WHITE PAPER

LEARN MORE AT SAUCELABS.COM

DevOps offers a number of valuable benefits to companies in the financial services industry.

To date, however, adoption of DevOps practices within this sector has been limited due to

the difficulty of overhauling legacy practices, strict compliance needs and other challenges.

By adopting automated testing, financial services companies can overcome these hurdles

and reap the benefits of DevOps in order to stay agile and be more competitive.

How Financial Institutions Can Reap Dividends From Automated Testing and DevOps

TABLE OF CONTENTS

3 Executive Summary

4 How DevOps Creates Value for

Financial Services

4 Competitiveness

4 Regulatory Compliance

5 IT Governance

5 Security

6 The DevOps Migration Challenge

6 Automated Testing: Indispensable for

Enabling DevOps

7 Ensuring Stability, Security and Compliance

7 Adapting Legacy Apps for DevOps

7 Enabling Software Diversity, Including for

Mobile Environments

8 Enabling Continuous Delivery

9 Maximizing Security

9 Conclusion: Join the DevOps Trend

LEARN MORE AT SAUCELABS.COM PAGE 3

EXECUTIVE SUMMARY

DevOps is a set of cultural values and practices that emphasize agility,

efficiency and visibility when developing and deploying software. Since the

late 2000s, when programmers first began embracing the DevOps concept,

DevOps has been reshaping the way software is created and managed.

DevOps constitutes a culture rather than a specific product or technology,

and effecting cultural change is usually difficult. For that reason, migrating to

DevOps can be challenging. This is especially true for large organizations in

established industries, including financial services, which already have strongly

embedded legacy software delivery practices in place.

Yet the fact that adopting DevOps may be difficult for these organizations

does not mean that DevOps migration is not worth the effort for them.

On the contrary, as this white paper explains, DevOps can pay enormous

dividends for companies in sectors like finance. And achieving DevOps is not

difficult when organizations adopt the right tools and practices, including

automated testing.

PAGE 4LEARN MORE AT SAUCELABS.COM

HOW DEVOPS CREATES VALUE FOR FINANCIAL SERVICES

DevOps practices and methodologies can help solve a number of challenges

that are of particular concern to the financial services industry. Those

challenges include the following.

Competitiveness

The financial services sector is highly competitive. A full 18 percent of

millennials switched their primary bank in the last 12 months, according

to a recent Accenture survey.

In an age when most financial services customers rely on technology to

access and manage accounts, an important component of attracting and

keeping clients is having the best software. DevOps helps companies do this

by enabling them to build better software faster, push updates to users quickly,

and adapt easily to changing user demands and stay ahead of competitors.

DevOps offers particular advantages to companies seeking to stay relevant

as more and more computing shifts to mobile devices. Because mobile

platforms are so diverse, writing and testing software for mobile devices in

an efficient way is impossible without taking advantage of the agile delivery

techniques that define DevOps.

Regulatory Compliance

Keeping up-to-date with ever-changing regulatory policies requires the ability

to adapt quickly as compliance priorities change. That is difficult to do for

organizations whose software delivery chains are large and inflexible because

they have not adopted DevOps.

DevOps mitigates compliance challenges in several ways. First, by

streamlining the development and deployment of software, DevOps ensures

that companies can update their software quickly whenever compliance

needs change. For example, if regulators institute a new rule regarding

disclosure statements within an application used by customers, a highly

automated DevOps delivery chain enables organizations to update the

application and push the new version to users rapidly.

Second, DevOps maximizes the flexibility of the software development and

deployment frameworks that a company uses. It makes applications portable

between different types of infrastructure, and allows developers to change

from one programming framework to another without overhauling their

entire operation. This agility is important for meeting changes in regulatory

PAGE 5LEARN MORE AT SAUCELABS.COM

policies that might occur—for instance, when regulators deem a particular

software tool used by a company to be unfit. In that case, the company can

easily switch to an alternative tool as long as it has the flexibility of DevOps

at its disposal.

Third, DevOps maximizes visibility. By streamlining communication between

all members of the IT organization and breaking down silos that limit the

ability of one part of the team to understand what others are doing, DevOps

makes it easy for organizations to identify compliance issues within their

software before they come to the attention of auditors.

IT Governance

Establishing an IT governance policy is easy. Enforcing it is generally much

more difficult, especially in established companies with entrenched workflows

and siloed IT operations.

Adopting DevOps enables much better governance enforcement. It

encourages and facilitates collaboration between developers, IT Ops teams

and quality assurance engineers so that all parts of the organization can work

together in implementing governance goals.

Security

Financial services is among the industries most likely to face cyberattacks,

according to IBM, and the cost of such attacks—which includes loss of brand

value, intellectual property theft, regulatory fines, and more—is more than

$200 per affected record, according to Symantec. Symantec also reports

that the number of records stolen in recent cyberattacks has been in the tens

of millions, and the total cost of these attacks can be staggeringly high. For

this reason, security should be a top priority for companies in the financial

services industry.

DevOps can help these companies achieve their security goals. By maximizing

agility, DevOps empowers organizations to keep their software up-to-date

and adopt the development tools and frameworks that are most secure.

Continuous software delivery powered by automated testing also helps

DevOps teams to identify and fix security flaws quickly, before they enter

production environments.

PAGE 6LEARN MORE AT SAUCELABS.COM

THE DEVOPS MIGRATION CHALLENGE

If DevOps brings so many benefits to the financial services industry, why

haven’t more companies adopted DevOps techniques? The answer is that

the industry is subject to several factors that can make DevOps adoption

particularly challenging. They include:

• A high need for stability, security and compliance. More so than in many

other industries, financial services companies require software that is

highly stable and secure in order to keep their customers’ information

safe and meet regulatory requirements. For this reason, adopting DevOps

practices such as continuous delivery can be challenging, because they

increase the rate at which software changes, and organizations need to

update their testing procedures in order to keep pace.

• Legacy software. The financial services sector was among the first to adopt

digital technology. While that is a strength in one respect, it also means that

some of the IT systems that companies in this industry use are decades

old. Adapting legacy applications to DevOps workflows can be difficult if

companies do not have efficient testing solutions in place to ensure that

those applications remain stable when delivery techniques change.

• Old-generation infrastructure. The DevOps conversation often focuses

on next-generation infrastructure technology, like Docker containers,

rather than the mainframe systems that continue to power much of the

financial services industry. This may lead financial services companies to

believe that DevOps is not for them, because they mistakenly assume that

legacy infrastructure cannot fit into continuous delivery and automated

testing pipelines.

There is no denying that these considerations can make the DevOps journey

appear particularly challenging for financial services companies. Yet that does

not mean these challenges cannot be overcome.

AUTOMATED TESTING: INDISPENSABLE FOR ENABLING DEVOPS

For financial services companies, one of the key components to overcoming

the challenges described above and implementing DevOps is automated

testing. In a number of crucial ways, automated testing enables financial

services organizations to adopt DevOps successfully without compromising

stability, cost, organizational efficiency or compliance fulfillment.

PAGE 7LEARN MORE AT SAUCELABS.COM

Ensuring Stability, Security and Compliance

DevOps practices such as continuous delivery of software mean that software

changes quickly. If the rate at which quality assurance teams test software

updates is slower than the pace of software evolution, organizations risk

releasing software that is subject to stability, security or compliance flaws.

With automated testing, however, that risk virtually disappears. Automated

testing allows development and quality assurance teams to test software

updates as quickly as they are made, and scale their rate of testing up or

down as the rate of development changes. The result is software that can

be updated easily, without sacrificing stability or security.

Adapting Legacy Apps for DevOps

While it may seem difficult to adapt legacy applications for a DevOps

workflow, it is important to remember that DevOps is about culture, not

a specific technology. So long as DevOps teams take the right approach to

legacy apps, legacy software can be continuously delivered as effectively as

any modern application.

Including legacy applications in automated testing workflows is one way to

enable DevOps for old-generation software. And when using modern, flexible

cloud-based testing frameworks, there is no reason why legacy applications

cannot be automatically tested.

Enabling Software Diversity, Including for Mobile Environments

Automated testing is the only way to deliver software efficiently that supports

a wide variety of platforms. Since financial services companies are likely to

release software for multiple types of environments—including traditional web

apps, as well as mobile software for different devices and operating systems—

automated testing is essential for helping them apply DevOps to their diverse

software delivery needs.

In addition, without automated testing, companies that develop software

for multiple types of platforms are at risk of delivering inferior code to users.

Because the manual testing of software for hundreds of different combinations

of hardware and software platforms is not feasible, automated testing is the

only way to achieve DevOps for companies whose software needs to work

reliably on Windows PCs, Macs, Linux, Android phones, iPhones, tablets,

wearable smart devices, and the platforms that are yet to come.

PAGE 8LEARN MORE AT SAUCELABS.COM

Enabling Continuous Delivery

Achieving continuous delivery without full automation is impossible for

organizations with finite staff and material resources. That’s because in the

absence of automation, software delivery and testing cannot scale. Even if

just one part of the software delivery pipeline is not automated, continuous

delivery is virtually impossible.

But when you automate testing—especially by running automated tests in

the cloud, which can scale on demand whenever the amount of tests you

need to perform changes—the size of your staff no longer limits the pace

of testing, and by extension, delivery. Even during periods of peak demand

or development activity, automated testing assures that you can continue

to deliver software continuously regardless of the availability of your quality

assurance staff.

In addition, running your test infrastructure in the cloud means you can

make much more efficient use of your resources—which ultimately lowers

development and testing costs. This is because software tests typically do not

consume resources at a constant rate; instead, their resource consumption

“spikes” when tests are being performed, and zeroes out again after tests are

complete. (One way to avoid these spikes is to run fewer tests, or choose

not to run multiple tests at once, but that is a mistake because it leads to less

thorough testing and slower results.)

An on-premise infrastructure capable of supporting those spikes would

need to be massive, making it costly to set up and maintain. Yet it would

only be under full load occasionally—which means you would be paying

for considerable hardware resources that are severely under-utilized much

of the time. By moving tests to the cloud, however, you only have to pay

for infrastructure when you are actually using it to perform tests. In this

way, cloud-based testing facilitates continuous delivery by allowing you to

optimize resource consumption and devote more hardware and financial

resources to development and deployment.

Automated testing also provides your DevOps team with a fast and efficient

feedback. It allows them to learn early and often about potential problems

with software they are developing so that they can correct those problems

quickly. An efficient feedback loop ensures that your continuous delivery

pipeline flows smoothly and that problems are discovered during the

development process, well before they reach your customers.

PAGE 9WP-07-012017

Maximizing Security

Strong security is essential for companies in the highly regulated, attack-

prone financial services industry. Automated testing is vital for enabling this

level of security.

That is because automated testing is designed to maximize security. When

you perform automated tests in the cloud, testing data and communication

channels are secured with TLS encryption. Modern automated testing

platforms also allow you to store testing data only on on-premises servers

if required for compliance or security reasons.

In some respects, automated testing delivers even more security than manual

testing. Whereas manual tests are subject to human error and oversight,

automated testing promotes strong security by standardizing the testing

process and facilitating faster test results, which help DevOps teams to

identify potential security issues sooner.

CONCLUSION: JOIN THE DEVOPS TREND

A number of major financial services companies, including Capital One,

Goldman Sachs, Bank of America, Fannie Mae, USAA, Fidelity and Intuit, have

already embraced DevOps by taking advantage of automated testing and

other techniques that help organizations implement a DevOps culture.

For companies that have yet to embark on the DevOps journey, the time

to start is now. Regardless of the type of hardware or software a company

uses, the stability or compliance goals it needs to meet, or the nature of the

competition it faces, DevOps is crucial to staying agile and relevant today.

And while the DevOps journey may seem intimidating, automated testing

can do much to make it simple.

ABOUT SAUCE L ABS

Sauce Labs is the leading provider of continuous testing solutions that deliver digital

confidence. The Sauce Labs Continuous Testing Cloud delivers a 360-degree view of

a customer’s application experience, ensuring that web and mobile applications look,

function, and perform exactly as they should on every browser, OS, and device, every

single time. Sauce Labs is a privately held company funded by Toba Capital, Salesforce

Ventures, Centerview Capital Technology, IVP, Adams Street Partners and Riverwood

Capital. For more information, please visit saucelabs.com.

SAUCE LABS INC. - HQ 116 New Montgomery Street, 3rd Fl San Francisco, CA 94105 USA

saucelabs.com/signup/trial

FREE TRIAL