Copyright SiliconANGLE News
In an industry where milliseconds and trust define success, financial services institutions are rethinking what security looks like at cloud speed. The Depository Trust and Clearing Corp. — the backbone of post-trade financial markets, providing clearing, settlement and data services — is among those leading that charge, rewriting the rules of protection and performance with Kubernetes, GitOps and a “zero-touch, permanent chaos” philosophy, according to Brian Cook (pictured), director of Kubernetes platform at DTCC. “When I started at the company six-and-a-half years ago, I was the only individual to lead the security inside Kubernetes,” he said. “Now I lead the entire team … we move at a high velocity. Security can be quite slow … not always the sector I think of as being lightning fast. We wanted to change that dynamic.” Cook spoke with theCUBE’s Rob Strechay and Savannah Peterson at the KubeCon + CloudNativeCon NA event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed DTCC’s approach to security in financial services — one that prioritizes frictionless efficacy. (* Disclosure below.) Reimagining security for financial services in the cloud-native era DTCC has a five-decade history of processing large volumes of financial securities. To bring itself into the cloud-native era, the organization first defied the traditional, slow-moving paradigm within its cybersecurity teams. To achieve that speed safely, DTCC enforces a “zero-touch” policy — no manual changes to production environments. Everything is written as code, according to Cook. “No changes can be directly made to any environment that’s not a lab — no touching. Let Kubernetes do what it does best,” he said. “Everything is declarative. We use the typical Kubernetes standards — Helm charts … Kustomize where we need to do overlays. We make it simple.” This declarative approach ensures consistency and traceability across DTCC’s Kubernetes fleet. With GitOps as the golden source of truth, configurations are automatically reverted within minutes if they drift from the baseline. The result: no configuration drift, no manual toil and a fully auditable system that scales cleanly. “As we go from zero touch to now zero trust, how do we digitally sign and manage certificate rotation?” he said. “Application teams shouldn’t have to worry about this.” Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the KubeCon + CloudNativeCon NA event: (* Disclosure: Red Hat Inc. sponsored this segment of theCUBE. Neither Red Hat nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.) Photo: SiliconANGLE
