Secure scalability for global financial services: Database DevSecOps automation & cloud modernization

Overview

This global financial institution’s org-wide DevSecOps push emphasized the need to transform its chaotic, error-prone approach to managing database changes. Automating with Liquibase improved speed, efficiency, scalability, and governance for 30+ application pipelines.

Challenge

The slow and manual homegrown workflow ate up most (70%) of the DBA team’s time and still led to recurring production errors. Already struggling, the team also had to prepare for a shift to hybrid and cloud environments.

Solution

Integrating Liquibase to automate database change management and safeguard data integrity successfully embedded DevSecOps in the database layer, achieving:

  • 85% fewer reviews
  • 80% less DBA effort
  • 8X faster & more frequent deployments
  • Errors are a rarity, not a regularity

Introduction

One of the world’s largest financial institutions faced a critical need to modernize its databases, accelerate time-to-market, and integrate DevSecOps culture and workflows. Managing a complex mix of traditional, hybrid, and cloud databases, they struggled with a homegrown solution for managing the constant structural changes required by more than 30 financial applications. The global banking leader faced headwinds to growth and innovation due to database change management that was painfully:

  • Slow
  • Outdated 
  • Manual
  • Error-prone
  • Siloed

To bring its innovations to international financial markets faster and support modern pressures, the enterprise pushed for best-in-breed tooling, automation, and best practices across its IT ecosystem. That brought the head of database engineering to Liquibase as a complete database DevOps solution providing automation, governance, and observability for change management. 

Confident in its decades-long leadership of the database change management category, the head of database engineering began leveraging Liquibase Pro’s integrations and advanced capabilities. By integrating the database into existing pipelines via Liquibase, they successfully transitioned 85% of their applications to automated change management workflows. That paid off by delivering significant improvements in speed, efficiency, and compliance. 

The new process included standardization and governance to not only accelerate deployments, but improve quality as well. In fact, Liquibase’s Policy Checks became the team’s most-valued feature, giving them confidence in data integrity as they scale and speed up. 

“Deployments are way faster because verification is way faster,” the team explains, thanks to automatic and customizable Policy Checks. 

This transformation optimized their database deployments, laid the groundwork for reliable cloud migrations, and continues to provide the database team the space it needs to explore innovative new technologies. 

Background

At one of the largest global financial services organizations, a chaotic, slow, and error-prone database deployment process brought the otherwise streamlined application release pipeline to a crawl. At the core of the database change management workflow – or lack thereof – lay four critical issues:

  • Bad SQL frequently deployed to production, which requires costly and time-consuming rollbacks
  • The homegrown solution for change management caused disorderly reviews and deployments
  • The lack of standardization amplified issues and complicated optimization effort
  • Adoption of hybrid/cloud databases stalled 

Adding urgency and risk to the situation is the nature of the company’s data itself – highly sensitive financial information subject to privacy, security, and compliance measures across numerous countries. 

Committed to bringing DevSecOps to the database change management workflow,  the institution’s database engineering team set out to eliminate bottlenecks, improve governance, and enact standardization to allow them to scale up operations in support of a seamless, secure, and automated pipeline across 30+ merchant and payment applications. 

The primary database DevOps team responsible for evaluating and implementing Liquibase included its head of database engineering and a lead solutions architect. They also aligned with relevant stakeholders to adequately assess up/downstream requirements. 

Challenges

This team managed a highly fragmented and manual change management system that frequently caused delays, errors, and bottlenecks. Their homegrown solution lacked the structure and automation needed to handle the increasingly complex demands of existing environments, let alone the shift to hybrid and cloud environments. 

DBAs were spending the majority of their time manually reviewing and deploying changes, leaving little bandwidth for optimization or proactive governance. Adding to the burden, the shift toward hybrid cloud environments required a more scalable, reliable, and secure foundation for database change management.

Without an efficient, standardized process in place, the team couldn’t scale or support the organization’s broader goals of faster, more secure releases. These hurdles clarified that their existing workflows needed a complete overhaul before embarking on cloud and hybrid transformations.

Manual processes consumed DBA resources

The team’s DBAs were overwhelmed with manual tasks, from reviewing changes to handling deployments. The sheer volume of database changes across 30+ applications and half a dozen different types of data stores left them fully booked with change reviews. 

Every deployment required extensive human intervention, contributing to long delays, frequent errors, and overburdened staff. This led to:

  • 70% of DBA time spent on manual review and deployments
  • Multiple back-and-forths between teams causing further delays
  • Error-prone changes, with bad SQL regularly deployed to production
  • Time-consuming and inefficient rollbacks 

Lack of standardization led to disarray, dysfunction, and disappointment

The lack of a standardized workflow across the organization’s applications resulted in chaos and inconsistency. With every team handling database changes differently, governance and compliance were nearly impossible to enforce. This lack of structure amplified the risks of errors and bottlenecks, especially as the organization looked to move towards hybrid and cloud environments.

The team wanted to solve challenges such as:

  • No unified process for reviewing or deploying changes
  • Inconsistent governance across the database landscape
  • Difficulties in auditing and ensuring data integrity
  • Inconsistent and suboptimal developer experiences

Struggling to adopt cloud and hybrid databases 

The team’s future-focused initiative to embrace hybrid and cloud environments was severely hindered by the fragility of their current database workflows. Without a solid foundation of automated and standardized change management, they couldn’t proceed with these critical transformations. 

To scale successfully, they needed a change management solution that could handle the complexity of both on-prem and cloud-based databases, and prevent any problematic drift. Until then:

  • Cloud adoption stalled due to unreliable deployment processes
  • Hybrid environments introduced additional layers of undue complexity
  • Security and compliance concerns heightened by fragmented processes and new technology

Finding a reliable, long-term solution to these core challenges first required a full-spectrum understand of their applications, databases, and pipelines. 

Environments and pipelines

This global financial company primarily relied on Oracle databases but also embraces other data stores, including:

  • Cassandra
  • MySQL
  • MariaDB
  • Postgres
  • Azure Cloud

Together, these database pipelines support more than 30 financial applications each with its own set of four (on average) environments, including three for testing and one for production. Elsewhere in the pipeline, the team also uses DevOps tools including:

  • GitLab (source code control and CI/CD automation)
  • CloudBees Jenkins (build automation)
  • ServiceNow (ticketing)
  • CyberArc (credentials)
  • Ansible (deployment)
  • JFrog (artifact repository)
  • ServiceNow (ticketing)
  • DataDog (observability)

With complete automation, governance, and observability for database change management in the team’s sights, they turned to Liquibase. Working with database DevOps specialists, the team laid out its business and technical goals before implementing the automation platform. 

Goals and requirements

In conversations with Liquibase’s solution engineering team, this global health and security services company outlined its priorities and requirements for database change management automation. Achieving the following goals would help this shared services team best support their business’s bottom line. 

  1. Automate database change management end-to-end to reduce manual effort and minimize errors
  2. Seamless integration with existing DevSecOps pipelines, ensuring continuity with other automated workflows
  3. Standardize and govern workflows across 30+ applications to enforce process, security, and compliance
  4. Increase release frequency by accelerating deployments without sacrificing data integrity
  5. Support hybrid and cloud environments to prepare for future scalability and modernization efforts
  6. Simplify and automate rollbacks to reduce the time and complexity involved in reverting changes

Requirements

The team needed to fulfill their technical goals by implementing solutions that:

  • Integrate with existing DevSecOps tools like CircleCI, Jenkins, and JFrog to maintain consistency across the pipeline
  • Automate deployment and rollback processes across a diverse mix of environments 
  • Enforce automatic checks to ensure that every change meets stringent data quality and security requirements
  • Provide database observability to track changes, monitor deployments, and conduct audits effortlessly
  • Scale efficiently and cost-effectively

This internal process reflection that helped clarify their needs, goals, and requirements helped the team settle on Liquibase for its comprehensive database DevOps capabilities. 

Streamlined database change management automation for financial services applications

Looking at a broken workflow, the international banking institution’s head of data engineering and enterprise architecture partnered with a lead solutions architect to find a better way. They reviewed multiple automation platforms and settled on Liquibase, ultimately convinced by its long history of leadership and community in database DevOps.

They received positive stakeholder feedback on security, compliance, and auditing enhancements but still faced resistance to getting complete cross-team buy-in. Yet by aligning Liquibase’s benefits to each team’s unique perspective, the implementation team secured buy-in from this influential trio of teams. That made getting the developers on board an easy lift. 

The most influential value to each team included:

  • Release management → Streamlined releases with few errors
  • Application delivery → Self-service database deployments
  • DevOps/Operations → Seamless deployments and CI/CD integration
  • Developers → Faster, safer changes with immediate feedback
  • Leadership → Improved efficiency, monitoring, security, and compliance

While the head of database engineering and lead solutions architect stayed in touch to persuade and educate these teams throughout the implementation process and cultural shift to database DevOps, they confidently set a date to officially deprecate and sunset the outdated, homegrown database change management solution. 

Rapidly implementing database DevOps

These 30 applications automated with Liquibase represent 85% of the team’s total application database targets into the automated pipeline. With a swift pace of implementation and scalable licensing structure, Liquibase quickly took hold across other teams as they witnessed its impact. 

The financial institution’s head of database engineering also mandated the shutdown of the old homegrown solution, including internal support. The complete commitment to the new method and strong procedural nudge in the right direction helped solidify the new Liquibase workflows. 

Once up and running, the team found Liquibase Pro’s advanced database DevOps features exceptionally impactful to the speed, efficiency, quality, and agility of the workflow – especially Environment Variables, Policy Checks, and Rollbacks. 

Environment Variables

The team leveraged Liquibase’s Environment Variables to ensure consistency across their diverse set of database environments. By dynamically setting environment-specific variables for each deployment, they streamlined their workflows and reduced the chance of human error during configuration. This feature also enabled smoother transitions between development, QA, and production environments, ensuring that the right settings were applied automatically without manual intervention.

Policy Checks

With Liquibase, this team’s DBAs configured Policy Checks that standardize, protect, and verify database changes automatically, mandating that all developers push changes through this process. These custom Policy Checks helped enforce governance rules, ensuring every change adhered to internal and external compliance standards while also preventing the deployment of bad SQL. As a result, the team could confidently scale up their operations with a consistent, secure, and audit-ready process.

Automatic and Targeted Rollbacks

Liquibase’s Automatic and Targeted Rollbacks gave the team a critical safeguard for managing errors and failed deployments. Instead of dealing with time-consuming and error-prone manual rollbacks, the team was able to quickly and efficiently revert only the problematic changes in specific environments, without having to rollback everything else since that release. This allowed them to maintain uptime, correct issues faster, and ensure data integrity even when challenges arose.

Results and benefits

The team not only streamlined their database deployment process but also significantly reduced errors and deployment times. The end-to-end automation allowed them to focus on innovation rather than firefighting manual processes, while robust governance ensured data integrity and compliance across their hybrid environments.

They quickly realized the benefits of implementing Liquibase and shifting database change management left, into the automated pipeline. 

Primary results and benefits

Automation

  • 30+ pipelines automated
  • 85% fewer changes needing manual review

Acceleration

  • 8x faster & more frequent deployments
  • 80% less time spent on manual reviews

Quality

  • Less than 10% error rate
  • Standardization, governance, & compliance

These results enabled the team to focus on innovation while ensuring consistent, secure, and compliant database deployments, setting the stage for future growth and modernization.

With most of its database pipelines automated, the head of database engineering and lead solutions architect found space to look at other data store challenges and innovations. Next, they’re:

  • Expanding Liquibase database automation workflows to international teams
  • Focusing on the organization’s shift to cloud environments and data lakes

Liquibase’s integration into the banking mainstay’s organizational tech stack also gives the head of database engineering a clear road towards end-to-end database observability. Since Liquibase Structured Logging easily connects to the organization’s existing monitoring dashboard tech from Datadog, they’re well on their way to more complete pipeline visibility, analytics, and optimization. 

Ready to start your own journey to complete database change automation, governance, and observability? Get your on-demand demo of Liquibase.

Related Articles

DevSecOps automation & observability for SQL Server pipelines: Speed, safety, & scalability
From zero to hero: Creating automated, self-service database change workflows for a global logistics company
i360 uses Liquibase to easily manage updates for thousands of databases in Amazon Aurora
Editions & Features
Editions & FeaturesLiquibase Open SourceLiquibase Pro
Solutions
CI/CDComplianceDevSecOpsGitOpsVersion ControlFinancial ServicesPublic SectorAWS
Resources
BlogBest Practice GuidesResource LibraryDocumentationUniversityCommunityMeetup/EventsSupport
Community
ContributorsContribute CodeShare ExpertiseAdvocateSupportLiquibase LegendsLegends BadgesContact
Company
CompanyCareersLeadershipPartnersNewsEventsContact Us
GitHub direction linkLinkedin direction linkX direction linkYouTube direction linkDiscord direction linkReddit direction link

© 2023 Liquibase Inc. All Rights Reserved.Liquibase is a registered trademark of Liquibase Inc.(737) 402-7187