Pavan Belagatti

DevOps Influencer

The Cloud-Native & DevOps Approach in Regulated Industries

The DevOps practices are helping companies build software that will function properly in a more automated world & this is what building cloud-native software is all about. While the cloud-native approach is becoming more critical and making life easier for everyone involved in software development, there are still industries that are laggards and kind of scared to move out of their legacy practices. Yes, we are talking about the highly regulated industries like Healthcare, Financial corporations, government agencies, etc. When it comes to adopting new technologies of building software, these industries have always remained slow because of the limitations they carry with them. But recently we have seen so many traditional banks and hospitals moving towards DevOps and cloud-native practices. 
You cannot be a cloud laggard these days, dragging traditional systems into the cloud. It is not just software companies that are innovating these days; every company is becoming a software company now. 
Being innovative and delivering features and products fast and with quality is the need. Netflix, it used to ship DVDs through the mail, with an IT architecture centered around an Oracle-based datacenter. Netflix soon understood the importance and leveraged the cloud-native approaches, DevOps practices, and automation. Now, Netflix is the leader in disrupting the technology and has achieved a special status as the cloud-native company that has an unbelievable tech stack.
This forecast (Image below) shows the annual growth rate of the industry cloud computing market worldwide in 2019 compared to 2018, by industry. It is forecast that the finance segment of the industry cloud market will have an annual growth rate of 22.8 percent from 2018 to 2019.
Source & Credits: Statista
Why is it difficult to embrace cloud-native and DevOps in regulated industries? 
As microservices and container-based infrastructure are enriching how the software is built these days, new challenges with security and compliance appear for regulated firms. 
Regulated industries imply several challenges 
  • Strong restrictions on secured networks
  • Fine-grained audit trails
  • Strong ACLs models
  • Full lifecycle governance
  • Integration with 3rd parties
Now, let us see the use cases of some traditional firms who transformed themselves into a modern software firm through the cloud-native technologies & principles.

The CNCF Landscape

The Cloud Native Computing Foundation (CNCF) code describes cloud-native applications as having the following attributes:
  • Container packaged
  • Dynamically managed
  • Microservices oriented
Containerization enables accelerated deployment and updating of applications. Also provides standardized development environments removing deviations between development and deployment. Reducing the risk of security and feature issues brought about by friends in each respective environment. This is particularly true when microservices principles are employed, and the dynamic orchestration is achieved through Kubernetes. Kubernetes handles deployments, maximizes resource utilization, provides “desired state management” capabilities, and enables application auto-scaling.
Let’s not go so deep into the evolution and the introductory part of Cloud-Native principles but you can always refer my other article that I recently wrote on ‘Cloud-Native DevOps
When it comes to cloud-native, we have to talk about Kubernetes. Kubernetes has become the most widely used orchestration platform, and its acceptance has forced it to mature quite fast and has left the technology community to innovate rapidly. 
Kubernetes is ideal for CI/CD automation because it offers many built-in capabilities that make application deployment smooth, standardized, and reusable, improves developer productivity, collaboration, and speeds up the adoption of cloud-native practices.
This is how the Kubernetes graph is growing as per the Google trends search interest data. 
Image source: Google Trends
And the below figure shows how the Kubernetes adoption is skyrocketing.

Kubernetes (K8s) in Regulated Environment 

While the benefits of modern software architectures are clear and many businesses around the world are already enjoying faster release cycles, quality features delivery, scalability, and maintainability for regulated industries like healthcare, finance and government are slower to adopt them. And this happens for a good reason - for example, vanilla or managed Kubernetes is not compliant with medical data handling regulations for the USA out of the box.
In this video, Artem Semenov from Align Technology is showing us the basic requirements for making K8S compliant with sensitive data handling regulations and possible technical solutions for making it happen no matter where you run your cluster, on-premise or with a major cloud provider. 
In the video, Artem talks about making the setup compliant when it comes to employing Kubernetes in regulated industries and in particular, he points out 'Transmission Security,' securing all your data encrypted if it travels through the network. He explains the Kubernetes architectural options and how did they end up choosing Istio to make sure the data is encrypted and compliant throughout. 

Italy's Biggest Traditional Bank is Embracing Kubernetes

A conventional bank running its real business on such a young technology? 
Yes, Italy's banking group, Intesa Sanpaolo, has made this transition. Better to say, it is still learning on its way through digital transformation.
The bank's engineering team came up with an initiative strategy in 2018 to throw away the old way of thinking and started embracing the technologies like microservices, container architecture, and migrate from monolithic to multi-tier applications. It was transforming itself into a software company, unbelievable. 
These are banks who still run their ATM networks on 30-year-old mainframe technology and embracing the hottest trend & tech is nearly unbelievable. Even though ING, the banking and financial corporation changed the way the banks were seen by upgrading itself with Kubernetes and DevOps practices very early in the game, there was still a stigma with adopting Kubernetes in the highly regulated and controlled environments like Healthcare, Banks, etc.
Today the bank runs more than 3,000 applications. Of those, more than 120 are now running in production using the new microservices architecture, including two of the 10 most business-critical for the bank.

Monzo, the mobile U.K. bank, Changing the Way Banking is Done

Many of the financial technology firms, now what we call fintech sector has evolved over the years and have been progressing with the help of modern application architectures and DevOps tools and practices that are associated with cloud-native technologies. One example is Monzo, the mobile U.K. bank, which is changing the way banking is done. They released their annual report in July citing growth from 0 to 750,000 customers in 3 years. Watch this fantastic video of Monzo's Senior staff engineer, Matt Heath explaining 'Building a Cloud-Native Bank

HSBC is Rewriting the History with Cloud-Native Technology

One of the world's largest banks is set to become an early user of Google's Cloud Services Platform, to provide core banking services to its business customers. HSBC plans to build its all-new business banking service to run on a Kubernetes-managed container infrastructure using Google's toolset. HSBC also has excellent partnerships with AWS and Microsoft by favoring the multi-cloud strategy. HSBC engineering team believes that moving to a container model under the umbrella of Kubernetes is significant because it means the environment is similar across different clouds. 
Recent Capgemini research ‘Cloud-native comes of age in banking’ specific to banks about Cloud-Native adoption adds, “Once the number of applications moved into this model achieves critical mass, banks can start making large changes to the existing infrastructure to keep costs low. But, until that happens, the legacy investment will continue to be a major impediment to the rapid move to cloud-native that is necessary to address the changing customer and regulatory environment.”
Safeguarding customer data has been the biggest concern for the banks and hospitals, Capgemini’s banking report states, “Cloud-native applications are inherently designed for the new & modern ecosystem—enabling secure and efficient operations. Applications and services are designed to support the way data are shared today. 

HealthCare Sector is Headed Towards the Cloud-Native Era

As we know, when it comes to healthcare organizations, special concerns need to be addressed. But that doesn't mean to hamper the innovation and lower the cloud adoption; it is required to handle a variety of critical IT needs, including a must for increased security, protection of sensitive patient data and meeting regulatory compliance. Despite the initial hesitation, the healthcare sector is increasingly embracing the cloud-native technology successfully.
Healthcare organizations gather vast amounts of critical data on their servers, everything from patient personal info, admission, diagnoses, billing, and discharges. These data needs will only continue to expand & evolve over time, requiring equally augmented security measures and flexibility to remain stable and secure. Legacy infrastructure and old practices won't help here, and this is where healthcare organizations are required to move to the modern cloud practices such as cloud-native, microservices, and hybrid cloud practices to ensure they thrive and survive in the heavily competitive world. 
The healthcare industry is increasingly adopting hybrid cloud and cloud-native practices. According to a report by Nutanix, the healthcare industry now ranks third, by industry, in the number of hybrid cloud deployments worldwide. It also estimated that, in just two years, healthcare providers’ hybrid cloud deployment will jump from 19% penetration to 37%.
Many healthcare organizations are heavily dependent on AWS as their preferred cloud provider to double-down on focus to disrupt healthcare. Cerner HealtheIntent is a cloud-based, programmable population health management platform, recently announced a collaboration with Amazon Web Services, Inc. to help various healthcare organizations to innovate and increase the clinical efficiency, advancing better patient health outcomes. 
Children’s Hospital of Orange County (CHOC) has employed the DevOps principles way earlier with the help of Cerner’s HealtheIntent® platform. Dr. William Feaster, chief health information officer, Children’s Hospital of Orange County (CHOC), stated something like this, “Transforming the HealtheIntent data and loading it on AWS has allowed us to leverage big data and sophisticated data science tools, along with the elastic compute environment on AWS. This has accelerated our data science work at CHOC.”

Cloud First Policy by UK Government

Just like the healthcare sector, Government organizations pose security and compliance issues when it comes to adopting cloud-native practices. Government bodies hold much more valuable data and affect adversely to the entire nation if not appropriately handled. 
The UK government wrote a blog on their cloud journey ‘From Cloud First to Cloud Native
They have explained about the cloud-native definition and their approach towards the same. (As per the blog) Internally, the engineering team has begun to move away from the phrase "Cloud First," and instead start to think in terms of "Cloud Native."
To remain competitive & evolving in this highly evolving tech space, the regulated industries must succeed in transforming their IT systems into a more digitally sound systems. Adopting cloud-native practices, flexible tools, DevOps practices, cloud principles, and microservices architecture - these are the need today in the regulated industries to ensure not only the fast, quality and smooth services delivery to the end customers but also to make sure the safety is the supreme priority.

Tags

Comments

More by Pavan Belagatti

Topics of interest