Making the QA Role Relevant in DevOps and CI/CD


The European banking sector is under increasing pressure to simultaneously modernize and secure their operations under decreasing budgets. They prepare for regulations like GDPR whilst facing competition from FinTechs and Challenger banks on the back of regulatory changes under Open Banking and PSD2. This fast-paced change might be coming at a cost to the quality and security of the software that runs these banking businesses.

In the wake of Equifax and other monumental breaches of 2017, QA professionals now find themselves in an interesting position. No longer at the helm of risk prevention efforts, the QA role has largely been decentralized as part of the DevOps movement. QA is now a part of a largely automated process that includes software development and operations teams who are more business focused and agile to help the organization bring new products to market faster to compete with challenger banks.

So in this agile and automated way of working, who is overseeing structural risks at a system level and ensuring that software risk and security are maintained, without having to embed security experts on every team?

This was the main theme of a recent panel discussion at the QA Financial Forum in London, where I joined executives from Credit Suisse, Bank of America Merrill Lynch and BlackRock to discuss the impact of the DevOps movement on QA, vendor management and software risk and security.

As QA professionals look to stay relevant in the increasingly automated world of software development and delivery, they should look to differentiate their role in three primary ways:

  1. Measure and mitigate software risk at a system level. It should be a priority of QA to monitor the overall health of mission-critical software, particularly applications that are complex and composed of multiple technologies. There are many companies starting to do this well. For example, Fannie Mae in the US is driving disruptive change by building a system level software quality gate in their automated DevOps tool chain.
  2. Help developers write better code through education and building an end to end blueprint of the systems. Whilst development teams already use static code analyzers to check software quality at a unit level, QA leads can assess structural health at a system level and build a feedback loop with dev teams to ensure they write better quality software. Blueprinting the end-to-end technology stack will help DevOps teams do better impact assessment.
  3. Ensure cost efficiency by reducing software maintenance efforts. Many banks are still spending up to 70% of their IT budgets on run the bank initiatives. This prevents organizations from investing in ‘change the bank’ initiatives that help them compete with FinTechs. By helping reduce Technical Debt release-by-release, ‘run the bank’ costs will reduce as the code base becomes less spaghetti, thereby shortening the time to market for new functionality. With a better understanding of application portfolio performance, QA pros can help guide ADM efforts and keep costs on-track.

By facilitating and spreading “Software Intelligence” within the IT organization, QA professionals can elevate their role while supporting better software performance from a cost, resiliency and security perspective.

  This report describes the effects of different industrial factors on  structural quality. Structural quality differed across technologies with COBOL  applications generally having the lowest densities of critical weaknesses,  while JAVA-EE had the highest densities. While structural quality differed  slightly across industry segments, there was almost no effect from whether the  application was in- or outsourced, or whether it was produced on- or off-shore.  Large variations in the densities in critical weaknesses across applications  suggested the major factors in structural quality are more related to  conditions specific to each application. CRASH Report 2020: CAST Research on  the Structural Condition of Critical Applications Report
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
Making sense of cloud transitions for financial and telecoms firms Cloud  migration 2.0: shifting priorities for application modernization in 2019  Research Report
Vishal Bhatnagar
Vishal Bhatnagar SVP, CAST U.K.
Vishal is responsible for the CAST business in the UK & Ireland. Based on his IT services and consulting expertise, Vishal brings diverse and valuable software analytics experience to CAST customers. Vishal comes to CAST from IGATE where he was responsible for sales, solution creation and client management for the Communications, Media and Energy sectors across Europe. During his tenure he grew this portfolio from $3m to $45m in a span of seven years, pioneered the first full managed services deal, including the first TUPE deal in the company's history, and won the largest ever new business deal at IGATE. Before that Vishal worked at mBlox and Comverse and also established a successful entrepreneurial venture.
Load more reviews
Thank you for the review! Your review must be approved first
You've already submitted a review for this item