The Divio Platform aims to answer the needs of CTO and CIOs in Fintech, eliminating day-to-day operational burden and provide more time for strategic initiatives to stay ahead.
The fintech sector is one of the most technically challenging, where security, data protection and compliance are woven into all decision-making and serve as the underpinning for IT spending and development processes. At the same time, these fundamental considerations must be tightly integrated with the need to continually innovate to meet the expectations of enterprise clients who expect more intelligent, robust and interconnected services that provide ready access to their financial assets - on their terms.
The move to the cloud and, with it, infinite scaling, flexibility and possibilities for increased cost-effectiveness has helped facilitate the ability of fintech teams to deliver products and services rapidly without compromising on data integrity.
In order to support cloud transformation, CTOs and CIOs have invested heavily in developing specialised expertise in the configuration and operation of cloud infrastructure, which forms part of the development pipeline. Accordingly, ISO standards have grown to provide guidance for teams working with information security management who can apply these standards to the infrastructure they oversee.
The provision of internationally recognised standards for data security, especially relevant to the financial sector, provides the framework by which organisations can formalise requirements and operational procedures, giving something to validate and adhere to.
The Divio platform simplifies cloud management and deployment, with the ability to intelligently orchestrate multiple public cloud vendors while giving development teams easy-to-use tools for deploying their apps.
In order to meet the demands of the financial sector, the Divio platform has embraced ISO standards at its foundation, most notably achieving ISO 27001 certification - the most widely known standard for information security management systems. By adopting the Divio platform, IT teams can develop and deploy applications autonomously, knowing they are fully compliant and always adhering to information security standards by default.
By putting data security first and applying an opinionated best practices approach to deploying and managing apps, platform integrity cannot be compromised through accidental misconfiguration. As a result, CTOs and CIOs can embed data security adherence into an organisation and shift attention to other common challenges.
The ability to innovate quickly and become a more agile organisation is addressed through the Divio platform tooling. Inherent to agility is autonomy, the ability to work independently and eliminate bottlenecks that would otherwise slow down processes.
By ensuring cloud infrastructure is securely configured and cannot be compromised through misconfiguration, it becomes possible to dramatically speed up the process of safely deploying a new application or rolling out changes.
Development teams use the Divio tooling to set up a development environment and deploy changes to the cloud, following standard conventions of a staging, testing and production environment.
The Divio platform orchestrates cloud vendor infrastructure, meaning that instead of choosing a cloud vendor such as AWS, Google Cloud or Microsoft Azure and setting up delivery pipelines with the configuration of their specific services, Divio manages this on behalf of organisations.
The way in which applications are created prevents binding to specific cloud vendor services or features, and rather, the Divio platform configures and provisions these in the background.
Consequently, cloud vendor specifics are abstracted away, and web apps become portable. The Divio platform can intelligently determine the best-fit cloud infrastructure and deploy the app accordingly.
By staying platform agnostic, Divio can readily address changes in vendor prices, performance, or stability, offering unparalleled resilience.
An important benefit of preventing vendor lock-in is the ability to gain better control over costs that can quickly escalate.
The Divio platform addresses cost management through different strategies of intelligent application management.
Bugs or unforeseen changes in app consumption can dramatically spiral cloud costs. By intelligently monitoring applications, cost spirals can be preemptively identified, and alerts can be created to flag potential issues early on.
Cloud sprawl, creating web applications that are left unchecked or underused, is another cost vertical that can slowly swell running costs. Application management can automatically distribute cloud resources away from rarely used apps, allowing them to continue without impacting costs.
By abstracting cloud vendors and coordinating their resources, the Divio platform can make best-fit decisions to support the requirements of an app against changing vendor price fluctuations.
The cloud orchestration capabilities that Divio provides bring with it multi-cloud capabilities or CloudShift - the ability to leverage multiple cloud vendors concurrently. By ensuring apps remain vendor-neutral, it becomes possible to deploy apps across different cloud vendors.
Diversifying across multiple cloud providers enhances resilience and ensures availability. If one provider experiences downtime or disruptions, workloads are dynamically shifted to another provider to maintain continuity.
The ability to shift cloud resources transparently facilitates data sovereignty - country or region-specific requirements can be met locally. At the same time, the same app might serve multiple regions in other areas without manual intervention or configuration changes using the Divio Mirrors functionality.
Most financial systems are, by their nature, critical in maintaining business continuity and come with disaster recovery strategies and processes.
The Divio platform approach uses containers to encapsulate applications, isolating them from the environment in which they run. A developer working locally can use the Divio tools to run an application identically to how it will run when deployed to the cloud, avoiding making environment-specific tweaks and changes that need tracking and maintaining.
This has several significant benefits, including rapidly recovering and redeploying an application.
With a container approach, the Divio platform also includes an opinionated backup strategy by default, ensuring that backups of the data an app creates or depends on are always kept fresh and securely stored according to best practices.
Multi-cloud, portable applications and backup strategies work together to provide a robust way of ensuring business continuity and rapid recovery capabilities.
SLAs, written guarantees of uptime and availability, are often agreed directly with the cloud vendor and encompass the various cloud products and services used.
Given the premise of cloud - using shared and distributed computing resources, cloud vendor SLAs are typically standardised and serve all customers.
Actively monitoring and enforcing SLA incurs an often unseen organisational cost, potentially multiplied across different cloud vendors. Each cloud vendor must benchmarked and held accountable to adhere to the SLA - with differing terms, restitutions and resolution processes.
Divio provides one SLA interface towards the cloud vendors being orchestrated, simplifying the SLA process and acting as one point of contact. Underlying the SLA, the Divio platform can intelligently move cloud resources around, using multi-cloud techniques to maintain service levels.
Nurturing and developing cloud competencies mandates a broad range of specialised skills, made more challenging when dealing with multiple cloud vendors and their specific catalogue of products and services.
A common approach is to build a centralised competence centre within an organisation that works to manage, monitor and provision cloud infrastructure that development teams depend upon.
An alternative strategy that Divio makes possible through tooling is to empower development teams to provision and deploy their infrastructure on demand to meet their immediate needs. Whilst this might otherwise be considered high risk - with security implications and unpredictable costs, the Divio platform acts as a virtual cloud competence centre.
The Divio tools allow development teams to deploy directly to the cloud whilst ensuring the integrity of the cloud is maintained. Using an opinionated approach to how apps can behave and managing cloud resources automatically enables rapid deployment without compromising the integrity of the cloud environment.
An organisation can benefit in agility by removing bottlenecks in the deployment process and making better use of the resources available - giving development teams the ability to provision managed cloud infrastructure when needed and alleviating the need for specialised cloud competence.
This also eliminates the need for developers to have cloud competencies, reducing demands for new hires.
The financial sector and the fintech that supports it constantly face pressures to meet laws and regulations, maintain data privacy and integrity, and continually innovate, weighing on CTOs and CIOs responsibilities.
The Divio platform aims to take on the operational burden and provide the tools and built-in security to enable faster and more agile teams, leaving more time to look ahead at emerging changes and requirements.
Financial institutions such as Fidelity International and the Zurich Cantonal Bank, the largest cantonal bank in Switzerland, have both chosen to use Divio to power their cloud strategies accordingly. Most recently, the Swiss Government, with stringent security and compliance prerequisites, has also opted to use the Divio platform to power their services. Contact us to learn more.
Divio Method and Compliance Part 2: GRC Tool
In this interview with Divio’s Jonathan Stoppani, read about how we set out to build our own Governance, Risk, and Compliance tool. The project exemplifies Divio’s approach to problem solving.