By Kavita Viswanath, General Manager, JFrog India
One of the most potent elements influencing the modern economy and financial institutions is technology. While technology has often been viewed as an enabler, its role is increasingly becoming inherent to society and the BFSI industry, particularly in a post-pandemic environment.
We are seeing changes more because of innovation-led growth than merely crisis-driven necessity. The government and financial stakeholders have prioritised digital payments in a way that is practical, simple, affordable, rapid, and secure. The transition from predominantly branch-based banks to mobile-first banks has been one of the most significant transitions witnessed during this time. According to global market research company Forrester, mobile banking apps are the most popular banking channel in Asia, with 83% of bank account holders living in India’s metro cities using their mobile banking app regularly.
Corroborating the growing popularity of digital payments, a report by the Ministry of Electronics and IT (MeitY) suggests that the volume of such payments in India has increased by 33% year-on-year (YoY) during the financial year (FY) 2021-2022. 7,422 crore digital payment transactions were recorded during this period, a significant jump from 5,554 crore transactions seen in FY 2020-21[2].
A happy hunting ground for cybercriminals
While fast digitisation has brought significant transformation to the industry, it has also produced several concerns. The BFSI industry is the most lucrative sector for hackers and cyber criminals and India’s banking and finance sector is the most cyber-targeted in the Asian region. CloudSEK, a cybersecurity platform, recorded 283 incidents in the first six months of 2022 in comparison to 469 incidents in 12 months of 2021. With 7.4 percent of the global attacks targeted towards the Indian subcontinent this year, the BFSI industry that deals with massive amounts of financial transactions and data storage must invest strategically in cybersecurity. What’s more, with cutting-edge technologies like blockchain, machine learning, and artificial intelligence only expected to accelerate online growth of the BFSI sector, the criticality is here and now.
DevSecOps – The Panacea to Banking Security Woes
Fintechs must deliver secure deployments, application releases, and updates at breakneck speed to be at the forefront of technological innovation. However, as with any technological innovation, fintech APIs are vulnerable to security concerns. These risks reduce go-to-market speed, delay update releases and impair code quality. Even though standard practices such as DevOps provide incredible deployment velocity with zero downtime, cloud readiness, comprehensive security, and compliance management, they fail to address security threats at the ground level. That’s why financial software developers mandate the need to integrate security into the DevOps process.
Enter DevSecOps – an approach that can help businesses in the BFSI sector in tracking all relevant security upgrades across the whole software development lifecycle (SDLC).
It is more a philosophy than a tech approach that calls for increased collaboration between development, security, and operation teams. DevSecOps has massively aided in boosting platform user growth and return rates in case of digital payments. Let’s consider some of the advantages of DevSecOps for the BFSI industry:
Security & Regulatory Compliance
One of the biggest challenges of the financial industry is the issue of corporate governance and the consequent myriad of regulatory and compliance requirements such as SOX2, PCI-DSS, and many others. DevSecOps builds security from ground-up, up and facilitates the detection of vulnerabilities and/or license compliance issues early on. Traceability is possible from code to production, improving software release stability, security, and quality.
Towards zero downtime
Unexpected outages can cost a financial organisation a lot of money. According to data from the National Payments Corporation of India (NPCI), just a one-hour tech outage can put a stop to 400,000 UPI transactions. Thus, a key DevSecOps technique to lower the cost of any failure for trading organisations is to reduce downtime. DevSecOps teams can create a microservice architecture to enable the zero-downtime deployment, which is even helpful in controlling maintenance problems during the deployment process.
Streamlining of processes
To increase source utilisation, product quality, and developer productivity, automation is crucial across the software delivery pipeline. Any continuous delivery or DevSecOps program is increasingly going to need to automate every process to assure compliance, provide scalability, increase speed, and enable businesses to produce products of higher quality. Enterprises are given a more practical method to reduce risk from software releases with the adoption of DevSecOps. This will help with the ongoing requirement for frequent application changes.
DevSecOps and Fintech: A Perfect Pairing
The relationship between financial businesses and the specialised functions of DevSecOps is highly interconnected. Banking software lifecycles are complicated. There is no room for errors or launching a sub-optimal product whose effects could range from simple user annoyance to the creation of security gaps that a hacker could benefit from. DevSecOps helps the financial services industry to deliver a sizable number of high-quality services to the market in a safer and more effective manner, which is in line with the strategies that address governance, risk, security, and compliance. By automating key steps and processes, DevSecOps also reduces time to market, assuring quick and secure software delivery, another key requirement of BFSI players. It is thus a perfect pairing!
