08 Jul Ways DevSecOps is keeping SaaS safe for customers
Have you seen the commercial where a couple decides they need a new backyard pool? Within minutes of using an app to apply for financing, scrolling through different models on their smartphone, and adding a little Super Saver Shipping magic, a new INTEX 12 x 24-foot Ultra Frame Rectangular Above-Ground pool appears in a dramatic puff of smoke. Water toys and playful children included. Pretty cool and so easy, right?
If you follow fintech, you know that the biggest, most innovative changes in banking, credit, and other financial services often fit (quite literally) in the palm of your hand. And it’s attracting an expanding and diversely competitive pool among organizations promoting these services.
“So non-financial services organizations are starting to move into the financial services. Amazon, for example, with pay over time models, and Walmart actually staring its own credit card,” said Brian Buckley Smith, director of strategy at Simplus, and host of a recent webinar with guests Andrew Davis, senior director of research and innovation at Copado, and Demetrius Malbrough, director of technical evangelism at Ownbackup.
Together, they discussed how firms can master DevSecOps (development, security, and operations) to minimize the risks associated with security and data privacy for customers amid the rise of mobile growth in financial technology and realize faster time-to-value.
With increasing SaaS services— for instance, around 200 million people do their banking online— strategic data security must be the focus at each stage of app development. When companies reach out for digital transformation with DevSecOps processes, companies can feel better knowing that security measures have been integrated to protect the overall environment and data so that they can focus on business growth. Here’s how:
Develop systems security from the inside out
As more companies hope to expand the customer experience by venturing into the financial services space–companies often choose convenience over data security. And that can have disastrous albeit preventable results.
“They understand their data in this system, and they understand the data in that system. But they don’t have the big picture throughout the enterprise as the data are moving through the system,” Smith added. “Where are the holes? Where are the gaps? Where could things go wrong? And they’re trying to strike that balance of making sure that our data are secure, being moved throughout the enterprise in an efficient manner, and that the data are being presented are actually usable to the business and to their clients,” Smith said.
If you’re looking to upgrade your IT systems, Copado’s Andrew Davis says there are two qualities and characteristics to look for. “The first is that you’re looking for something that’s fast or faster than what you’re currently offering. And when you think about fast, you think about the system that you’re running, but also in terms of the development process,” explains Davis. “But really what we’re looking for is this balance of safe and fast, and so when we’re talking about DevOps, we’re talking about a way of orchestrating the flow of changes between development testing and production environments as well.”
Davis added that at Copado, security is priority during the development process. “We’ve started to move to separate development testing and production environments. We use this to introduce the concept of DevOps because this is really where it emerges from the wish to approach the development and creation of new systems in a way that is safe.”
Understand CRM’s role in operational efficiency
CRM is really driving the need for governance and operational efficiency. “We have to balance security with the ability to get changes implemented quickly, or make changes to datasets in response to a fast-moving business environment, right,” Smith says. “Competition is heavy and business processes are changing. Changing trends are happening, and businesses need to be able to respond to those in order to stay competitive, and they want this combination of ‘get it to me really fast and make sure it’s really secure.’”
Develop a plan
You need a plan, advised Demetrius Malbrough of OwnBackup. “Without a plan, disciplined approaches for testing and delivery, and keeping these safeguards in place for you to also be able to quickly recover your data in the event of a data loss or corruption event, is going to be important to make sure that you have that business recovery strategy.”
He added that “As you are moving through this development stage at this DevSecOps lifecycle approach, make sure that you have the appropriate ability built in, in case business disruption happens.”
As more companies turn to SaaS to deliver better customer experiences, companies like Simplus, Copado, and OwnBackup see this as an opportunity to remediate some of the security risks that may be inherent within the environment and address some of the operational challenges organizations face with protecting data. Before you offer online services as a way to grow your business, a data security-focused DevSecOps model will ensure a satisfying and secure experience for you and your customers.