Public production architecture teardown

Bank Hapoalim — federated lakehouse on Trino/Starburst

Israel's largest bank migrated off Hive onto Starburst (Trino) over a Hadoop-based data lake — federated SQL access that leaves data where it lives. The published case is analytics-and-cost-led; its security relevance is the governance layer: granular federated access controls for cross-border data-residency rules, and ML models for near-real-time AML monitoring built on the federated data.

The pipeline

1. Sources

   Disparate regulated data

   Legacy systems + data lake; cross-border / data-residency constraints

2. →

3. Store

   Hadoop data lake

   Data stays where it lives; no forced centralization

4. →

5. Query

   Starburst (Trino)

   Federated ANSI SQL; SAS / Qlik integration for analysts

6. →

7. Govern

   Granular access controls

   Enforce international data-residency rules at query time

8. →

9. Apply

   Near-real-time AML monitoring

   ML models on the federated data for anti-money-laundering

What composes, what’s brittle

• Why federation. Cross-border data-residency rules make leave-it-in-place access the security-relevant choice.
• Security angle. Access governance + AML monitoring — compliance / financial-crime, not threat-detection telemetry.
• What's published. Analytics and cost outcomes; no security metrics are disclosed in the case.
• Why it's here. A named regulated-finance federated-lakehouse pattern — the access-governance lesson generalizes.
• Honest scope. Thinner on security than the other teardowns; included as a governance / data-residency reference, not a SOC build.
• Engine. Trino via Starburst — ANSI SQL keeps query logic portable.

Sources: Starburst case study, "Bank Hapoalim" (starburst.io) · Starburst / Trino federated-access and AML-monitoring coverage.