Skip to main content

DevSecOps: Reducing Friction to Speed Up Delivery

By Marc Masri, DTCC Executive Director, IT Product Management | 3 minute read | June 29, 2022

DTCC continues its DevSecOps (Development, Security & Operations) journey to enable faster delivery of solutions while reducing risk, strengthening security, and improving quality.

Related: Thwarting the Log4j Cyber Threat with DevSecOps

Building code to support a business application is just one part of a long list of activities that need to take place before DTCC’s critical products and services make it into the hands of our clients. DTCC’s DevSecOps team – a function dedicated to enhancing the efficiency and effectiveness of our IT organization – is simplifying code release management activities through end-to-end automation.

Step-by-step: Release management refers to the process of planning, designing, scheduling, testing, deploying, and controlling software releases. This process can be summarized in the following high-level steps:

  1. Developers build code and work with release engineers to submit a form that indicates the developer’s intent to release this code into the production environment. Any code staged for release must comply to stringent security and quality standards.
  2. Release engineers work diligently to make sure that branches of source code are packaged up and staged for release. This process is better known at DTCC as staging a “release candidate.”
  3. The release candidate is now ready to go live during the scheduled release window.

Digital bottleneck: The process seems simple but when factoring in all of the development teams who are creating code for business applications or reusable APIs for the DTCC API Marketplace, release engineers can have more than a dozen release form requests at any one time. That can lead to potentially long wait times for code to get packaged into a release candidate that is verified and ready for release to the production environment.

We’re narrowing the gap between development and release activities with automation that optimizes our processes and frees up our talented engineers to focus on complicated, technical work to prepare for production releases.

Power to the developers: The DevSecOps Delivery Pipeline was developed to make the release management process more efficient. We’ve established an automated capability that ensures the code is compliant with security and quality standards before generating the release candidate. Developers can now continually generate release candidates as part of their regular development process, instead of waiting for verification. We’re removing roadblocks between lower environment development activities and putting the power in our developers’ hands to get their code from build phase all the way to production-ready, tested and secured for client delivery.

Quality over quantity: The DevSecOps Delivery Pipeline forbids developers from overriding tests and scans for quality and security. Since this process is automated, release engineers are free to focus on production readiness and coordination of complex releases or exception processes that require human intervention.

The Art of Possible: To hear more about our IT DevSecOps journey and how we're looking toward the future by dreaming of "the art of possible", I encourage you to listen to my Take 5 podcast.

Marc Masri - Image Profile
Marc Masri

DTCC Executive Director, Enterprise DevSecOps