Case Study – BFSI DevOps Implementation And Optimization

• Missing CI/CD and Automated Testing
• No Branching and Merging Strategy
• Inconsistent Sprint Execution:

Proposed Solution

These challenges collectively impede the company’s ability to achieve optimal software development, maintenance, and deployment processes. The absence of foundational practices such as source code management, documentation, and standardized processes hinders the company’s capacity to respond swiftly to market demands, implement changes efficiently, and maintain the overall health of its application portfolio. Addressing these issues is imperative for the BFSI company to attain a mature and efficient DevSecOps environment, ensuring the sustained success of its software development initiatives. After the initial analysis of the environment and getting a better understanding, we propose the scope of implementation in 2 stages.

Stage – 1 – Implement Basic DevOps( Source code, CI/CD process, etc.) in an iterative mode of 5-10 applications in one go, with the number of applications to be increased as the momentum increases.

Stage – 2 – Modernization (Microservices, Test automation, security, monitoring, etc.)

Injecting security in the SDLC

As security is a vast area, DevOps Enabler puts the security requirements separately. Injecting security into the SDLC has multiple facets and primarily includes:

• Security Requirements
• Security by Design § Secure Coding
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Software Component Analysis
• Security Operations (including security monitoring for infra, network, and ops)

Outcomes

The proposed solution successfully addresses the challenges, aligns with future aspirations, and provides a phased implementation leveraging Microsoft Azure’s DevOps capabilities. This approach ensured a gradual and structured transformation towards a matured DevSecOps environment, enhancing collaboration, automation, and overall development efficiency within the BFSI company.

• Common Process Template, increasing the Sprint Visibility at different levels and across different vendors providing services.

• Azure DevOps Repos setup and migration ensures organized version control.

• Integration of Azure Boards and Pipelines enforces Sprint planning, backlog management, and streamlined development workflows.

• Azure Pipelines implementation achieves automated builds and deployments.

• Azure Repos strategies establish stability, and team education on best practices ensures effective branching and merging.

• Azure DevOps Wiki adoption facilitates documentation, knowledge sharing, and linkage with code repositories.

• Implementation of Azure DevOps Security features enhances security throughout the SDLC.

• Automation through Azure Automation and Infrastructure as Code (IaC) using ARM templates achieves efficient infrastructure provisioning and deployment.

• Integration with code quality tools, review gates, and pull request policies in Azure DevOps Repos ensures matured source code management.

• Azure Release Management implementation with security and quality gates achieves a defined and repeatable release process.

• Transitioned towards microservices architecture using Azure Kubernetes Service and end-to-end monitoring.

• Integration of Azure Test Plans for automated testing and Azure tools for security testing.

• Utilization of Azure Monitor, Security Center, and Sentinel for infrastructure and network monitoring, as well as security incident response.

Metrics