Ally Financial cuts pipeline outages and eases security scanning with GitLab

Since all of Ally’s customers interact with the financial institution only online, creating secure, reliable, and innovative software is critical to strengthening customer experiences and growing the company’s user base, while supporting the overall business as well. However, the company's DevOps toolchain was slowing deployment and causing outages in pipelines, which halted developers’ ability to work.

Ally had several products in its toolchain that integrated with each other. A big part of the problem was that every time there was a version update to any of those tools, it would cause defects that broke the pipeline. Every time. “Across the board, each upgrade caused 100 hours of developer downtime every month,” says Ram Kothur, director of Enterprise DevOps and Cloud Engineering at Ally. “That caused issues with our velocity. Of course, every time there was downtime, our deployments dropped.”

Less than two years after beginning to use a DevOps toolchain, Ally Bank teams decided it was time to trade it in for an end-to-end platform. After researching several tools, they decided to go with GitLab’s DevSecOps Platform because it had more features than its competitors and Ally had developed a supportive relationship with GitLab team members, which made them feel confident about the adoption.

“There was a lot of excitement for the migration because there were challenges with the resiliency of the toolchain,” says Kothur. “The developers were excited because this was going to make their lives easier with the simplicity and inclusivity of features in GitLab’s DevSecOps Platform. Team members were eager to get on board.”

The migration began in 2021. All the heavy lifting, according to Kothur, has happened in the last two years. To do that, they formed a small group that decided what applications would be migrated as a pilot program. “We moved some critical applications first,” said Kothur. “We wanted to tackle those so we could show everyone the benefits of the migration. And we showed them that the software they were creating didn’t change, but how they deployed it changed."

Today, Ally has migrated most of their applications to GitLab, and is continuing to trim their toolchain.

Kothur notes that some Ally team members received training from GitLab. Then those people shared that training with other teams.

“The GitLab support team was very helpful and is making our migration easier,” said Kothur. “When we had an issue, we were able to reach out to leadership and discuss it. Whenever there was a blocker, we had excellent support from GitLab. To add to that, GitLab documentation is awesome.”

Ally is now halfway to the goal of eliminating its toolchain altogether, and is already saving about $300,000 a year in reduced developer downtime and tool costs. What’s more, Ally Bank used to deal with 20 pipeline outages annually, but in 2022 — just a year after beginning the migration to GitLab’s DevSecOps Platform — Ally only saw a total of two outages, according to Kothur. “We’re saving all of those hours we’d spent working on pipeline outages,” he adds. “We’re 50% of the way to getting rid of all of our other tools and already seeing great benefits.”

The applications Ally has migrated to GitLab are seeing, on average, a 50% improvement in deployment time. Also, with the DevSecOps platform making development easier and more efficient, developers now have more time to be innovative, implementing more features in the same timeframe.

On top of that increased efficiency, having security built into the DevSecOps platform means Ally has been able to reduce the consumption of its security tools by using GitLab. Now Ally is monitoring and testing security from the very beginning of the software lifecycle, when it’s easier and faster to fix any problems that arise. And that means better security. They’re also employing automation built into the DevSecOps platform to perform continual security scanning, making it more efficient to ensure their apps are secure. In short, GitLab is simplifying the company’s application security efforts.

“It’s making it easier to be secure and compliant,” says Kothur. “Shifting security left and using the platform’s visibility over the entire process is significant for us. Instead of checking for security and compliance later in the software lifecycle when it takes more work to go back and fix any problems. Security is our top priority. This makes it easier. And not working so much on vulnerabilities makes development and deployment more streamlined.”

In recognition of the ongoing partnership between GitLab and Ally, this year GitLab was the recipient of Ally's inaugural Velocity with Quality Award, part of the financial institution's 2023 Technology Partner Awards Program. The honor is given to the supplier that best demonstrates excellent speed to market, responsiveness, and flexibility, allowing Ally to quickly deliver value to its customers.

"At the heart of engineering excellence is DevSecOps,” says Nans Sivaram, executive director and CIO of Consumer, Commercial Banking & Invest at Ally. “At the heart of DevSecOps is GitLab, which has made a remarkable difference for our business and our teams at Ally."

GitLab’s award is one of five Ally is giving as part of its program, which is focused on shining a spotlight on third-party suppliers that have delivered outstanding service to the company.

“We launched our first annual Ally Technology Partner Awards to recognize the critical vendor partners that contribute to our success, and we are blown away by the overwhelming interest,” says Sathish Muthukrishnan, chief information, data and digital officer for Ally Financial Inc. “Each winner showcases the importance and value of superior execution, quality and partnership. We are thrilled to honor them through this awards program.”