Capital One explains how it's spent almost a decade modernizing its IT with Amazon's cloud and the agile developer methodology to move faster and stay competitive

  • Capital One has been working on modernizing and updating its technology for the past decade or so.
  • Capital One rebooted its technology approach by going all in on Amazon Web Services, as well as using DevOps technology like Microsoft's GitHub, the open source project Jenkins, and JFrog's Artifactory.
  • It's been a rocky journey: About a year ago, Capital One made headlines when a misconfiguration in its cloud infrastructure opened the door for a massive customer data breach. The company says that it's learned from the mistake and gotten more aggressive about cybersecurity.
  • Capital One also went through a cultural change by switching from the older waterfall model of software development to the newer agile model, which involves breaking down a major software project into smaller projects with smaller teams working on and reiterating on them.
  • Sign up here to receive updates on all things Innovation Inc.

 

About a decade ago, give or take, Capital One started to revamp its technology to better reflect how the bank's customers now mostly interact with its services online.

To get there, Capital One has left its own data centers behind and gone all-in on Amazon Web Services, the retailer's market-dominating cloud computing platform, even as its developer teams turn their attention to IT automation and DevOps — two industry trends that can help companies release more software, faster.

While automation helps speed up Capital One's work by having technology automatically do manual tasks, DevOps helps the company in effectively managing its software development and making sure its applications are running smoothly.

To support the changes, Capital One also underwent cultural changes, from hiring to completely changing its process for developing software. Overall, Capital One's journey was "a ton of work," says Christine Hall, vice president of IT at Capital One, and not something that can be finished in a year or two. Before, Capital One "looked like a lot of banks," Hall says.

"We found ourselves in a position of recognizing we needed to be far more nimble and taking a bigger focus on all those customer experiences," Hall told Business Insider. "We were thinking about the talent necessary to do that. We were in a position to lead change and not just react to it."

To say the journey has been rocky would be an understatement: About a year ago, Capital One made headlines for all the wrong reasons, when a misconfiguration in its cloud infrastructure is said to have allowed a hacker to access the data of millions of customers.

But Capital One says that it learned from the mistake. For example, it has been working on strengthening and expanding its use of tokenization, a cybersecurity method that protects sensitive data by replacing it with unique identification symbols that references the original data, without compromising it.

"Safeguarding our customers' information is essential to our role as a financial institution," a Capital One spokesperson said in a statement. "The controls we put in place before last year's incident enabled us to secure our data before any customer information could be used or disseminated and helped authorities quickly arrest the hackerIn the year since the incident, we have invested significant additional resources into further strengthening our cyber defenses." 

Capital One hired more talent and started implementing new technology like AWS and GitHub

Capital One started with a focus on talent by hiring more product managers, engineers, and data scientists. It now encourages software engineers to be more self-sufficient and take accountability in building their software, says Hall.

"That was not only a shift in roles and responsibilities but an accountability model change that's rooted in a cultural piece to be the ones standing behind the software they're developing," Hall said.

Turning to AWS in the first place allowed developers to quickly spin up their own servers, which they can use to prototype and test out new ideas before rolling out to the rest of the company.

To take it a step further, it started using various DevOps tools like Microsoft's GitHub and JFrog's Artifactory, as well as using continuous integration and continuous delivery (CI/CD) software like the open source software Jenkins, which helps developers with releasing code faster and more often. All these tools complement the internal DevOps software it built for its own purposes. 

Read more: Investors are betting hundreds of millions of dollars that startups like PagerDuty, GitLab, and CloudBees can change the way software gets made

"Knowing we have solutions that scale, we constantly work to understand where we are in the marketplace," Hall said. "We also have an expectation that we're able to integrate solutions into our operations as well as into a uniform experience for our developers."

From the waterfall model to the agile model

Hall said that the tools alone wouldn't have made change possible, and that it needed to think differently about how developers approach their jobs. 

It moved away from the so-called waterfall model of software development, where teams go step-by-step, moving from planning the software and its requirements, to analyzing what the project would need, to designing the app's architecture, to actually coding it, to testing it, to maintenance. 

The problem with that model is that it's slow, and doesn't give much leeway for developers to go back to earlier stages if any changes have to be made. If a bug is detected late in the process, it can mean going several steps backwards in the waterfall, often leading to major delays in the release schedule. It meant that software would only get released every few months, or even just once annually. 

Now, Capital One follows an agile model, a more incremental approach to software design that involves breaking a project down into multiple smaller projects. Each team is assigned a specific outcome, and tasked with constantly iterating on it. Testing and security validation is done on each individual part on the go. Ultimately, it means that each component can be individually updated and released several times a day.

"All those things were going to require a shift from a very traditional way of delivering technology and taking a more modern approach," Hall said.

So far, these changes have paid off for Capital One, Hall says. She says the company is now more "adaptive" and "nimble," and better able to respond to changes in the industry.

And while it's still early in its agile journey, Capital One plans to continue focusing on its developer experience, on automating its work, especially in regulatory compliance, and on delivering resilient, secure software. 

"It's really exciting to see all the elements of our transformation and the talent that we have, the focus on engineering culture, and to see that all pay off," Hall said.

Got a tip? Contact this reporter via email at [email protected], Signal at 646.376.6106, Telegram at @rosaliechan, or Twitter DM at @rosaliechan17. (PR pitches by email only, please.) Other types of secure messaging available upon request. 

Source: Read Full Article