O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

DevOps for Finance

Book Description

DevOps has often been characterized as a speedy time-to-market tool, but many financial service software insiders aren’t sure whether this popular practice represents solution or suicide. In this report, author Jim Bird explains other DevOps benefits that are far more important for the financial services industry, such as improving security and compliance, reducing technical risks and operational costs, and increasing transparency.

Bird, a CTO with extensive experience in the global financial industry, has updated this report with current case studies that reflect recent events and trends in the financial services industry. You’ll also learn about related technological concerns that include containers, microservices, and security (devsecops).

This report explores:

  • The challenges facing any would-be change agent advocating for DevOps
  • DevOps methodologies such as continuous delivery, test automation, security as code, compliance as code, incident response, secure infrastructure as code, and more
  • Moving from a project-delivery orientation to an operational mindset
  • Real-world strategies for maintaining control over change, minimizing security risks, and meeting compliance and governance requirements

Table of Contents

  1. Introduction
    1. Challenges in Common
    2. DevOps Tools in the Finance Industry
    3. But Financial Operations Is Not WebOps
  2. 1. Challenges in Adopting DevOps
    1. Is DevOps Ready for the Enterprise?
    2. The High Cost of Failure
    3. System Complexity and Interdependency
    4. Weighed Down by Legacy
      1. Dealing with Legacy Controls
    5. The Costs of Compliance
      1. Compliance Roadblocks to DevOps
      2. Separation of Duties
    6. Security Threats to the Finance Industry
      1. Making the Case for Secure DevOps
  3. 2. Adopting DevOps in Financial Systems
    1. Entering the Cloud
    2. Containers in Continuous Delivery
    3. Introducing DevOps: Building on Agile
    4. From Continuous Integration to Continuous Delivery
      1. Protecting Your Pipeline
      2. Test Automation
      3. Integration Testing
      4. Performance and Capacity Testing
      5. Security Testing
      6. Automated Infrastructure Testing
      7. Manual Testing in Continuous Delivery
    5. Changing Without Failing
      1. Minimize the Risk of Change
      2. Reduce the Batch Size of Changes
      3. Identify Problems Early
      4. Minimize MTTR
      5. Always Be Ready to Roll Back
      6. Incident Response—Always Be Prepared
      7. Get to the Root Cause(s)
    6. DevOpsSec: Security as Code
      1. Shift Security Left
      2. Self-Service Automated Security Scanning
      3. Wiring Security Tests into CI/CD
      4. Supply Chain Security: A System Is Only as Secure as the Sum of Its Parts
      5. Secure Infrastructure as Code
      6. Security Doesn’t End with Development or Deployment
      7. Continuous Delivery (and DevOps) as a Security Advantage
      8. Security Must Be an Enabler, Not a Blocker
    7. Compliance as Code
      1. Establish Policies Up Front
      2. Enforce Policies in Code and Workflows
      3. Managing Changes
      4. Code Instead of Paperwork
      5. Making Your Auditors Happy
    8. Continuous Delivery or Continuous Deployment
      1. Changing on the Fly
      2. Continuous Experiments or Controlled Changes
    9. DevOps for Legacy Systems
    10. Implementing DevOps in Financial Markets
      1. Where to Start?
      2. A DevOps Journey