AlignMinds Technologies logo

Empowering Fintech Excellence: A DevSecOps Transformation Journey with AlignMinds

About the Client

Our client is a Fintech company building the future of patient finance.

AlignMinds helped one of America’s largest Fintech start-ups with a legacy modernization in order to create a new user-friendly version of the website, including the integration of banking and other features.

The Challenges

  • Digital security:Having been one of the leading Fintech companies in the US, the client was concerned about the security of digital assets. The security team realized that static analysis tools (SAST) and dynamic analysis tools (DAST) were insufficient to detect and fix code vulnerabilities as quickly as possible if they wanted to detect and fix them.

  • Operational efficiency:The new releases and fixes were taking an enormous time and the client was looking for faster product release management. The client was also looking for a scalable, automated solution to provide continuous application security across the entire DevOps process.

  • The Process

  • 1.Brought operations and development together and adopted a team mindset.

  • 2.Used metrics to determine improvement areas and necessary changes. Some metrics that we considered are:

    • The percentage of rollbacks that must happen due to bugs.

    • Response time from an error report to when a fix is deployed.

    • Failure rate: How often is code deployed and must be either remediated quickly or rolled back?

    • Average time to recover: When code deployed to production fails, how long does it take to recover from the bug or downtime?

    • Deployment time for each step: How long does it take to deploy to each of the steps (e.g. testing, staging, production).

    • Deployment frequency

  • 3.Designed a Plan and Defined Requirements

    Since there is no such thing as a one size fits all solution when it comes to DevOps, the planning step is essential to the success of the new team. The success of DevOps greatly depended on this step. We included the overall corporate structure and goals and the development processes.

  • 4.Rolled Out the New Team Design in Steps

    Instead of hitting everyone with huge cultural and procedural changes, we rolled out procedures in steps. DevOps is a culture of automation, and these tools and configurations must be tested. We tested the entire environment from testing to deployment on each environment.

  • 5.In order to support a more streamlined model with an emphasis on automation, we implemented DevSecOps practices, processes, and tools in order to support a more streamlined model.

    6.Established workflows and strategies required for continuous integration using GIT best standards.

    7.High-level solution design and approach for the future state DevSecOps process.

    8.Build efficient pipelines for source code build, integration, and versioning using Azure DevOps. 

    9.Established a Git branching strategy to support parallel development and product releases.

    10.Enabled monitoring using tools such as Sensu, CloudWatch, GrayLogs.

    11.Enabled alerts using PagerDuty, and CloudWatch.

    12.Implemented Testing and Quality Assurance.

Technologies Used

Azure DevOps, GitHub,Jenkins, MatterMost, PipeDream for API Integration, SonarQube, PagerDuty, NewRelic, Sensu, GreyLog, AWS CloudWatch

Results

  • Decreased Operational costs by 40% with the DevOps approach
  • Improved Software Quality.
  • Improved the software release cycles and reduced the development costs to the minimum.
  • Optimized delivery model with 100% automation that reduced human error and improved overall efficiency.
  • Improved efficiency, and competitive advantage through the implementation of Agile DevOps.
  • Established a branch approval procedure with required automated inspections and an Azure DevOps artefact to improve binaries and release management
  • Reduced manual intervention, adopted a DevOps culture, and integrated CI/CD into the delivery paradigm.
  • Using SAST tools such as SonarQube helped to find security vulnerabilities during coding and while deploying.
  • Increased infrastructure and service monitoring using New Relic, PagerDuty, GreyLogs
  • Increased developer, operation, and stakeholders’ collaboration using MatterMost.
  • Integrated MatterMost and Azure DevOps with Pipedream.