Development Cost Reduction With Secure Cloud Development

Webinar Transcript:

Introduction

[Laurent]:

All right, so hi, Jing, how are things?

[Jing]:

Hi, Laurent. I'm good. How are you?

[Laurent]:

I'm doing well, thanks. It's been a while since we last spoke. We're thrilled to be working with Sirius. Today's discussion focuses on how Sirius has effectively reduced IT infrastructure costs for application development by 46% through the use of secure cloud development environments (CDEs). Our conversation will be recorded and shared later, along with live comments. Let's begin.

Today, we're eager to learn more about Sirius Technologies. You have extensive experience in complex software architecture and profit automation, particularly in executing large-scale projects. We're interested in the applications your team is developing and the challenges you faced before adopting secure cloud development environments. I'll be hosting our discussion. On the left is me, Laurent, and on the right, Jing, the CEO of Sirius Technology. Jing, could you start by telling us a bit about yourself and Sirius Technologies?

Enhancing Digital Security and Promoting Financial Inclusion

A Collaborative Effort Between Sirius Technologies and Strong Network

[Jing]:

Hi Laurent. Before diving into our discussion, I want to extend my gratitude to the Strong Network teams. Their support in transitioning our 170 staff members at Sirius to use the Strong Network has significantly enhanced our security measures for daily operations. Thank you, Laurent. As for Sirius, we are a technology company that specializes in creating enterprise solutions, particularly for financial services and various industries facing challenges in digital transformation.

[Laurent]:

I'd like to briefly mention Strong Network as well. For about two years, we've been collaborating with your team. Based in Switzerland, Strong Network serves your operations in Singapore and your engineering team in Thailand. This partnership is a testament to the power of our global network, proving that geographical distances are no barrier to providing solutions and support. At Strong Network, our main focus is delivering secure cloud development environments (CDEs). CDEs have gained popularity recently, especially with the emergence of vendor lock solutions like GitHub Code Spaces and Google Workstation.

Our known solutions primarily emphasize productivity, offering access to repositories through a browser-based IDE and cloud-run environments. However, at Strong Network, we aimed to go further by incorporating security against data exfiltration, focusing on infrastructure security right from the start. Our clientele, including Sirius Technologies, exemplifies our commitment to this approach.

We also have significant global clients like Broadcom, and we were featured in Gartner's recent Agile and DevOps report. Additionally, we are ISO 20,001 certified and trusted by Fortune 500 companies. That's a brief overview of Strong Network. Now, Jing, could you share more about Sirius Technologies - your locations, operations, and focus areas?

[Jing]:

Yes, so we're based in Singapore, with our operational headquarters in Thailand, a center in Shenzhen, and a sales office in Columbia. Although we're just two years old, we're already operating across multiple regions. From the outset, we focused on centralized security control and decided to be a light asset company, which is why we don't issue company notebooks like many tech companies.

Regarding our mission, we are committed to financial inclusion. We aim to bring high-quality financial services to the long-tail market through what we call Better Finance. Our goal is to be the technological enabler for banking, financial services, and insurance (BFSI) companies, assisting them in transforming their operations to embrace Better Finance. This transformation will enable these services to reach more people while significantly reducing client acquisition costs and day-to-day operational expenses. As a result, people can enjoy sustainable, affordable, accessible, and appropriate financial services.

Our vision extends beyond just financial services. We believe in an embedded economy where every business can adopt this model, leading to an overall improvement in the quality of services for people.

Navigating the Challenges of Expanding Digital Service Offerings

“It's getting more and more challenging and more and more expensive for anyone who tries to do everything by themselves."

[Jing]:

Our journey highlights the impact of digital and mobile technology on daily life, which has led to increasingly diverse digital service needs. As convenience and accessibility become crucial factors in service selection, it's becoming increasingly challenging and expensive for any single entity to provide all these services independently. Therefore, collaboration and adopting an embedded model are becoming essential strategies for those who wish to expand their range of services to their end-users.

[Laurent]:

What about these three tenets? You have three tenets, open competition, open infrastructure, open data, can you tell us more about that?

[Jing]:

Yes, in response to market demands, banks and financial institutions have generally been hesitant to adapt. Consequently, regulators are increasingly intervening, implementing open banking and open insurance policies at the country level. These policies are designed to foster open competition, infrastructure, and data sharing, reflecting a global regulatory trend.

[Laurent]:

I think you have an amazing background also because you were doing some kind of amazing things before that. So what were you doing?

Pioneering Digital Banking with Open-Source Technology

[Jing]:

Our belief in Better Finance stems from our prior experience founding WeBank, China's first privately-owned and digital-only bank. As the founding team, we developed WeBank from scratch, handling everything from IT infrastructure and architecture to system implementation and operations for the initial four years. With over 300 million users, WeBank is now the largest digital bank globally.

A key lesson from WeBank was how to scale a bank using cost-effective technology. We built the entire bank on open-source technology, a pioneering approach in 2014. At that time, concepts like Kubernetes were in their infancy, and NoSql databases weren't widely accepted for financial applications. Yet, we successfully built a cloud-native digital bank that met financial-grade expectations.

Another significant learning at WeBank was building an "invisible bank," where 95% of our customers were acquired indirectly by integrating our banking services into other businesses. This approach strengthened their customer relationships while allowing us to expand our customer base without direct acquisition costs. This strategy solidified our belief in Better Finance as a solution to challenges in the financial services market and as a means to promote financial inclusion. Our experience at WeBank forms the foundation of Sirius today, where we leverage our know-how to provide scalability, openness, and low costs to partners driving digital transformation, aiming to make a positive impact on society.

[Laurent]:

So you're really serving 350 million individuals and 3 million more MSMEs (micro small & medium enterprises)?

[Jing]:

I believe the latest number is close to 400 million already.

[Laurent]:

That’s amazing. You said a bit about the application, but perhaps you can tell us more about how you basically deliver this type of capability to your customers?

Adapting to Needs for Better Finance and Digital Transformation

[Jing]:

When considering Better Finance, the core principle is to offer products that are appropriate for your partners. This approach means moving away from selling standardized products for varied business uses. Instead, it's about adapting your business model and processes to support different end-users with the same product. This requires a more agile and flexible approach to service delivery to facilitate embedding into diverse business models. If you expect others to conform to your way of working, the market acceptance of your service will likely be limited. People will question why they should adapt to your methods. The solution to this challenge lies in what we call composable innovation. It involves reorganizing your internal product structure to ensure all offerings are composable. This way, you can quickly assemble specific workflows for unique use cases as required by individual partners.

[Laurent]:

And this is an example of composable solutions, right?

[Jing]:

Yeah. So these are the bits we built. So we have a platform that runs all these solutions and then these are the small bits of things that we built, like Lego bricks that can be easily put together with our composable tools and then something that is special for a particular delivery to a particular partner. So we go the opposite way of those unicorns like Mambo and Don Machine, we go the opposite way because they are the comprehensive solution that tries to be composable. We started as minimum viable blocks, Lego blocks, small blocks, and then hence from day one by DNA, we are composable. And then we hope that this can be the boot-strapping bits for your digital transformation journey to get ready for Better Finance.

Addressing Productivity and Security in Distributed IT Teams

Hybrid development team

✂️ What are the main challenges of your IT and development teams?1: hybrid and distributed team // partners need to access sensitive IP - YouTube

Join productivity and security

Source code replica

✂️ What are the challenges? 4: joint productivity and security - Can put the source code on their laptop - a lot of replica of the IP - YouTube

[Laurent]:

One of the primary challenges you're facing involves the IT and development team, particularly with their distributed nature across various locations. This aspect seems to be a significant hurdle in your operations.

[Jing]:

So not just for locations, location is one thing also. We try not to go too fast and too big. Hence we also have many partners that either partner with us in some delivery project or partner with us and learn our technology to become our reseller and many, many things. So we do have quite a significant size of our partner teams that also need to assess some of our sensitive IPs in order to function.

[Laurent]:

The dual challenges of maintaining productivity and ensuring security within your distributed team make you an ideal candidate for our technology. Could you elaborate on how these challenges have influenced your decision to adopt our solution?

Enhancing Security and Productivity in Dev Environments

Intellectual property is secured

✂️ How Secure CDE address challenges? 5: Intellectual property is more protected. - YouTube

Permission model and micro-segmentation for better security (Laurent) (21:48)

✂️ How Secure CDE address challenges? 6: permission model with role + micro-segmentation - YouTube

[Jing]:

Yes, exactly. Our product setup is inherently complex, making onboarding for developers, QA, system architects, designers, project managers, or product owners quite intricate. Each new team member needs access and permissions across multiple platforms like Jira and GitLab, which is a detailed and complex process.

Before adopting Strong Network, we used a VPN to control access for those using personal laptops, but this approach had its drawbacks. The VPN, not managed by us, often impacted service stability and quality, becoming a bottleneck for productivity. Furthermore, the protection of intellectual property was a constant concern. Even with VPN and credential controls for systems like GitLab, the security wasn't foolproof. Developers with access permissions could still download source code to their personal laptops, posing a significant security risk.

[Laurent]:

You're dealing with the challenge of managing numerous local replicas of intellectual property (IP), which inherently poses a risk. As you mentioned, enforcing efficient access control is difficult, especially when credentials can be reused on different machines, leading to unauthorized data access.

Let's delve into the challenges of maintaining a secure development environment. You're supporting a distributed workforce across multiple locations, which includes not just your developers but also partners and System Integrators (SI). This adds complexity, particularly because external partners require different levels of access and shouldn't have the same permissions as internal staff, especially considering compliance with security standards like ISO 27001, which we also adhere to.

Effectively managing relationships with external providers is crucial. We need to systematically control interactions, protect intellectual property, and ensure high developer productivity. I'm interested in hearing how you've tackled these challenges with secure development practices and the onboarding process.

Simplifying Onboarding and Protecting IP with Templates

How Sirius use the secure browser to replace VPN to avoid data exfiltration (24:37)

✂️ 2: How is the platform used by Sirius in technical terms. VPN was a problem. Use secure Browser for secure access - YouTube

Using Huawei to deploy Strong Network (lower cost) (25:37)

✂️ 3: How they use Huawei cloud with Strong Network - YouTube

Thanks to Strong Network, Sirius works with partners in different countries (26:36)

✂️ 4: How do they work with partners through Strong Network? - YouTube

[Jing]:

Nowadays, our onboarding process has become much simpler. We've developed various templates on Strong Network, allowing us to quickly onboard new team members with just a few clicks. This system lets us easily create a new developer environment and then assign resources to the developer based on their project assignments, linking them to specific GitLab repositories.

The creation of a development environment has become ad hoc; we no longer need to maintain standby development environments. Developers can set up an environment for integration tests on their own and dismantle it afterwards. This has significantly reduced the setup time for new developers who previously took days just to configure an IDE. Now, they receive a pre-configured IDE with standard templates, eliminating errors and delays. This also facilitates easy project switching without worrying about dev environment inconsistencies, as everything is based on proven templates, greatly boosting productivity.

Regarding intellectual property protection, the improvements are even more significant. We've enforced accessing sensitive information, like JIRA and our Multiverse platform operation portal, through a secure browser. This means restrictions like disabling copy-paste functions, which initially raised questions but are essential for security. With Strong Network, we've eliminated the need for VPNs, as all operations, including the Cloud IDE and secure browser, run through Strong Network. This change has greatly streamlined our processes and enhanced security.

[Laurent]:

Regarding the permission model, it's intriguing how you manage different groups like internal developers, System Integrators (SIs), and external developers working for these SIs. How does your permission model facilitate the creation of specific roles to accommodate these diverse groups?

[Jing]:

Yes, our approach involves creating distinct roles for different groups like internal developers, System Integrators, and their external developers. We then assign these specific roles when onboarding new team members.

How to Implement Micro-Segmentation and BYOD Policies

[Laurent]:

Absolutely, micro-segmentation plays a crucial role in our setup. It's worth noting that micro-segmentation, in this context, means granting access to a specific part of an application rather than the entire application. For instance, an external developer might only have access to a single repository within an application. This approach ensures that access is tightly controlled and minimizes the risk of misconfigurations that could inadvertently grant access to unrelated projects.

[Jing]:

Yes, that's correct. We are already implementing this approach in our current setup, ensuring focused and secure access through micro-segmentation.

[Laurent]:

To clarify and visualize your setup with Strong Network, let's consider a graphic representation. As you've mentioned, you operate on a Bring Your Own Device (BYOD) policy, where individuals don't install anything on their laptops. This approach is advantageous for both security and convenience. In this setup, everyone uses Microsoft Visual Studio Code running in a browser, specifically a Strong Network version that includes data loss prevention features. This version closely monitors the clipboard, interactions, network activities, and integrates a secure browser. Could you elaborate on how web developers utilize this setup in their daily work?

[Jing]:

Sirius has its own suite of tools for most of the DevOps lifecycle, but the coding component was missing. We previously used local IDEs on the personal machines of developers. We've now transitioned this coding aspect to the Cloud IDE on Strong Network.

Additionally, for operational and demo web applications, we used VPNs to restrict access, which, while providing credentials, wasn't completely secure and often led to issues like VPN expiration and other hiccups.

We've now shifted these operations behind a secure browser, effectively using both the Cloud IDE and the secure browser in our processes.

[Laurent]:

The secure browser facilitates developer access to GitLab and all necessary applications for their workflow.

Securing the Cloud Development Process on Huawei Cloud

[Jing]:

Yes, for web applications like the Multiverse portal and Open Banking portal, everything related to our cycle is now secured behind a secure browser.

[Laurent]:

This is vital for protecting against data exfiltration, as security needs extend beyond just the IDE. Developers work across various applications, all of which require secure access.

[Jing]:

Exactly, all components of our cycle are protected with the secure browser.

[Laurent]:

You mentioned using Huawei for your container development, which is interesting.

[Jing]:

We chose Huawei cloud in Thailand because it's the only public cloud with three Availability Zones (AZs) there. We prioritize lower latency and cost, which is why we didn't deploy in another country.

[Laurent]:

And from the secure cloud IDEs and Strong Network platform on Huawei, you also access services like your GitLab there.

[Jing]:

Correct. We deploy our entire DevOps chain on the cloud infrastructure. Although we chose Huawei, we could have used any public cloud, as the infrastructure is our main requirement.

[Laurent]:

Yes, and the key aspect is that access from these containers to resources goes through the secure proxy deployed by Strong Network. This controls credentials access and implements the micro-segmentation for enhanced repository security. Now, could you tell us about how your partners and System Integrators (SIs) work with this setup?

[Jing]:

When onboarding a partner, we create users for them on Strong Network and assign them the necessary permissions for their roles. We currently have SIs in Colombia, Taiwan, and Thailand using this system to collaborate with us.

Quantifying Cost Savings with Cloud Development Environments

How Sirius is reducing their cost // the machine stops when dev not working // Savings by category (29:10)

✂️ 2: How is Sirius saving money? // stop automatically when the developers is not around. -75% reduction of cost using Cloud Resources - YouTube

How is Sirius saving money? Laurent explaining that he was not hoping for as good results at the beginning (29:50)

✂️ 3: How is Sirius saving money? // anecdote you only pay for what you use - YouTube

[Laurent]:

Let's discuss some figures now. One key advantage of using Cloud Development Environments (CDEs), particularly secure ones, is the reduction in infrastructure costs. We've done some calculations together, focusing on cost reductions. In this study, we haven't included productivity gains, as these can be hard to quantify, especially since Sirius has been using the platform for about two years. It's challenging to gather comparative data from the past. However, we wanted to understand the potential savings in terms of device costs and resource consumption, considering your Bring Your Own Device (BYOD) policy and two key factors.

[Jing]:

Comparing our current setup with the traditional method of issuing company laptops and installing numerous security agents, which often slow down the computers, the cost savings are substantial.

[Laurent]:

So, significant savings are seen in resource consumption.

[Jing]:

Absolutely, and it's clear to us that this is the optimal approach. We have no intention of reverting to the old method of distributing laptops to our staff.

How to Optimize Cost Reductions and Resource Allocation

[Laurent]:

Discussing resource allocation, developers at Sirius now have access to eight CPUs and 16 GB of RAM. We analyzed the cost savings, observing a 29% reduction in software and maintenance expenses. More notably, by utilizing cloud resources for development workloads, there's a 75% reduction in costs.

[Jing]:

Indeed, our current environment only operates when developers are actively working, unlike the traditional Enterprise Software Development (ESD) model that required a 24x7 running environment. Even with eight cores and 16 GB of RAM, we're considering further optimization. This approach enhances developer comfort, preventing situations where they'd have to wait excessively for builds to complete.

[Laurent]:

That's an interesting shift from our initial discussions about deploying smaller CPU resources. Despite using larger machines, the savings are still significant, and you only pay for what you use. The graph here illustrates the automatic scaling of the Kubernetes cluster, showing the allocation of CPUs to your workforce daily. This setup, including secure CDEs, allows for workforce diversity and resource control.

[Jing]:

With the secure browser, access is controlled, and credentials are managed by Strong Network. Developers can't log into GitLab or similar resources outside the secure browser.

[Laurent]:

In the BYOD context, onboarding developers with data loss prevention is crucial. This cloud-delivered security ensures no need for installations on their machines for security enforcement.

[Jing]:

Many developers previously invested in expensive hardware, like MacBook Pros. Now, realizing the reduced need for computing power, they're considering more affordable options. One area for improvement in our cloud IDE is better support for iOS and Android development.

[Laurent]:

We'll certainly look into providing more data on that.

[Jing]:

The user templates are very effective, allowing the creation of pre-configured environments. Thanks for sharing how you use the platform, and it's always great talking to you.

It's always a pleasure to discuss with you, Laurent.

---

All material in this text can be shared and cited with appropriate credits. For more information about our platform, please contact us at hello@strong.network