For many companies, getting products out the door faster is one of the main reasons to adopt DevOps. But speeding up software delivery is only one aspect of why companies should embrace an agile CI/CD approach. There are other things to take into consideration and, if you are a financial institution, the list can be even bigger.
I recently chatted with Ben Angell and Sanmat Jhanjhari of Nationwide Building Society as part of the virtual DevOps Enterprise Summit Europe. Ben leads the DevOps Engineering team and Sanmat is lead DevOps architect at the UK-based mutual financial institution, which is also the largest building society in the world.
Fast, but safe
Whilst increasing software delivery speed is a priority for many organisations, not compromising on safety, security and compliance is crucial, especially in the financial sector. Nationwide Building Society achieves both velocity and peace of mind by using the right tooling to embed compliance throughout the CI journey, by adopting DevOps methodologies and by working in an agile way. “The work we’re doing is about embedding further control in the way we operate but enabling us to go faster,” Ben said.
For Nationwide Building Society, the emphasis on safety, security and compliance does not come at the expense of innovating and investing in modern tools and solutions: “There is a perception, perhaps incorrectly, that if you have that low-risk appetite, it means you don’t want to be innovative or look at new tooling and new solutions,” Ben said. ”We are looking at some really interesting tooling solutions right now and we have a really exciting cloud strategy,” he added.
Justifying DevOps / ROI anyone?
Another reason for embracing an agile CI/CD approach is the need to prove business benefits. Sooner or later, the “bill comes on the table,” Ben told me, leaving the organization to face some basic financial questions, such as what is the ROI of the investment. Did the DevOps initiative make financial sense for the wider organization?
“The first two years were incredibly busy, but as the agile and DevOps appetite has grown, the awareness and questioning around the true business benefits have also grown.” Ben told me.
For Nationwide Building Society, the questioning around the business benefits of DevOps spurred a shift from a project-driven focus around speed to a value-based approach that validates a significant investment in DevOps.
Importance of metrics
One of the key lessons that Ben learned was to ensure his team has clear metrics to back up the DevOps investments, including the ability to measure the “before” and “after” results. “One of the most important things you can do when you’re building your DevOps strategy is to start to look at how you measure efficiencies.”
As you embark on a DevOps transformation, ask yourself: Why would the business want to sponsor this and how can I justify that support? “This is about understanding the metrics and the delta, therefore the improvement that you can demonstrate to justify the current investment and future investments.” It’s important to ask this question right from the beginning because understanding the requirements of the business helps with choosing the right tools and capabilities, which plays an essential role not just in achieving the desired results, but also in measuring them properly.
Gaining peace of mind
Sanmat shares his colleague’s approach to DevOps. “Going fast is one thing, but this cannot come at the expense of peace of mind,” Sanmat told me. “It’s quite easy to deploy fast but keeping it safe and secure – specifically in a regulated environment – can be quite challenging.”
That’s why his teams have embedded security, compliance and quality checks in their pipeline templates, guiding how their developers work. “There is a lot of work that we do to ensure those controls and risks are identified and are embedded within the pipeline itself,” Sanmat says. The key, he adds, is to identify the risks as early as possible in the development stage. It’s an approach his team calls “sooner and safer.”
As we wrapped up our chat at the DevOps Enterprise Summit, I asked Sanmat and Ben if they had any advice for anyone embarking on a DevOps transformation journey. “There’s lots of lessons learned,” Ben said. “Measuring your organisation’s efficiency before you even start the work” still remains the number-one lesson for Ben.
“Go back to basics,” Sanmat adds. “We often see an overemphasis on tooling. Don’t go to tooling first. Understand the capabilities that are missing and focus on that. Deliver in a product-centric way and align with your value stream teams.”
Thanks to Ben and Sanmat for a great chat and for sharing more about their efforts, strategy and key takeaways surrounding their DevOps transformation journey.
If you missed Sacha's talk with Nationwide Building Society at DevOps Enterprise Summit Europe, you can watch the recording here.