The Federal Deposit Insurance Corporation is undergoing a major network and IT infrastructure update to shift from legacy systems to cloud computing and automation. Deputy Director of Infrastructure Services Isaac Hernandez said agencies cannot target modernization based on technology alone. As the banking industry changes to meet market demands, so too must FDIC’s business lines evaluate impacts on carrying out the agency’s mission.
The migrations of applications to low code, no code cloud platforms assist in reducing FDIC’s on-premises footprint from data centers, and in turn reduced operational expenses. That also increases resiliency and reduces the likelihood of service outages, Hernandez said.
“By automating these variety of repetitive tasks such as building an environment — whether we’re building servers in a virtualization environment, installing software, supporting software, applying security patches — this increases our efficiency and our accuracy that otherwise would have been lost in time productivity and costs,” he said on Federal Monthly Insights – Digital Modernization: Automation month.
Automation is key to one of the agency’s major goals: DevSecOp automation. Hernandez said his organization wants to combine software development, and security and IT operations. By targeting “container technologies,” he said they can package these applications.
“We’ve already established certain practices, such as agile — practices in our environment, where DevSecOps [would] really compliment these approaches, in order to meet our goals,” he said on Federal Drive with Tom Temin.
It also requires a culture change to get the necessary community buy-in. At times, people can be resistant to losing something they are comfortable with, but bringing everybody along, and making it clear that everyone’s objectives and missions will still be met, is key. Hernandez said some of the DevSecOps development work is done by federal staff at FDIC but the majority is done by contractors and partners.
As for FDIC’s automation priorities, he said it’s important to look at the low hanging fruit, areas which bring value to the business lines, and to not to update or automate things just for the sake of modernization.
“So with that, we started to build foundations of developing governance, for our target infrastructure framework for automation. This is important to avoid the traditional complexities that organically manifests itself in providing a maintenance and support of automation, such as what comes with the implementation of different tools and technologies,” he said.
The IT modernization landscape is considerably different than it was a generation ago. If Hernandez were starting a company today, he said he could go to a cloud services provider instead of building out his own data center. And today, it’s also important not to conduct retrofitting in siloes. Internally, FDIC has governance processes, various technical review boards that allow decision-making based on set criteria. Business needs a funding scope, he said, and when conflicting priorities arise, senior leadership must help facilitate the path forward based on business priorities and goals.
“So automation is just the foundation and in some cases, just like we find ourselves today — we’re talking to each other and we’re talking … virtually because of our COVID environment and in situations like this where unforeseen events can happen, we’re forced to adjust our business models and automation tasks that we would traditionally do and conduct manually. We were forced to do that quickly,” he said.