We often want more visibility with regulators in financial services on their approach to new techniques and technologies in IT. This is a sneak peak at the upcoming FFIEC IT Conference agenda. Regulators want to understand the basics on microservices and container technologies, DevOps methodologies, and their implementation workflows. We'll get an update later this month from the team presenting these concepts to US regulators.
FFIEC IT Conference - May, 2021
IT Infrastructure Talking Points
Theme: Microservices architecture, processes and controls / Application Programming Interface (API) risk and controls
Talking Points:
- How virtualization and cloud have changed the development process
- Uses for microservices
- Background understanding into terminology
- Basics: Microservices, containers and APIs
- Service Mesh
- Use of DevOps and DevSecOps with microservices, container and API development
- Example process flow
- How to audit microservices and DevOps/DevSecOps
Examiner Takeaways:
- Questions examiners should ask
- Types of artifacts examiners should see
- Risks of using microservices
- Controls examiners should see in place
- Red flags in implementation
- What should be in an audit report