Standardization and Security - A Perfect Match

Authors:   Ravi Devineni, Vinny Carpenter


How often have you scrolled through Netflix and had trouble finding something to watch? Or found yourself standing, staring at a kaleidoscope of flavors of ice cream at the grocery store? Choice is a luxury. We all prefer to have more options, not less. This is why ample choices are often considered a symbol of privilege. However, there comes a point when too many choices can start to hinder our decision-making ability. Too many choices can also hinder our security posture. At Northwestern Mutual, we’ve had multiple tools (choices) - Multiple systems for Source Code, Build, artifact storage, deployment etc. Furthermore, we had various patterns of development and templates, with teams left with the choice to pick “what’s best for them.” All the evidence indicated that all this choice was causing the teams to feel overwhelmed and hence creating inefficiency and increasing our time to market, leading to a paradox of choice. A Paradox of Choice with overabundance of options could lead to anxiety, dissatisfaction and many ways to exploit systems. So we decided to tackle this. There are several technical, cultural, and organizational implications to this. Join us as we share the story of how Northwestern Mutual improved our Cloud Security posture through standardization.