It wasn’t long ago that mixing financial data and open-source software seemed like the recipe for a security disaster. But yesterday’s problems bring today’s solutions. New DevSecOps tools, such as those offered by DevOps platform GitLab, are embedding security in the workflow. Meaning that even establishment giants such as Northwestern Mutual Life Insurance Co. are embracing new, agile methodology and joining the open-source community.

“At Northwestern Mutual, we’ve finally gotten past that curve,” said Sean Corkum (pictured, right), senior engineer at Northwestern Mutual. “Now we’re trying to make it even easier for our internal developers to participate in open source … and contribute more to the community.”

“It’s all about managing risk,” added Corkum’s colleague Kyle Persohn (pictured, left), senior engineer at Northwestern Mutual Life Insurance Co. “We have to do our due diligence, but we love to contribute.”

Corkum and Persohn spoke with Stu Miniman (@stu), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the GitLab Commit event in San Francisco. They discussed how GitLab and Kubernetes have been instrumental in Northwestern’s digital transformation and helped to increase the company’s security posture.

From underwriting to open source

Northwestern Mutual is known as an insurance underwriter, but the company offers a wide range of financial services and products. Foreseeing the importance of being able to offer customers fast, customized service and account access via mobile apps, Northwestern started transitioning from traditional to digital several years ago.

“We wanted to be a software company that is providing financial service and financial stability for our clients,” Corkum said.

Needing a new tool to help ease the transition, Northwestern Mutual’s pilot group of engineers decided on GitLab.

“Gone are the days of, let me fill out a request … and wait as it goes through somebody’s work queue and they eventually get around to it,” Corkum said. GitLab helps speed the development process, “allowing [Northwestern Mutual’s] developers to do their commits, get their peer review, and just deploy and provision right away,” he added.

Using Kubernetes continuous integration to boost security posture

The ability to leverage containers is key, according to Corkum. “We started working down that path of deploying GitLab into Kubernetes because it allowed us to easily expand and make the application highly available,” he said. A fearless all-or-nothing philosophy of “let’s not just push the boat out a little, let’s dropkick the boat off the end of the pier and see where we end up,” led not only to increased speed, but also increased security.

“A lot of times people are using API keys and they’re getting stale and not being rotated,” Persohn stated.

Northern Mutual solved this issue using GitLab and Kubernetes’ Identity and Access Management to increase the company’s security posture. “Moving towards role-based access and getting those credentials that are rotating, provides non-stale authentication credentials,” he said.

“It’s enabling us to limit any kind of attack plane that could exist,” Corkum said. “You have to get through a lot to even get to it. So, it’s really just been a huge, a huge plus for us.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the GitLab Commit event.

Photo: SiliconANGLE