How can organisations leverage DevSecOps to create a customer-centric approach?

The landscape of modern business operations demands agility, reliability, and security in equal measure. While cybersecurity remains a critical concern, the integration of DevSecOps practices has emerged as a pivotal strategy for organisations seeking to fortify their digital infrastructure while accelerating innovation.

At the heart of DevSecOps lies a transformative ethos: the seamless convergence of development, operations, and security functions. This integration isn’t merely about thwarting threats but fundamentally reshaping how teams collaborate and deliver value. It’s a cultural shift that champions iterative development, continuous integration, and rapid deployment, all while safeguarding against potential vulnerabilities.

Recently, I had the opportunity to discuss DevSecOps as part of the Konnecta Ko-Lab Series 2 event in Sydney. At the event, I discussed how organisations can embed DevSecOps practices and the importance of creating a customer-centric culture.

Supporting engineering teams to adopt DevSecOps

One of the biggest barriers to successful DevSecOps initiatives is the entrenched processes within organisations. Most companies operate in silos, where the success of each team is measured by domain-specific metrics. Development teams may be measured on the speed of feature delivery, product teams on net promoter scores (NPS), and security teams on incident response time.

To overcome these barriers, organisations must cultivate a unified vision that places equal emphasis on feature delivery, operational efficiency, and security. 

While everyone agrees in principle that it is important to build secure and reliable systems, for many organisations there are few immediate and obvious incentives to do so.

Creating a shared vision ensures that every team member embraces their role in delivering secure, reliable, user-centric solutions. Without this, every initiative will trade off non-functional and security requirements first. You can find out more about how this can work in practice in our Secure Delivery Playbook.

User-centred security

Encouraging teams to integrate security within their delivery practices can be aided by focusing more on users. While user-centric design practices are becoming increasingly common in organisations, user-centric security hasn’t yet gained the same prominence. 

Concepts such as compliance, governance, and corporate risk are incredibly important to consider during delivery but rarely resonate with everyone in the business who has a say on how work should be prioritised.

When a cyber-attack occurs, it can result in service interruptions, reputational damage or financial penalties for a company. But customers aren’t merely bystanders in the event of a cyber-attack; they’re the true victims. 

They are the person whose bank account was blocked as a fraud prevention measure, they are the person who couldn’t book an important appointment because the system was unavailable.

Framing the challenges and outcomes in this way helps all team members see security-related processes as a priority, rather than a blocker or an afterthought.

Balancing security and delivery speed

One of the key questions at the Konnecta event focused on how organisations can balance DevSecOps with delivery speed – whilst staying “ahead of the curve” on cyber security threats.

This is a challenging problem. Cybersecurity is a truly adversarial discipline – and it is a situation which is completely asymmetrical. An attacker has a known set of methods that they can attempt, and they need to win once. A defender has to protect against the unknown and must win every time.

Traditional information security values, including defence in depth, least privilege, MFA, and threat detection are vital. More modern DevSecOps practices can strengthen your security posture:

• Shift left: Conduct security testing sooner in the software and application delivery cycle.
• Immutable infrastructure: where infrastructure components, once deployed, remain unchanged throughout their lifecycle, promoting consistency and automation
• Sensible defaults and paved roads: Create defined approaches for common use cases and create intentional friction when people stray from the path.
• Regular threat modelling: Stay vigilant about potential threats and risk
• Risk-based approach: Think critically and prioritise the things that will really impact the organisation and users. 

Ultimately, the best position you can be in is to be able to handle change quickly. If you’re in a position where you have established these DevSecOps practices then you’ll be in a position where that is easier. If not, the adaptation becomes more operational processes of shutting down services, preparing your service desk teams to take calls, and displaying informational landing pages for end users.

While it’s easy to state these principles, implementing them in practice is challenging and ultimately, there are no perfect solutions, only trade-offs. You need good people, aligned behind agreed security positions and incentivised to prioritise security to make informed trade-offs. At some point, they will need to decide when to sacrifice delivery speed, assume technical debt, or accept a security risk. 

Creating a customer-centric culture through DevSecOps is possible, but requires a careful balance of speed, security and reliability. Cybersecurity is a top tech interest for Australian businesses in 2024. If you want to learn more about how we can support your DevSecOps initiatives, contact our team in Australia today.

The superannuation sector is no stranger to complex challenges and transformations. In the past 30 years funds have navigated ever-changing regulatory frameworks, weathered multiple global financial crises and continuously strived to deliver more for their members.  

In 2024, superannuation funds find themselves in an increasingly digital-focussed world. Despite technological advances in the financial sector, including online and mobile banking, regular interaction engagement with superannuation funds remains uncommon. Around 33% of Australians check their super balance once every three months, and one in 10 never check it at all.

Delivering lifelong value to members and super funds through digital transformation 

As competition in the sector increases and capacity for advice services expands, super funds must embrace digital transformation as an enabler for future success. 

Improved data pipelines can help funds to help them better understand members at every stage of their employment lifecycle. By creating tailored, user journeys, technology can also help simplify services and make it easier for members to navigate their superannuation, accessing the information, support or services they need when needed. Digital transformation can help funds not only connect with their members but empower them to boost their superannuation balance and be proactive about their financial future. 

That’s why we created our latest eBook focused on advising superannuation funds to leverage data-driven insights to design seamless customer journeys, create tailored services and drive lifelong value for members

What is the eBook about and how can it help me?

Our eBook “Accelerating Superannuation’s Digital Transformation” combines our hands-on experience with detailed return on investment statistics and insights from industry experts. It aims to support and inspire funds to:

• Leverage data and technology to better understand member journeys.
• Strengthen engagement and empower members with targeted advice.
• Build flexible, scalable and secure services with event-driven architecture.
• And remain competitive in a constantly changing landscape.

The ebook also delves into our Super Accelerator programme,  a comprehensive package of predefined, ready-to-use modules designed to help superannuation funds build, deploy, and run event-driven services in just 12 weeks. Our Accelerator has already helped super funds on their digital transformation journey, with the book detailing case studies from Spirit Super and Employment Hero.

Ready to accelerate your digital transformation?

Download the ebook to unlock the potential of digital transformation in superannuation. 

You can find out more about our Super Accelerator programme and our work with the superannuation sector on our dedicated superannuation webpage.

If you’re ready to accelerate your digital transformation and harness the power of data-driven decisions to empower your members throughout their employment lifecycle, contact the team at Equal Experts Australia now.

Here’s a fact you probably won’t know about me – I went to the same school as Alan Turing. 

I mentioned this while appearing as a panellist at the recent Konnecta Ko-Lab: Series 1 discussion in Sydney. Having attended the same educational institution as one of the founding fathers of artificial intelligence, I guess I was always destined to be interested in AI. It’s a fact that certainly grabbed the attention of the audience.

AI, particularly Generative AI, continues to captivate technologists and business leaders worldwide. During the panel, we dived headfirst into the technical aspects of implementing AI, but some of the more compelling and challenging audience questions revolved around how organisations can balance AI’s opportunities with the concerns surrounding the new technology. 

How generative AI is impacting business

Generative AI is reshaping the way we create and consume content. It can enhance customer experience through personalisation, streamline business processes and rapidly generate new creative ideas. 

But along with the benefits, there are concerns about how Generative AI is impacting business and even society as a whole. These concerns, including data privacy, intellectual property rights, and the use of technology to mislead, deceive or manipulate people, are not new. 

However, the speed at which Generative AI tools increased, along with its huge popularity and the ability for any person or business to use them, means it’s vital that people considering implementing AI understand how to innovate ethically and responsibly. 

The importance of accountability and transparency

One of the key questions from the event audience was whether businesses can ethically implement AI while still reaping the business and revenue rewards. As a panel, we explored two areas that I believe underpin responsible innovation with AI: accountability and transparency. 

As Generative AI is still an emerging technology, the regulations governing its use are also still emerging. Many AI frameworks around the world, including here in Australia, are still under consultation. There is also a lack of industry-standard benchmarks, security policies and reference architectures to help people build AI technologies and assess them for security reasons. 

Decisions about how and when to use AI are still largely being driven by organisations themselves – so we’re relying on businesses to innovate but also self-regulate. To innovate responsibly, businesses need to be accountable for the technology they use – including its robustness, its security, and the accuracy of the data informing it. Transparency about how this information is being used, who has access to it and what has been put in place to prevent misuse is also crucial.

The third fundamental of responsible innovation in AI: human-centricity

Alongside compliance and technical robustness, during the panel discussion, I advocated for a third fundamental of AI in a “triangle of responsible innovation”: human-centricity.

Generative AI can create content quickly but it does not replicate human creativity. It’s an enabler for quick idea generation, proofreading or summarising, but it lacks real human empathy to be able to always resonate with audiences authentically.

Additionally, Generative AI reflects the bias in its underlying data, such as social inequality, gender discrimination or minority stereotypes. For instance, it may only generate an image of a white male in his 40s when asked to depict a doctor. Humans are required in the process to recognise this bias in the generated content and act on it.

This in itself can be challenging. After attempting to correct AI’s bias against minority groups,  Google overcorrected, enabling users of its Gemini AI to create misleading and historically inaccurate images of people, including the US founding fathers of the US and Vikings, in a variety of ethnicities and genders. 

Understand your business aims and collaborate with experts

As the hype around Generative AI continues to grow, more businesses are considering implementing AI within their own operations and workflows. However, all panellists agreed that a business must first define their aims, understand their use cases, and perform a thorough security and risk assessment before they onboard any new tool or start any AI development work. 

To successfully embark on AI journey, businesses also need to ensure that leadership teams become fluent in AI and can prioritise use cases that are aligned with their business strategy. Organisations also need to set up an operating model which allows experimentation with AI in a structured way that can then be scaled when needed. 

Those who rush into using new tools like Generative AI, without fully considering best practices or how it can add value to their business, risk inviting security issues and wasting time, money and effort on something that might not deliver on the hype. This is especially true with new and rapidly developing technologies such as Generative AI – even large global organisations such as Google, Meta and Microsoft are spending time constantly adapting and improving their understanding of AI and how it should be implemented. 

Businesses need expert help and guidance to maximise the resources they invest in any new technology and AI is no different. If you’re interested in exploring how to implement AI in your organisation and maximise the opportunities and benefits it can offer, contact our experts in Australia.