How China’s Leading Bank Achieved Advanced DevSecOps Maturity: An Inside Interview

Background

Domestic and international large enterprises have shown that standardization and tool empowerment are key to success. The DevOps standards and a standards‑based continuous delivery pipeline platform can significantly improve quality and efficiency, making enterprises safer, more agile, and more competitive.

Recent Evaluation

On December 26, 2022, the China Academy of Information and Communications Technology (CAICT) announced the latest batch of DevOps standard assessment results. The Industrial and Commercial Bank of China (ICBC) participated with its audio‑video security project, which passed the Level‑2 assessment of the DevSecOps standard, indicating an advanced domestic level.

ICBC now has six projects that passed the DevOps continuous delivery standard assessment and one project that passed the DevSecOps standard assessment.

Interview with Li Rui

Li Rui, Deputy General Manager of ICBC Software Development Center, explained the bank’s digital transformation, the goals of its enterprise‑level online audio‑video capability platform, and how the DevSecOps assessment helped improve security risk management, cultural awareness, processes, and technology.

Culture: security awareness training, online courses, workshops, and security knowledge promotion weeks.

Process: full‑cycle security monitoring, testing, delivery, and operation, achieving a closed‑loop management.

Technology: integration of software development lifecycle security (SDLC), tool‑chain optimization, and automated security orchestration.

Industry Impact

The interview highlighted challenges such as increasing external threats, zero‑day vulnerabilities, and the need for rapid product iteration, emphasizing the importance of continuous improvement through standards and collaboration with experts.

DevOps Maturity Model

The DevOps Capability Maturity Model, jointly developed by CAICT, cloud‑computing alliances, and leading internet companies, is the first comprehensive DevOps standard in China and has been adopted by many enterprises. It was recognized by the ITU‑T in July 2020 as the world’s first international DevOps standard.

Statistics (as of Dec 26 2022) show the number of state‑owned banks that have participated in DevOps maturity assessments and the levels achieved.