforce these principles by design, rather than relying on downstream controls or manual governance.

 

Fragmented and inconsistent reporting landscape

Over time, reporting had become decentralised and difficult to manage:

• Teams relied heavily on manual SQL queries and ad hoc data exports
• Data was not easily accessible for non-technical teams

This resulted in both operational inefficiency and a lack of confidence in the data.

 

Security limitations in the legacy approach

The existing architecture exposed several critical risks:

• Direct interaction with production PostgreSQL systems increased the likelihood of overexposure of sensitive data
• There were no effective column-level access controls for analytics users
• Data extracts could be exported and shared without sufficient governance

This made it difficult to enforce least privilege access or demonstrate compliance during audits.

 

Operational and cost inefficiencies

While real-time data pipelines were considered, they introduced unnecessary complexity for the organisation’s actual needs:

• Streaming and CDC pipelines increased infrastructure and operational overhead
• The business primarily required daily reporting, not real-time insights

The requirement was clear: deliver a secure, governed, and cost-efficient analytics system that simplifies operations while meeting strict regulatory standards.

Solution & Implementation

To address these challenges, we designed and implemented a batch-oriented, federated analytics architecture using Google Cloud. The approach prioritised data minimisation, identity-driven security, and full infrastructure automation, ensuring governance was embedded at every level.

 

Federated data access with no replication

A central design decision was to avoid duplicating sensitive financial data into analytics systems.

Instead:

• Google BigQuery was configured to use federated queries to access Cloud SQL (PostgreSQL) directly
• Data was read from read-only replicas, dedicated for internal purposes, so as not to impact any production functions
• Queries were executed over secure connections, exposing only a predefined subset of non-sensitive fields such as transaction_id, revenue, region, and order_date
• Only the data required for reporting was synchronised, ensuring sensitive financial and personal information was excluded from the analytics layer
• The Mesoform engineering team implemented SQL-based obfuscation during synchronisation, masking selected values before they were made available for analysis
• This provided an additional layer of protection, ensuring that even if a field was unintentionally exposed, it would not contain usable sensitive information

By keeping source data within PostgreSQL and using BigQuery purely as a query and aggregation layer, the solution adhered strictly to data minimisation principles and significantly reduced compliance risk.

 

Identity-first security architecture

Security was enforced through an IAM-driven access model that significantly reduced the reliance on static credentials.

• Cloud SQL access was tightly controlled through restricted database users with read-only permissions
• Google BigQuery connections operated via dedicated service accounts mapped to those restricted users
• Permissions were carefully scoped to enforce least privilege access across both database and analytics layers
• Static credentials were limited to the BigQuery connector, reducing the number of usernames and passwords that needed to be created, managed, and rotated

This approach strengthened security, simplified credential management, and reduced the attack surface while maintaining compatibility with the underlying technology requirements.

 

Infrastructure as Code

We used a traditional Infrastructure as Code toolchain.

This introduced:

• Consistency across development, staging, and production environments
• Full auditability of configuration changes
• Controlled, repeatable deployment processes from development through to production
• Faster iteration using standard cloud SDKs for development and testing, with production deployments handled through declarative configuration

The solution was defined using a configuration as data model, implemented via Google Config Connector and supporting cloud SDKs. This covered BigQuery datasets, federated connections, scheduled query pipelines, IAM role bindings, and reporting tables.

This ensured the entire solution could be versioned, reviewed, and reliably reproduced, while keeping the deployment model aligned with operational and compliance requirements.

 

Controlled batch ingestion and transformation

Rather than introducing real-time complexity, the solution used a daily batch processing model:

• Scheduled queries executed MERGE operations into curated reporting tables
• Ingestion logic was designed to be idempotent, ensuring consistent results across repeated runs
• Duplicate records were prevented and historical data remained stable

This provided a reliable foundation for financial reporting, where consistency and accuracy are critical.

 

Database-level access controls

Security controls were enforced directly within BigQuery:

• IAM-mapped service accounts were granted restricted, read-only access
• Access was limited to curated datasets and authorised views, ensuring only approved fields were exposed
• Sensitive identifiers and personal data were excluded from analytics queries

This created a clear separation between operational systems and analytical consumption

 

Secure secret and credential management

Where credentials were required:

• High-entropy secrets were automatically generated and securely stored in Google Secret Manager.
• Secrets were never exposed in source code, logs, configuration files, or deployment pipelines.
• Applications and services consumed secrets through a zero-touch mechanism, eliminating the need for manual handling, distribution, or operational intervention.
• Secret access, usage, and rotation were fully traceable through auditable controls.
• User IDs were obfuscated using a randomised salt, ensuring that only the system could reproduce the transformation. While these identifiers were not considered highly sensitive, this additional control prevented predictability and reinforced a security-first approach.

This strengthened the organisation’s security posture, reduced operational risk through zero-touch secret management, and simplified ongoing administration and compliance activities.

 

Governed business intelligence layer

To make insights accessible to non-technical users while maintaining strong governance controls:

• Data Studio (previously known as Looker Studio) dashboards were built on curated BigQuery datasets, providing a user-friendly analytics experience without requiring direct access to underlying data platforms.
• Access was controlled through multiple layers of IAM, including Google Cloud IAM, BigQuery permissions, service account authentication, and dashboard-level sharing controls.
• This layered security model ensured users could only access the data and reports appropriate to their role, adding an additional governance boundary between business users and source datasets.
• Dashboards provided consistent, standardised views across revenue performance, regional trends, KPIs, application metrics, and operational reporting.
• Centralised dashboard management ensured that business users worked from trusted, governed datasets rather than creating disconnected reports or duplicating data.

This approach enabled self-service analytics while preserving security, governance, and data quality, allowing business users to explore insights confidently without compromising organisational controls.

 

Impact

The implementation delivered measurable improvements across security, compliance, operations, and business performance.

 

Security and regulatory alignment

• No sensitive financial or personal data exposed within the analytics layer

• Fully IAM-governed access model across all services

• Complete audit trail for data access, transformations, and infrastructure changes

 

Stronger data governance

• Strict enforcement of data minimisation principles

• Clear separation between production systems and reporting layers

• Improved trust in data through consistent, governed datasets

 

Operational efficiency and cost control

• Elimination of unnecessary real-time infrastructure

• Reduced compute and storage overhead through batch processing

• Simplified solution management using managed cloud services

 

Data reliability and consistency

• Idempotent ingestion ensured stable, duplication-free datasets

• Consistent historical reporting across all time periods

• Predictable outputs supporting financial accuracy

 

Business enablement

• Traders and marketing teams gained secure, self-service access to insights

• Faster, more confident decision-making based on trusted data

• Reduced dependency on engineering teams for reporting

• Standardised KPI definitions across departments

Outcome

The final platform represents a modern, secure, and compliance-aligned approach to analytics in regulated environments.

By combining federated data access, identity-first security, infrastructure-as-code, and governed reporting, we delivered a system that is:

• Secure by design, with no unnecessary exposure of sensitive data
• Audit-ready, with full traceability across all components
• Operationally efficient, avoiding unnecessary complexity
• Scalable and future-proof, supporting continued growth

This demonstrates that organisations can deliver powerful, self-service analytics capabilities without compromising the strict controls required in financial services.

 

---

Curious how to deliver self-service analytics without exposing sensitive data?
At Mesoform, we design secure, audit-ready platforms that give business teams access to trusted insights while keeping financial and personal data tightly controlled.

Speak to Mesoform → https://www.mesoform.com/