Australia’s financial sector is on a steady march to digitisation, with customers vastly preferring to manage their finances and transact online or via apps, instead of via ATMs and branches.
As the capabilities and benefits of transacting digitally become more apparent, customer expectations are growing as well.
S&P Global Ratings finds customers now want more than basic financial products. Instead, they “expect their bank to understand their entire financial profile and offer a customised product, much like Netflix and Spotify that tailor their product offerings.”
Today’s banking customers also expect continuous innovation on every service or product they use. They want faster and simpler ways to save, invest, and interact with their financial institutions; and they want access to emerging applications and solutions, such as automated investing platforms, advanced budgeting applications, secure and fast mobile payments, and cryptocurrency solutions.
“Organisations that can provide options with the fastest, most seamless experiences across the human-digital intersection will win favour,” PwC Australia said.
To move at pace, banks rely both on internal engineering teams and fintechs to come up with innovative ways to expand existing financial product offerings.
Cooperating with fintechs is a popular way to quickly plug new capabilities into existing banking services. Fintechs are attractive because they are almost universally under pressure to innovate faster than their competitors and new market entrants - and to do so while keeping their product secure. By partnering with fintechs, banks “can access opportunities for earnings growth more quickly, cheaply and with less risks,” KPMG Australia said.
However, fintechs aren’t the only path to innovation. Internal engineering teams also have a key role to play. Building new financial products and delivering innovative features in a rapid fashion requires a shift in an organisation’s approach to application development and delivery. That shift is often enabled by using DevOps - a set of practices and a shift in culture that aims to shorten the development life cycle while providing continuous delivery of applications.
Internal engineering teams that adopt DevOps need to ensure they do so safely and securely. This is where further work may be required.
Accelerating with code practices and edge cloud
In the past, the core focus of application development was on functionality and availability. Apps were developed and updated with semi-annual or annual releases. The long release cycles meant financial companies couldn’t react to changing business conditions, and customers weren’t receiving the innovations they craved quickly enough.
These apps were also delivered to customers using traditional CDNs, which lacked the visibility and control needed for continuous development.
Developers started using edge cloud platforms to locate logic and deliver functionality at the edge, improving application and web performance at a reduced cost.
Agile development allowed Australia’s banks to shorten their development life cycles so they could deliver new features, fixes, and updates more frequently and keep up with growing business needs. It also led to the adoption of DevOps, and specifically secure DevOps, to manage agile software releases while maintaining the stability, security and safety of core banking services.
Whether banks choose to move faster by tapping fintechs, or through a combination of agile coding and edge cloud services, maintaining security is an overriding concern.
Banks are used to meeting a high bar for the security of their systems, but the bar for security is set even higher when fintechs are involved. Customers provide their most sensitive data and trust that it will remain secure with these interlinked startups. In order to achieve this, security needs to be a shared responsibility between development, operations, and security teams.
If banks are developing the new features at pace themselves, secure DevOps practices can help to provide the balance between moving quickly while maintaining, or improving, security. Integrating security into DevOps allows financial services organisations to gain the performance, visibility, and control needed to build secure applications that users love.
When considering how to implement secure DevOps, it’s important to think about the tools and processes that developers will use when building and delivering their applications.
A modern edge cloud platform (rather than a traditional CDN) can process, serve, and secure applications as close to users as possible, at the edge of the network.
When evaluating edge cloud platforms to deliver financial applications, a platform should be selected that allows developers to better align controls to the software and applications they’re building. Ideally, those controls can be adjusted in real time based on key insights from traffic, and developers can push out changes globally in seconds.
Security controls should be built into the platform layer, so they can rapidly scale without introducing bottlenecks or impacting performance.
In addition, the platform should be capable of streaming logs from the edge in near real time. This can provide valuable insights for rapid detection and mitigation of vulnerabilities and common attacks like cross-site scripting (XSS) and SQL injection that often affect financial applications.
Finally, the edge cloud platform should fit in with current DevOps toolchains and offer controls that align with financial and corporate compliance standards like PCI DSS and SOC 2.
Stephen Gillies, APAC technology evangelist, Fastly