“Shift left” is common in project life cycle management where the risks are mitigated early in the cycle by involving QA team early in the planning & development phase. In the IT support systems, shift left empowers support staffs with enough tools, processes & knowledge base so that the issues get resolved at a point closest to the customer. The purpose of this process is to create a leaner organization and increase customer satisfaction. DevOps is a continuous shift left that helps in high velocity product delivery and enhance the quality of the deliverables.
Why DevOps is crucial to Banking Sector?
a. Multi-channel delivery
Traditionally banks have been offering products & services that were physically distributed through branches/ATMs in a brick-and-mortar fashion. But with the rapid increase in the use of smartphones & tablets, the banks are challenged to transform their distribution channels and trend towards drive-to-digital. The study from eMarketer.com shows the distribution of banking channels used by various US Internet users. The distribution of banking channels increases the need for multi-channel interactions, a consistent UX across different channels like mobile/internet/TV banking, ATMs etc and an integrated channel to offer a seamless user experience. This in turn requires a transformation in the way the applications are developed & deployed, while adhering to high level of security & compliance. Now considering that each of the banking product is managed by a separate division with its own operations team, offering an integrated delivery channel is extremely difficult.
b. Security updates and hot fixes
It is not long since the outbreak of the Heart Bleed vulnerability. It not only impacted the websites but also the banking applications using OpenSSL technology. Hackers could impersonate the banking services and steal user credentials. Banking Applications using OpenSSL were patched. Similarly, Zero-day-attacks pose a serious risk to banking applications as the hackers take advantage of the time before the vulnerability is publicly announced and a patch is available & applied. In early Feb 2014, a zero-day-attack by name IE “Operations SnowMan” [ CVE-2014-0322] could steal banking credential if the user uses IE 9 or 10. DDoS (Distributed Denial-Of-Service) & Man in the browser (MitB) attacks are some of the other top vulnerabilities that can threaten the security of the banking applications. This urges the banks to test & release the hotfixes / patches at the earliest without breaking the existing functionalities and most often make live patches while the customers are still using the banking applications.
c. Regulatory and legislative pressures
US Patriot Act (Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001) has changed the way the banks identify their potential customers. All US banks and other oversees banks that have their correspondent account in US need to get certified under this act. As stated here the banks need to have teams & processes in place to ensure that it complies with these regulatory requirements. This mandates a risk management framework and a reporting mechanism. This increases process overheads, which inturn slow down innovation and product delivery.
DevOps to the rescue
DevOps philosophy is similar to Toyota’s Kanban / JIT (Just-In-Time) production. Banks are familiar with Agile & XP processes for product development, ITIL/ITSM for Operational efficiency, yet they are not JIT production ready. Let us pick the two major aspects that gear up the banks to be DevOps ready.
a. Organizational Structure in Banks
We all acknowledge the fact that there is a huge gap between R&D and IT Operations. But, bridging the gap between R&D & IT can be complex based on the magnitude of the size of the organization, geographical distribution, compliances and processes. In 2011, Citi bank initiated a multi-billion dollar project named “Project Rainbow” to consolidate its IT platforms across different product portfolios like mortgages, credit portfolios etc. The focus was to move away from product-centric strategy to a more customer centric strategy and improve communication between the teams. In similar terms, RBI [Reserve Bank of India] recommends aligning the IT Development, Quality Assurance & Operations. The above picture is a recommendation of the organizational structure by RBI. This greatly improves the collaboration within the teams and help them move towards a common goal.
Banking business processes are typically split as back office, mid office and front office processes. Back office processes are those that do not require direct customer interaction but involve a lot of data processing. Typically, banks have around 300 – 500 back office automation processes, some of them are repeatable and highly structured. These back office processes like HR management, administrative tasks & IT operations are good candidates for optimization and cost reduction. Mid office processes provide the necessary decision support system. Analytical reports, collaboration tools that foster communication and process unstructured data fall under this category. IT systems monitoring and reporting automation can identify the systems usage and reduce IT sprawls. Front office process are customer facing and requires constant up to date information from the mid and back office tools for quick response times. When these front, mid and back office processes are automated and integrated, it greatly increases the velocity of product delivery and increase customer satisfaction.
Success stories like Loyld, show that banks can reduce cost and operational complexity by automating server configurations and release automation. Automating software testing can greatly improve defect containment and testing efficiency. Thus the banks can make consistent software deliveries across multiple delivery channels, apply hot fixes quickly or accommodate new regulatory needs, once they are DevOps ready.