Continuous Delivery Vs Copious Regulation


Is it possible to deliver continous delivery in a finicancal services company?


Problem to solve


Why DevOps?

“Makes IT less awful”

Long version…

( What:
We amke sure our software is always potentially shippable throughout its entire lifecycle and that any build could potentially be released to users at the touch of a button using a fully automated process.

We can put the release schedule in the hands of the business rather than IS. Be this with a regular rhythm or on demand)

Because… Continues Delivery


“Who is watching?”
  • PCI
  • ICO
  • FCA (Every question is ‘are you doing this in the best interest of the customer?’)

Getting past the naysayers

  • DevOps and Continuous Delivery drive EXCELLENT behaviours from a regulatory, secuirty & compliance perspective
  • ‘Not EVERYTHING can go into the cloud’ – Select the battles (data/systems)…
  • “Our hardest problem is legacy contracts that state where data will be kept
  • "We are not allowed to do that…" FCA says different

Financial Conduct Authority (FCA)

FG 16/5 – Guidance for firms outsourcing to the ‘cloud’ and other third-party IT services, July 2016

No one ever got fired for buying…

“Companies have an implicit trust in Microsoft” – Been using them to help run our organisation for decades

Hybrid might be the answer

“Carve off the toxic data and keep it safe.”
Azure Stack, maybe…
Use local AWS or Microsoft

Open source vs paid

“Pay the extra for ‘supported’ free stuff" – Simply not worth the risk of not being supported with only in-house skills

Evidence of Segregation of Duties



Makes it easy to show who did what


(Restrict access by business need-to-know)


“FSA now happy”

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>