DevSecRegOps takes DevSecOps a step further by ensuring security and regulatory demands are the responsibility of every team at key development steps of the IT lifecycle. Credit: SmileStudioAP It’s no secret that banks and fintech companies must meet compliance and regulatory standards that are much stricter than what traditional tech companies are forced to comply with. The question becomes: How do you meet strict regulatory and compliance standards while keeping up with the rapid pace of innovation in technology? As the vice president of enterprise architecture and technology strategy at Discover Financial Services, I think about this question often as we work to design our tech stack. I’ve come to believe that technology teams in regulated industries need to move beyond DevSecOps and embrace what I’ll term DevSecRegOps. DevSecOps refers to development, security, and operations. As a practice, DevSecOps is a way to engrain practices in your SDLC that ensures security becomes a shared responsibility throughout the IT lifecycle. DevSecRegOps takes DevSecOps a step further by ensuring security and regulatory demands are the responsibility of every team at key development steps of the IT lifecycle. We’re in the early phases of adopting this mindset at Discover, but I believe the best way to achieve it is to design with regulation in mind, automate regulatory compliance, build regulatory compliance as code, and change the culture so that everyone who works at Discover feels responsible for compliance and meeting our regulatory obligations. Design for regulation The architects in charge of designing a company’s overarching infrastructure and applications must design for compliance up front so that teams don’t have to scramble to meet regulatory requirements at the end of a development lifecycle. To do this, companies must ensure that architects and engineers have easy access to relevant regulatory standards, company policies, and industry best practices so they can ensure what they’re designing meets those standards from the start. Creating and enforcing these expectations across your team of architects is imperative to ensuring regulatory compliance. Automate compliance Automating compliance and regulatory checks is the most effective way to ensure compliance standards are met. One way to achieve this is to build regulatory checks into your CI/CD pipeline to ensure consistent compliance with auditable trails. Ideally, ensuring these compliance checklists trigger a failure close to the beginning of the SDLC ensures you don’t get to the end and realize you’re not compliant. Engrain DevSecRegOps into your development culture Like many other development practices, including security and reliability, it’s imperative to shift left on DevSecRegOps, ensuring the entire organization feels responsible for meeting regulatory standards and requirements. Creating a development culture that embraces compliance starts with executive buy-in, comprehensive training across teams, and processes and tests that assess and enforce regulatory compliance culture. Compliance as a practice Ensuring customers can access their finances and financial information in a secure, reliable way builds trust with our customers. Embracing regulatory compliance as part of the development lifecycle ensures that we can continue to scale our card, banking, and loan services in a way that best serves our customers. Visit Discover Technology to learn how Discover developers approach application development. Related content brandpost Sponsored by Discover® Financial Services Scaling security: How to build security into the entire development pipeline Learn how Discover’s security team catches vulnerabilities before deployment. By Amanda Walgrove 30 Oct 2023 5 mins Security brandpost Sponsored by Discover® Financial Services 3 keys to enabling open source innovation at your company Explore 3 ways that Discover Financial Services embraces an open-first strategy—and hear how we used these to build our first open-source project. By Andy Smith, Distinguished Engineer and Director of the Open Source Program Office at Discover, and Dan Gisolfi, Distinguished Engineer, Head of Innovation 20 Oct 2023 5 mins Digital Transformation brandpost Sponsored by Discover® Financial Services How an architecture-led transformation puts the customer first 3 key ways to ensure customers are at the center of an architectural transformation By Ed Calusinski, VP Enterprise Architecture & Technology Strategy 12 Sep 2023 5 mins Digital Transformation brandpost Sponsored by Discover® Financial Services How prioritizing training and mentorship retains talent As companies compete over the best talent, how do you attract and retain top talent? One approach Discover takes is to attract great people and equip them with the skills to do the job By Emily Mitchell and Amanda Walgrove 07 Sep 2023 5 mins IT Leadership PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe