Moving at DevOps speed isn’t straightforward in regulated industries. Change management processes force your development teams to delay valuable release candidates. But, what if you could automate the change management process to make every release a business decision instead of an administrative one? This is one of the ways ZTL Payment Solution (ZTL) is gaining a competitive advantage over their competitors in the B2B payments sector. And they’re using Kosli to do it. Bruce spoke to Andreas Røe, Chief Technology Officer at ZTL, to find out more.
Can you start by telling me a little bit about ZTL? What does your company do?
We’re a smart payments platform. ZTL is a B2B service that deals with corporate payments and remittances. We’re challenging traditional banks with solutions built around PSD2. We integrate into our customers’ ERP systems and use API building blocks to create customized payments solutions.
Where’s the value proposition in the service you’re offering?
We integrate payment services to dramatically reduce the number of integrations required by ERPs. Our API is a modern REST API and we abstract all interfaces to the banks integrated in our solution. End customers (SMB companies) receive a bank-independent, digital onboarding similar to today’s file based remittance agreements.
Nice! Can you explain how ZTL’s relationship with Kosli developed?
We knew from the beginning that we needed something like Kosli. Our founders came with a lot of experience in international banking and finance, so when we started ZTL we already knew how slow change is in these types of institutions. We were already very familiar with the way change advisory board meetings, compliance procedures, and change reviews put a handbrake on business development and growth.
How did that awareness translate into finding a solution to the problem?
When I joined as CTO we started to put a tech team together and this was something we wanted to address right away. We were building everything from the ground up, so it made sense to try and build this into our DevOps practices. Implementing change management in our pipelines was definitely something we wanted to do.
And that’s where Kosli stepped in?
That’s right. They came in and helped us to establish the governance and processes we needed to meet the demands made in the license we received from the regulators. They showed us how to fulfill requirements around change processes, define ways of working, define ways of managing change, and all the documentation associated with that.
Once you’d established that, how did Kosli’s technology facilitate a solution?
We made the decision to get started once Kosli had a SaaS offering because we’re all about consuming services that are managed as much as possible. When it comes to our DevOps tooling we use a lot of SaaS solutions like BitBucket, Jira, Slack, and Azure. Having Kosli available as a SaaS was a big factor in our decision making process. We knew that we needed to be in compliance with the regulations, so this was the perfect opportunity to get our change management regime right from the start.
Did you opt for a trial on an individual pipeline or on a specific project? Was there any proof of concept phase before going all in?
No, not really. The Kosli team came in and ran a workshop to map out our value stream and understand what kind of branching strategy, risk controls, deployment, and philosophies we required. We compared that to what we already had and looked to see how we could implement the new audit trail and compliance controls with Kosli. The initial implementation gave us a platform to iterate on and after giving Kosli some feedback they were able to supply an integration with Bitbucket that was seamless and very natural.
What was it about Kosli that made it such a good fit for ZTL?
Several things. First of all, it’s DevOps native. Kosli’s designed to be a change management solution driven by the pipelines themselves, so it’s completely in line with our technical philosophy. Also, the use of Git as an audit trail is something we put high value on. Having an append-only data structure for your audit trail, rather than something that’s mutable, is great because we really know the history of everything in our systems. That’s not something we can say about any of our other DevOps tools. And then the third thing we love about Kosli is that everything is based on the fingerprint of the binary that goes into production. That means we can trace a line all the way from production, through our approvals, through our qualification process, all the way back to the original Git commit. It’s the best way I know of mitigating insider threat because we’ve got the audit trail for absolutely everything.
And it’s all automated in real time? So your change management is running in tandem with your DevOps?
Exactly. We don’t have to check this stuff over and over again because it comes free with every single change.
Once you had Kosli up and running how long did it take for you to start seeing benefits? Was it obvious fairly quickly, or did it take time to see tangible results?
The biggest benefit was we didn’t feel any pain! We’re a startup, so we didn’t have any legacy governance processes or risk controls in place. That gave us a lot of freedom. What Kosli provided was governance and processes that didn’t put any delay on our development. We needed a novel solution for this because if we’d gone along with the industry standard we would be going much slower today and we’d be a lot further behind in our journey.
Can you imagine life without Kosli? What sort of pains and frictions would you be experiencing if you didn’t have it?
If we didn’t have Kosli we’d have to manually document all our releases. The most fundamental thing we get from using Kosli is a standardized way of doing change management. That means our paperwork doesn’t depend on the quality of the notes taken in the meeting minutes. There’s no disconnect between what we’re doing and what we say we’re doing. If we were doing change management with meetings, paperwork, flow diagrams, and other kinds of business processes it would be much more risky and it would also increase our time to market. Using Kosli is a win-win because it gives us a robust change management process that doesn’t slow us down.
What sort of impact has Kosli had on your DevOps teams? Are the developers happier? Deploying more frequently?
The most noticeable thing is that, even though we’re in a regulated industry, the whole team feels like it’s working in any other startup. We write code, we run tests, and we have a qualification process for automatic deployments to all our different environments. We’ve got a process for promoting things through our pipeline, through our environments, to production. So, even though we’re in a regulated space, it doesn’t feel like it. We’re able to practise DevOps without any hand brakes and still meet all of the regulations.
Do you feel like Kosli has given you a distinct advantage over your competitors?
Yes, we really think so. As a startup, every decision we make is about trying to succeed as a business, so we don’t adopt tools and integrate them into our processes for the fun of it. We believe that DevOps is the key to our success, and in our industry being able to automate change management is an important part of our technical strategy. We want to be able to move fast and deliver on customer needs, but we want to do it in a very safe way because of the environment we operate in. We’re dealing with large sums of real money. Being able to move fast with high quality and repeatable processes is a vital part of our business strategy.
Would you recommend Kosli to other organizations? If so, what sort of organizations do you think would benefit from it?
I’ve already introduced Kosli to several different companies. Anyone who has significant change management requirements, or is struggling to gain an overview of all the changes in their systems, would benefit. If your change rates are higher than what can be easily observed a tool like Kosli is really important.