Continuous Delivery Vs Copious Regulation

IanWatson.jpg
https://uk.linkedin.com/in/ian-watson-75267112
Ian.Watson@callcredit.co.uk

Is it possible to deliver continous delivery in a finicancal services company?

MAYBE…

Problem to solve

Worked-Fine-In-Dev-Ops-Problem-Now.jpg

Why DevOps?

“Makes IT less awful”

Long version…

( What:
We amke sure our software is always potentially shippable throughout its entire lifecycle and that any build could potentially be released to users at the touch of a button using a fully automated process.

Why:
We can put the release schedule in the hands of the business rather than IS. Be this with a regular rhythm or on demand)

Because… Continues Delivery

BIG CHALLENGE

“Who is watching?”
  • PCI
  • ICO
  • FCA (Every question is ‘are you doing this in the best interest of the customer?’)

Getting past the naysayers

  • DevOps and Continuous Delivery drive EXCELLENT behaviours from a regulatory, secuirty & compliance perspective
  • ‘Not EVERYTHING can go into the cloud’ – Select the battles (data/systems)…
  • “Our hardest problem is legacy contracts that state where data will be kept
  • "We are not allowed to do that…" FCA says different

Financial Conduct Authority (FCA)

Nocloud.png
FG 16/5 – Guidance for firms outsourcing to the ‘cloud’ and other third-party IT services, July 2016

No one ever got fired for buying…

“Companies have an implicit trust in Microsoft” – Been using them to help run our organisation for decades

Hybrid might be the answer

“Carve off the toxic data and keep it safe.”
Azure Stack, maybe… https://azure.microsoft.com/en-gb/overview/azure-stack/
Use local AWS or Microsoft

Open source vs paid

“Pay the extra for ‘supported’ free stuff" – Simply not worth the risk of not being supported with only in-house skills

Evidence of Segregation of Duties

SoD.png

Traceability

Makes it easy to show who did what

Security

(Restrict access by business need-to-know)

Auditability

“FSA now happy”

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>