How DevOps is shaping Financial Services #4: The rise of cybersecurity

In this series of blog posts, we speak with database professionals from financial services organizations around the world to better understand how DevOps is shaping the sector. On the way, we dig into key current factors including the rise of technology upstarts in fintech and insurtech, the speed of digital transformation, and the ever-increasing threat of cyberattacks.

In the final edition, we speak with Angela Tidwell, Manager of DevOps Engineering at Jack Henry™, a technology provider ​serving community and regional financial institutions in the U.S. with a wide offering of capabilities.

Can you tell us a little about your background in Financial Services?

I joined Jack Henry as a Solutions Architect just over three years ago. Working in the legal sector, I had a great deal to learn about financial services. There are a lot of similarities as far as the primary information that you have to keep, but it was also very different. Dealing with federal compliance mandates was definitely something new. Learning how to protect data on a larger scale and follow those mandates to protect the data, the clients, and their money is obviously really important.

As a Solutions Architect within the Site Reliability Engineering Team, I began researching new ways to automate the work we do to remove the daily toil.

One of the things we had to do manually was deployments – not only database deployments, but also Windows services deployments that we create in-house. So, I went out to find a solution and discovered that, with Octopus Deploy and Redgate, we can automate a lot of our deployments and still have the ability to see the changes. In addition, we also had to determine how best to apply the securities we needed – both in the deployment and in the package.

That was a big project I kicked off, which turned out to be a great asset as it not only delivers our products in a more secure way but delivers them faster to our clients. It’s really sped up our deployments and given us greater visibility into what’s changing.

In your opinion, what is the biggest challenge facing the sector at the moment?

Cybersecurity is a huge challenge and has become a top priority for banks and credit unions alike, especially when you’re dealing with people’s money – you sure don’t want to lose that.

If a financial institution is hacked and all their information is stolen or locked down, there are certain securities where the Federal Reserve in the U.S. will secure money up to a certain point. This security leaves many companies with significant losses, as most lose more than what can be secured – making it extremely important to ensure your data is safe and stored in a secure location.

There are so many ways – old and new – in which you can fall victim to cybercrime.

The oldest way is SQL injection. With a lot of people not paying attention and failing to lock down their code on the back end – it’s easier than ever to get in. One thing that’s foremost for us is making sure we have all of our security in place and our ports are secured and closed down so we’re not open to SQL injection.

Finance, Insurance and Banking have historically been slow in adopting new technologies and processes. What do you think have been the consequences of that – particularly in your role?

Being slow to accept or introduce DevOps and new technology has opened up banks and credit unions to a great deal of scrutiny and the potential for hacking. If they’re not up to date with security and the latest trends, they leave themselves more open to being hacked – so that’s definitely one thing.

Also, technology runs everything – no matter what industry you’re in.

Finance and legal are among the oldest sectors, and it comes back to the saying “Why fix what’s not broken?” Many individuals think it’s not broken just because it’s always been this way – and that’s the way they’re always going to do it. But the finance and legal sectors are constantly changing and must keep up with technology to stay ahead of competitors and those trying to cause harm.

If you’re slow to adapt, it can open your financial institution up to greater risks – especially cybersecurity risks.

Given the rise of cyberattacks across the sector in recent years, what would be your advice for someone tackling compliance and security in their database processes?

Make sure you have valid backups at all times. In fact, make sure you have backups of your backups (if possible) and definitely have a runbook. In the case of an emergency, a runbook will instantly tell you who to contact about what, how to shut it down, and outline how to get back to business as quickly as possible with as little data loss as possible.

Having a worst-case scenario checklist and runbook is essential, as the little things really matter. For example, if one agent job didn’t run (depending on the job), that could mean your data has not been backed up and you couldn’t restore it if needed.

You also need to keep your own knowledge up to date, especially in financial services.

Watch the financial news, read the blogs, and stay up to date with technology. To an extent, we will always be reactive as we can only see vulnerabilities that have happened before – but you can’t be complacent because thieves and hackers are going to be one step ahead.

Digital transformations have been at the top of many CTO to-do lists across all sectors. Is this something you’re seeing within Financial Services as well?

This is an interesting one as it can mean so many different things to different people – much like DevOps.

For me, when you say digital transformation, the first thing I think of is migrating from on-prem to the cloud. I’ve heard a lot of people, especially in legal and banking, say things like “Oh, no, we don’t want to go into the cloud,” because they literally think it’s just in the ether. As if I’m just going to throw this data somewhere and it’s never coming down again until I reach out and grab it.

So, a major part of digital transformation is centered around education and helping people understand what the cloud really is. Basically, it’s just someone else’s computer somewhere else, not this magical, mystical ether floating above us.

Around digital transformation, automation is a really good one, too.

People can get into the mindset of “We can’t automate this because it’s always been done this way.” We’re all about automating as much as possible – which is at the heart of DevOps. Automating the mundane things so you can work on more important things than just clicking a button.

This alone has many benefits in terms of keeping employees more involved, more engaged, and happier in their roles – which in turn reduces staff turnover. You’re also adding value for your customers and your business, with many more savings tied into that, too.

One thing that gets thrown around a lot is the DevOps mentality of you have someone or a team of people who are a literal bridge between development and operations.

Within my team, the Site Reliability Engineers are definitely that bridge.

When there’s an issue, it’s taken directly to the development team who must investigate what’s broken. Is it a data issue? Is it a code issue? Is it an infrastructure issue? The team then has to speak for both operations and development, because operations doesn’t know the development side and development doesn’t know the pains of the operations team.

So, they’re a DevOps team in the fact they speak to both operations and development – with an understanding of how it’s supposed to operate – but also what the client sees and expects.

There has been a rise in the number of fintech players entering the market who are quick to adopt new technologies and are able to adapt quickly to customer needs. How do you see this impacting across the industry, especially for larger, well-established organizations who have been slow to embrace DevOps?

I believe people are paying more attention. And by people, I mean just your normal, everyday people. Thieves have advanced way past stealing your pin at the ATM nowadays. You can even see it on the news – it’s not a hidden industry secret.

Fintech companies are looking at how they can best stay ahead of these people and ensure that clients are comfortable with the way we protect them.

While fintechs have been here for several years, I think more people are paying attention to them now – especially with all the cybersecurity risks. The average consumer is more aware in terms of “Oh, you mean my money could go away? Well, now it’s important to me.

But that’s across all Financial Services and not limited to fintechs.

Next steps

You might also be interested in the insights revealed in Where Financial Services businesses should focus their digital transformation efforts in 2023, and the selection of resources on our Finance page. If you’d like to discuss your digital transformation needs, you can also contact a Redgate representative.