Richard Jordan of Nationwide discusses his team’s success in winning the Infrastructure Innovation of the Year award, at the UK IT Industry Awards and the importance of collaborating with partners, with Johanna Hamilton AMBCS.
The UK IT Industry Awards ceremony took place at Evolution, London, on 10 November and celebrated IT impact and excellence - and was just one of three awards the team at Nationwide received that week! They also won ‘Best use of Technology in a Project’ from Testa 2021 and ‘Best use of Security in a Project’ from DevOps2021.
So just what is the secret of being multi award-winning?
‘We work with many partners in Nationwide so as well as TCS - we've got IBM, Accenture, Infosys - all working for Nationwide. Everyone, including our partners are all working towards a Nationwide strategy that doesn't just transcend infrastructure but goes across the whole way that we do testing.
How does a stalwart such as Nationwide embrace transformation?
It's not that easy. Although outwardly we've modernised quite a lot of our systems, others have been in place for many years. To keep up with the modern world, we need to innovate to make sure that we've got a viable product that can compete. That said, we do have a certain degree of complexity that sits within our IT estate. In essence we have to ask, ‘is something built in the way that you intended it to be built and is it going to work?’ And that's a very simple engineering concept.
If we talk about engineering a bridge, we don't just go and build a bridge, we'll put a blueprint together. Do we really understand how that process works? And the answer to that is ‘no’ because we've never really had a conversation in the last five years about how it should work or where we're going. In short, we’ve got to set up the proper foundations for change.
What about your partnership and your collaboration with TCS?
We have many engagements with TCS, this particular one is around infrastructure testing. So, we really started about five years ago where a lot of the testing at the time was purely functional testing. But we were working in a domain that was doing infrastructure maintenance and upgrades and therefore functional testing to infrastructure and network.
We reached out to many people actually, the reality is infrastructure testing wasn't really a thing. We talked to TCS a bit more and they started to talk about the things that they were doing around configuration as code and building out infrastructure in the modern way.
When you're building a SQL server, how should you build it? One of the challenges, is when you've got cloud, for example, AWS will come pre-packaged with a Windows 2012 or a 2019 image or a Linux image. But the problem with that is AWS built it and therefore is it within the design standards of the organisation consuming it? You just don't know. The image needs to be built and configured in a secure way that Nationwide understands.
Be part of something bigger, join the Chartered Institute for IT.
A Linux server, for example has 260 configurations within Nationwide. So, you get into ‘is anybody really going to know that?’ Of course, they’re not. And therefore, this is where you need that model or compliance as code, to actually first and foremost talk through, so there's a common understanding about what ‘good’ looks like or what ‘quality’ looks like, and then how do you actually go and implement that?
When we build and deploy these things, we need to have a compliance capability in there. And then you get into the realms of, well actually Linux provide an update to these, or RED HAT for example provides an update to these things every six months. And therefore, you need a capability that cannot just turn these things around quickly but also understand the extent of the change.
This is where for us, we avoid layering. If, for example, you've had a system that's been in your organisation for many iterations you've kind of tweaked it here and there, and that eventually means you've made changes that you didn't realise you'd made. This is where the tooling helps us - we're building a model that’s a living specification. It can tell us where certain things are changing. But also, we're starting to talk about how to provide some objectivity to what is essentially a narrative around quality.
Can you plug new ideas into existing infrastructure?
A legacy system isn't really a problem. It's the layering - the connecting black boxes that we don't really understand how they work and part of the problem is how do they integrate? A lot of our systems are bespoke, and you need to be a system analyst / engineer to navigate those things. The outcomes of these activities are ‘models’.
Our models are not just functional flows or configuration flows they also model resilience, security and other non-functional considerations. The simple answer is always to collaborate and talk about how the system works and what could possibly go wrong?
How do you deal with testing complexity?
In traditional approaches to testing, there's a lot of duplication within test scenarios. Where we do modelling, this is where you get into refactoring. Refactoring stops you doing too much regression and containing the ‘blast radius’. If your systems are well architected, individual functions should be self-sufficient and from a test perspective, can also be proven in isolation.
It's the whole concept of separation of concern and APIs. Models helps to visualise where that separation occurs. Where there’s no obvious separation, having collaborative conversations and creating models helps us to establish the boundaries of these separations. This eventually helps us contain the complexity of the systems.
How important is networking?
We need to build our community. Especially as we're all remote now and one of the things that is really good about the collaboration is our ability to share best practices. We implement this by running show-and-tell sessions.
If you were to ask testers, how would they prove a platform? I’m sure most wouldn’t be aware about compliance as code or infrastructure testing. What we recognise is that we can't source that knowledge from the market, even from our partners a lot of the time. Therefore, we've got to incubate talent within the confines of Nationwide.
So, what we've done is on the job training in terms of taking someone with a standard set of testing skills, then start to implement a new mindset through things like modelling. This is how you become part of the ecosystem of what we're doing at Nationwide, and this is how you feed into the community.
Is receiving awards an outward validation of excellence?
There's recognition for the team, a validation from the industry and an acknowledgement that what the organisation is doing is leading edge. We articulated the nominations to a certain extent on buzzwords that the industry recognises, like agile and DevOps, but in real terms, we were doing compliance as code before we even knew compliance as code was a buzzphrase. Whether it's right or wrong, sometimes there is a narrative in the industry that kind of takes over what good looks like.