So what can developers learn from financial services?
Developers are generally motivated by their curiosity to work on cutting-edge technology and solve real world challenges for users. Securing code is not always the most attractive part of those motivations, but it is a key part of the value. Certainly when working in the world of financial services, for a firm that builds code to transfer huge volumes of money across the globe, security can never be an afterthought.
Currencycloud is an API-led tech company. However, operating in the financial services sector means that as developers, we follow regulatory and security standards that are equivalent to those seen in traditional banking – from pen tests to reviews throughout the build process.
The key challenge is to ensure that we can prioritise security, without it disrupting innovation (ideally even contributing to innovation!), or blocking the delivery of our key value proposition of seamless, fast cross border payments. It’s an integral part of what we do, but it’s never seen as a burden for the developer team. In my view, this subtle mind-shift needs to be commonplace across the developer community for technology more broadly, whether engineers are building an international payments system or a face swapping photo app.
However trivial the software may seem, the data behind it invariably carries a high value, and can cause harm if it falls into the wrong hands. On top of that, the reputation damage of a security breach can be disastrous for the company and its customers.
Can the wider tech sphere learn from financial services?
A developer’s number one priority is quality. Delivering beautifully designed, maintainable software that delivers a great user experience – and fits the (often complex) brief. And security is an essential part of that quality. It can’t be a tick box and an eye roll at the end of the process, but a cultural approach that is built in throughout and involves ongoing testing during the build stage.
As data hacks and known vulnerabilities become more commonplace, regulation is clamping down on technology, regardless of which industry it sits in. In line with this trend, developers are being evaluated based on the quality of their security know-how and credentials as much as their software and speed of delivery. Now’s the time to embrace this inevitable shift and taking a look at how modern FinTech organisations manage the complex juggle of security and innovation seems like a good place to start.