UPDATED 14:00 EDT / JANUARY 15 2020

APPS

Finance goes agile as open source checks the security box

It wasn’t long ago that mixing financial data and open-source software seemed like the recipe for a security disaster. But yesterday’s problems bring today’s solutions. New DevSecOps tools, such as those offered by DevOps platform GitLab, are embedding security in the workflow. Meaning that even establishment giants such as Northwestern Mutual Life Insurance Co. are embracing new, agile methodology and joining the open-source community.

“At Northwestern Mutual, we’ve finally gotten past that curve,” said Sean Corkum (pictured, right), senior engineer at Northwestern Mutual. “Now we’re trying to make it even easier for our internal developers to participate in open source … and contribute more to the community.”

“It’s all about managing risk,” added Corkum’s colleague Kyle Persohn (pictured, left), senior engineer at Northwestern Mutual Life Insurance Co. “We have to do our due diligence, but we love to contribute.”

Corkum and Persohn spoke with Stu Miniman (@stu), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the GitLab Commit event in San Francisco. They discussed how GitLab and Kubernetes have been instrumental in Northwestern’s digital transformation and helped to increase the company’s security posture.

From underwriting to open source

Northwestern Mutual is known as an insurance underwriter, but the company offers a wide range of financial services and products. Foreseeing the importance of being able to offer customers fast, customized service and account access via mobile apps, Northwestern started transitioning from traditional to digital several years ago.

“We wanted to be a software company that is providing financial service and financial stability for our clients,” Corkum said.

Needing a new tool to help ease the transition, Northwestern Mutual’s pilot group of engineers decided on GitLab.

“Gone are the days of, let me fill out a request … and wait as it goes through somebody’s work queue and they eventually get around to it,” Corkum said. GitLab helps speed the development process, “allowing [Northwestern Mutual’s] developers to do their commits, get their peer review, and just deploy and provision right away,” he added.

Using Kubernetes continuous integration to boost security posture

The ability to leverage containers is key, according to Corkum. “We started working down that path of deploying GitLab into Kubernetes because it allowed us to easily expand and make the application highly available,” he said. A fearless all-or-nothing philosophy of “let’s not just push the boat out a little, let’s dropkick the boat off the end of the pier and see where we end up,” led not only to increased speed, but also increased security.

“A lot of times people are using API keys and they’re getting stale and not being rotated,” Persohn stated.

Northern Mutual solved this issue using GitLab and Kubernetes’ Identity and Access Management to increase the company’s security posture. “Moving towards role-based access and getting those credentials that are rotating, provides non-stale authentication credentials,” he said.

“It’s enabling us to limit any kind of attack plane that could exist,” Corkum said. “You have to get through a lot to even get to it. So, it’s really just been a huge, a huge plus for us.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the GitLab Commit event.

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.