Enhancing the Delivery of Continuous Secure Ingestion by Utilising Agile & DevOps Principles

How a multinational bank incorporated Agile principles to optimise the delivery of a secure solution to ingest open-source software
Featured image

Background

One of ControlPlane’s flagship projects in 2023 was to help one of the world’s largest multinational banks with over 12 million customer accounts reduce business risk by delivering a solution that enabled secure and efficient ingestion of open-source software.

The delivery of this was underpinned by Agile and DevOps principles, which resulted in a unique set of practices that suited the specific landscape. This case study will explore these practices and how they translated to meaningful business outcomes.

Improving the Ability to Innovate

In order to effectively deliver a bleeding-edge solution by the end of the year, our team aimed to maximise their ability to innovate, meaning they sought to maximise the time they dedicated to security-focused, value-adding work. In this case, the key impediment experienced was the amount of time that was originally devoted to administrative work and navigating the complex web of departments within the organisation.

Utilising the Agile principle of continuous improvement, our Agile specialist helped the team identify the administrative processes with the biggest impact on their ability to innovate. From here, they partnered with key stakeholders and leveraged their knowledge to enhance the efficiency of navigating these processes. Alongside this, the Agile specialist fulfilled the Scrum Master accountability and, where required, unblocked and delivered administrative and regulatory outcomes in collaboration with the team, resulting in a significant increase in the time spent on technical, value-adding tasks by engineers and, therefore, greatly improving the team’s overall ability to innovate.

In addition, systematic impediments were identified as part of a wider ControlPlane initiative across the bank. This meant that the team also collected metrics, such as cycle times and the percentage of technical work vs process work, to shed light on the macro environment and potential areas for improvement. This data was then discussed and shared with senior stakeholders, who will leverage it to make the case for wider initiatives, supporting the bank’s ability to innovate on a larger scale.

Secondly, utilising the DevOps principle of removing silos between teams, our Agile specialist facilitated the ongoing collaboration and communication between the relevant development and operations teams. Specifically, they established bi-weekly collaboration sessions and created a place for shared visibility on work in progress and impediments. This meant that any potential waste from ineffective communication, long wait times, and a lack of shared priorities was minimised, creating clear pathways for the effective delivery of value-adding work.

Improving Time to Market

As this was unprecedented and pioneering work within the banking organisation, and the client is a complex, regulated one, the stakeholder’s desired time to market for the first deployment was a year. Due to a multitude of initiatives centered around improving the team’s ability to innovate and ControlPlane’s delivery expertise, this was successfully achieved. From here, the team increased release frequency to roughly bi-monthly to deliver further iterations, including enhanced monitoring, increased number of package managers supported, and integration of new third-party vendors. This further enhanced security precautions and further mitigated the risks of malicious software entering developer code bases.

Delivering Value

The ultimate goal was to deliver business value for our clients, and, in this case, business value was defined as a reduction in the supply chain risks posed by malicious open-source implants. The first iteration of the solution included integrating with the existing services so that the application was ready for the enhancements of high-speed scanning of software packages to get fast results to developers, improving both productivity & developer experience. This marked an unprecedented reduction in the financial and reputational risk posed by malicious implants.

During the project, we also saw a high level of stakeholder value delivered, with the team given full marks by their senior stakeholders in our Client Satisfaction Survey on multiple occasions, highlighting the positive outcomes gained from all perspectives.

Conclusion

This range of valuable outcomes was made possible by ControlPlane’s combination of technical excellence and Agile expertise, which increased the ability to innovate, directly reducing time to market and, therefore, time to deliver value. Ultimately this put our security solution at the forefront of bleeding-edge supply chain security practices through the successful reduction in supply chain risk, and we’d love to discuss how we could support your business to achieve similar success in the cloud-native security space.


For more details on the technical outcomes of this project, please see here.

Read more about our Agile services.


Similar case studies:  
agile cloud security delivery all