_
_
They are one of the largest banking institutions in the U.S. as well as one of the oldest in continuous operation, with offices across 20 U.S. states as well as locations in 23 other countries across many regions of the world. As of June 2021, they held $1.5 trillion in assets under management and another $15.7 in custody.
employees
2021 revenue
assets under management
assets under custody
As businesses and consumers have many choices about where to invest, save, and deploy their capital, it is vital for finservs to offer cutting-edge technology. This includes both internal applications and client- or customer-facing applications, plus websites and many other technological components.
To stay competitive, modern developers — even those in highly-regulated industries — must offer high-quality software and release it quickly. Accomplishing this at enterprise scale requires a high level of confidence in the quality and security of those applications.
To achieve this goal, organizations must embrace modern practices like Dev(Sec)Ops and continuous integration and deployment (CI/CD). These approaches apply tools and processes that value and facilitate speed. Companies who want to develop software in a cutting-edge manner must embrace automation across the software development and delivery processes.
For the engineering teams responsible for CI/CD pipelines at Northern Trust, checking software code for vulnerabilities and licensing compliance had become a bottleneck in the release process.
The team used a set of tools and approaches, including:
These processes helped them conduct pre-release gate checks for software and the microservices underpinning them. Unfortunately, this still required manual evaluation of the results to determine whether to make and/or approve a change.
In fact, for a single change, employees often had to contact four to five different teams to gather testing results. Only then could they decide whether to approve a new release or other change.
These manual gate-checks also made the approval process subjective. Furthermore, given the highly regulated nature of the financial services industry, it was important to ensure each change approval was compliant and left an auditable paper trail. With thousands of changes a week, there was only so much the engineers could do manually.
To streamline the release process, Northern Trust sought a way to automate this. Initially, they opted to use the ServiceNow DevOps module. However, the module did not support Github Actions out of the box, which was a key requirement. They needed to uplevel their implementation, and they recognized that external expertise would speed up the process and deliver the best possible results.
RapDev is an engineering consulting firm that helps organizations gain visibility into their cloud-native services and infrastructure by implementing ServiceNow. The company’s expertise in DevOps and modern development practices means it’s able to create customized implementations for each customer. For Northern Trust, RapDev’s engineers recommended utilizing the ServiceNow DevOps application to accelerate change management.
RapDev also recommended Northern Trust use the ServiceNow Governance, Risk, and Compliance (GRC) application to comply with financial services and other key industry regulations. As a ServiceNow Elite Partner, RapDev is an expert at engineering effective solutions that automate key steps across the software development life cycle (SDLC), while also ensuring an audit trail for compliance requirements.
When Northern Trust asked ServiceNow to recommend an implementation partner, RapDev was their obvious choice. After meeting with the RapDev team, Northern Trust signed on to quickly roll out ServiceNow for their CI/CD pipelines.
Proprietary automation tools are central to RapDev’s ServiceNow implementations. Instead of forcing Northern Trust to perform manual testing on their microservices, RapDev automated the discovery of microservices and artifacts and their storage in ServiceNow. This created a central system of record for artifact names, versions, and other metadata associated with an application.
With this information in one place, the Northern Trust team now has complete visibility into the software delivery lifecycle. They can release updates and new features with confidence, knowing they’re mitigating risks and vulnerabilities and maintaining an audit trail.
“As a DevOps leader,” said Junna, “I want to automate all development activities as much as possible. Bringing all this into a popular system of records like ServiceNow [with RapDev’s support] is a big accomplishment. This kind of visibility gives us a lot of savings in terms of effort; and more than savings, that visibility gives us risk mitigation from the code quality and licensing perspective. RapDev made all of this a reality for us.”
RapDev’s deployment also enabled Northern Trust to increase the ROI of their investment in ServiceNow. Through their work with RapDev, Northern Trust was able to identify additional use cases for ServiceNow within their organization, further increasing the platform's ROI.
Overall, the RapDev implementation with Northern Trust has been a huge success on multiple fronts and has given the team increased confidence in the quality and speed of their software delivery processes without increasing risk to the company.
"My experience with RapDev was awesome,” said Basivi R. Junna, the VP/principal architect of DevOps at Northern Trust. “The implementation, the solution, the scheduling, executing according to timelines — and most importantly, designing solutions for our requirements that are maintainable and sustainable."
With ServiceNow’s value proven, Northern Trust is now looking to implement it across their entire organization. This will help them bring the time and cost savings, risk reduction, and process improvements they have already implemented to the whole company. Staying competitive in financial services requires this sort of forward-thinking investment, and Northern Trust is a perfect example of how to do it right.
