Patterns for Building Developer Agility into Highly Regulated Environments

The strict compliance demands placed on the production data of highly regulated environments may feel like anathema to dynamic, agile development. However, this does not need to be the case.

In our recent presentation, Unlocking Developer Potential in Regulated Environments, at the AWS Summit, Singapore, we demonstrated how three key patterns enable regulated organisations to use the cloud to help developers realise greater productivity while unlocking automated self-service capabilities, real-time analytics and much more. Of course, all of this is being done while maintaining the necessary protection of sensitive information.

AWS Summit Singapore 2019 | Unlocking Developer Potential in Regulated Environments

Pattern 1: Enabling Self-Directed Learning Inside a Regulated Organisation

A strong culture of self-directed learning is one sign an organisation has strong cloud maturity; however, for large organisations with regulatory demands, special care must be taken to enable it securely.

Automated self-service-based learning is crucial to avoid having a relatively smaller cloud engineering team from becoming a bottleneck to the larger development community’s learning. When building an automated solution, ideally developers get not only the technical resources for trying new things, but also the business feedback loops – most importantly, cost – that is critical to good cloud architecture. So, to build an environment for self-directed learning, we need automation to bake in compliance and also cost controls. Then a platform can be built with all the controls in place and a feedback loop with budget alerts that educate developers about the impact of their services on spend.

Ultimately, self-directed learning isn’t about the technology used but about encouraging learning. Once the secure self-directed learning platform is in place, continuous learning can be inspired through the use of innovation credits, game days, innovation days and hackathons. Technology and processes can become a powerful way to upskill people.

Pattern 2: Provide Developers with Compliant Production-like Data

To empower and encourage developers, they need something as close to production data as possible with which to work; however, providing appropriate anonymous data that meets compliance burdens is typically a huge challenge for large (and especially for regulated) organisations.

The more production-like the datastores developers can work with, the more errors are reduced, better knowledge is shared, and extra value can be unlocked. Fortunately, AWS offers the flexibility to replicate datastores based on the organisation’s regular snapshots, which can then be anonymised or desensitised through an Extract Transform Load (ETL) to build a developer datastore that already meets regulatory requirements, has standard Identity Access Management (IAM) controls in place and is true to the production-level data the developers’ apps will use.

Because the masking tools are developed centrally, the process can be automated, and the data becomes available on a self-service basis to developers. Once automated, it can be repeated and taken even further: cut-down data snapshots, uplift data from on-premise databases, trigger provisioning and more.

Pattern 3: Enable Near-Real-Time Analytics on Sensitive Data

Today, there’s a rich ecosystem of analytics tools that can provide organisations with information and intelligence at almost a moment’s notice. Unfortunately, large regulated enterprises often feel hamstrung when looking for a safe way to make use of them with highly compliant data. Production databases are full of sensitive information that must be protected, even internally.

This too can be solved through the flexibility found in AWS. Datastores can be pulled off as events and fed through a real-time filter based on the specific compliance needs of the organisation. Once the organisation has sanitised, clean and compliant data coming out of this system, various consumers can make use of it, from developers to data analysts, again, on a self-service basis.

The changes this can enable are powerful. It can promote a DevOps mentality as access is provided to nearly production-level data and developers can see the system in real-time and understand to the core how things work. Analytics professions can conduct near-real-time testing and analyse behaviour as it happens. It opens the door to leveraging the plentiful array of analytics solutions available in the market.

Highly regulated environments pose specific and significant challenges, but the tools available on AWS and the patterns and learnings we’ve developed can help highly regulated organisations to be highly agile. It doesn’t need to be an either/or equation.

To learn more, see account structures for the three patterns, and watch a live demo of near-real-time analytics on sensitive data, watch our full presentation at the AWS Summit Singapore 2019 “Unlocking Developer Potential in Regulated Environments

Ian is a Principal Consultant for Sourced Group in Singapore. He has many years experience with AWS, and was named an AWS APN Cloud Warrior in 2017. With a strong background in software delivery, Ian specialises in cloud transformation for financial institutions and other large enterprises.

Kevin is a Senior Consultant with Sourced Group in Singapore. He is a strong AWS developer, skilled in microservices and container-based platforms (Kubernetes, ECS). Kevin has achieved AWS Developer Warrior status in Australia, and is driving the same programme with AWS in Singapore as a founding member.

Menu