ECS Digital Acquires QAWorks

ECS Digital Acquires QAWorks

London-based ECS Digital, the specialist DevOps division of the ECS Group, has acquired QAWorks, the UK’s leading technical software testing organisation.  

QAWorks is recognised in the industry as the home of the Software Development Engineer in Test (SDET). Studies suggest that 31% of IT budgets are being spent on testing1 which is set to rise over the coming years as a result of growing demands on organisations to increase innovation and time to market and reduce associated cost.

This acquisition is part of ECS Digital’s strategy to reduce the time and cost of delivering software and software-related services by including practices such as Behaviour Driven Development (BDD) and Acceptance Test Driven Development (ATDD) as core elements of all DevOps transformations.

The combined company will be known as ECS Digital and have a turnover approaching £10 million which is expected to continue to grow over 100% year on year.

The combination of specialist testing expertise with proven – and rare – DevOps experience will ensure that the company’s customers – who are across all sectors, with the majority in finance and retail, can realise even greater outcomes from digital transformation. DevOps is a methodology that helps companies create software and software-related services such as internet banking, faster, at lower cost and with improved quality.

Andy Cureton, Founder and Managing Director, ECS Digital, commented:

“This is, as far as we are aware, the first time that a specialist DevOps company has integrated to this extent with a specialist testing company.  We believe the deal will make ECS Digital unique as we will be the only consultancy to offer specialist testing practices as a foundation element of our DevOps offerings as well as in their own right. This acquisition is driven by the need for greater levels of innovation and customer engagement within many companies, and the ever-rising benchmark of high performance. By combining testing and DevOps, companies can ensure that software is designed with how the customer is going to use it in mind and tested on that basis. Development and delivery will be accelerated as testing is done as part of development rather than separately.”

He added “With over 14 years’ experience in DevOps and digital transformation (ECS Digital) we could not have found a more experienced software testing team (17 years) than QAWorks. Combining the rare skillset of the SDET with the equally rare DevOps skillset, will enable us to meet our customers’ growing demands and further our position as a leader in DevOps and Digital Transformation.“

ECS Digital is part of ECS Group, headquartered in Scotland.  The ECS Group delivers an extensive range of services, from Cloud adoption to cyber-security to DevOps for many FTSE 100 companies.  With the acquisition of QAWorks, ECS Digital will have one of the largest pools of SDET and DevOps engineers in the UK.

QAWorks develops testing software as well as providing agile testing consultancy and implementation.

Jason Westhorpe, MD, QAWorks, said:

“The services offered by ECS Digital complement and enhance the services we currently offer our customers. For true DevOps to be successful it is essential that continuous testing / test automation is in place, likewise for the benefits of test automation to be realised we need an effective DevOps strategy. With the integration of two of the UK’s leaders in these fields, both the existing QAWorks customers and ECS Digital customers will gain the greater benefit from the adoption of DevOps.”

He continued, “Continuous Delivery and DevOps has seen the once independent disciplines of infrastructure automation, continuous integration, deployment automation and so on, merge into software delivery pipelines. Businesses that are increasingly reorganising around products or customer journeys and adopting DevOps and Continuous Delivery practices, are now benefitting the most. It’s no longer enough to be a specialist in one discipline such as testing.   It is rare to find companies with the skills to provide DevOps to large corporations, so we are delighted to be teaming up with a company of the calibre of ECS Digital.”

According to Gartner, by 2020, DevOps initiatives will cause 50% of enterprises to implement continuous testing using frameworks and open-source quality tools.2


Andy CuretonECS Digital Acquires QAWorks
read more
The Confusing Relationship between Cloud and DevOps

The Confusing Relationship between Cloud and DevOps

I’ve been hearing a lot lately about how DevOps only really makes sense if your systems are completely Cloud-based. At the heart of this claim is the march of tech progress. The likes of AWS, IBM, Google and Microsoft repeatedly promote integrating DevOps with their PaaS offerings and recent opinion pieces from three of our peers (Article 1, Article 2, Article 3) attempt to show that Cloud is essential for DevOps.

You know what? In a way, they’re absolutely right.

But they’re also absolutely wrong.

We’re all suckers for the benefits of Cloud, but the idea that you can’t benefit from DevOps if you have legacy systems is ridiculous. DevOps, defined in 2009 by Patrick Debois and Andrew “Clay” Shafer is an evolution of Continuous Delivery with an additional focus on people and their role in achieving high performance. It may feel like Cloud has been around forever but it wasn’t in widespread use eight years ago. Some of the core principles of DevOps such as Agile and Lean Software Development have been around since the turn of the century. The lesson? You don’t need to be Cloud-only or Cloud-native to be leveraging DevOps.  

At ECS Digital, we believe that any organisation – wherever they may be on their journey to embrace Cloud – can utilise the DevOps toolbox to help achieve their business objectives, improve business agility, productivity and quality.

Adopting DevOps principles and practices can help companies unlock hidden value in the systems they already have.

Four reasons DevOps is the right choice, right now:

1. Cloud is not always the best option for systems.

DevOps and Cloud offer significant potential benefits for businesses but many of them have significant investments in infrastructure, such as a mainframe. The “Death of the Mainframe” has been touted since the 1990s but the simple fact is there’s no business case to replace many of the systems they host with Cloud-based alternatives. The value of these systems can be further enhanced by leveraging DevOps techniques and future-proofed to ensure that they don’t become a bottleneck in complex end-to-end customer journeys.

2. Cloud First/Cloud Native is not many organisations’ immediate-term goal.

Most of our 200+ clients are considering moving to Cloud, and plan to do so over a 2-4 year period, but few have yet made the move. Cloud migration can be a lengthy process and the decision to do so must be based on business requirements. This includes whether the organisation moves completely to Cloud or takes a hybrid Whichever route they choose, they still need to deliver maximum business value from their existing systems up to the point they are migrated or replaced.

3. DevOps tools are interchangeable. DevOps helps organisations to focus on working practices and culture to achieve transformational speed and quality of delivery. The tools that underpin this are interchangeable across system types, giving long-lasting benefits no matter how an organisation’s systems are organised. Whilst simply moving to Cloud can help businesses to scale, it doesn’t help improve delivery speed or quality by itself.

4. To maximise the benefits of Cloud in the future, you need to begin with DevOps now. To get the best from Cloud, organisations need to adopt new ways of working. Many of the services available from leading Cloud providers are “DevOps” tools in their own right, for example AWS CodePipeline. However as mentioned in the previous point “tools underpin working practices and culture”. Use of these tools is only effective with the right working practices and culture in place.

So what does this all mean?

The tech world – and companies like AWS, IBM, Google and Microsoft, who are constantly innovating – are promoting Cloud as hard as they can. We love Cloud too, but it’s not the answer on its own. Although Cloud offers a number of DevOps-type services and capabilities, it’s not a pre-requisite for DevOps

In fact, we would argue that DevOps working practices and culture are a pre-requisite to maximising the benefits it offers. The Cloud is where you host your applications and services for your customers, it is not how you develop and manage them. That is done by people and the way they collaborate is key.

Sure, if you’re a start-up with a blank slate you can adopt Cloud and DevOps from the very beginning – for most, it’s the ideal solution. But for companies with complicated legacy systems that need planning, time and money before even thinking about moving to Cloud, DevOps can make a very real and very significant difference right now.

Don’t let anyone tell you otherwise.

If you would like a friendly chat with the ECS Digital team about implementing DevOps into your business, whether you have adopted or are looking to adopt, then feel free to contact us.

Andy CuretonThe Confusing Relationship between Cloud and DevOps
read more
3 Reasons Why You’re not a High-Performing Organisation

3 Reasons Why You’re not a High-Performing Organisation

Our partners, Puppet, released their annual State of DevOps report (SODR) last month.

There’s one point that stands out throughout – the huge improvements that organisations of all sizes are making in the speed of software delivery, using DevOps*.

In our consumer-driven world, business success depends on businesses finding ways to provide both differentiated and superior customer experiences. Fast and frequent software releases are key to achieving this. But as the software delivery speed gap between low and high performers is narrowing, it’s clear that metric alone cannot create high-performance. What are high IT performers doing differently, and why?

Here’s the three situations we see most often:

1. You’ve simply automated what you already had

Many businesses make the mistake of focusing solely on speed. Automating what you have can make a difference, but it will likely reduce productivity in the long term.

This is reflected in SODR results*, which show a widening of the change failure rate between high and low performers.

SODR authors theorize that this is being caused by a pure focus on speed, and not quality. Let’s face it, delivering poor quality software more often, does not result in happy customers. Instead of focusing on automating, businesses should focus on improving what they have as they automate, to achieve expected results.

At ECS Digital, we’ve seen many companies employ automation simply to keep up with the rest of the market: missing key transformation opportunities that automating presents, and leaving them with the same problems further down the line.  On its own, automation cannot help businesses meet the ever-rising benchmark of high performance. Delivered correctly, automation transforms how tasks are performed: their speed, consistency and traceability. It also frees up time for value-add tasks that may not have previously been achievable.

2. You’ve overlooked the importance  of culture in supporting software delivery

Mechanisms for achieving high-performance have evolved over the past 10 years. We’ve seen a shift from IT-focused solutions (using tools and islands of automation), to a focus on working practices (Continuous Delivery focuses on both working practices and tooling), to DevOps which places greater influence on culture to achieve high-performance.

A highly productive development team, producing well-tested and quality code on a daily basis may at first glance appear the answer to delivering services rapidly to customers. Yet, if that team has to rely on external teams with manual processes to deploy their code, or security teams to then test their code, their ability to deliver at speed is seriously diminished. This is reflected in SODR results*: whilst low-performers are moving at pace, their change-failure rate and ability to recover quickly is significantly deteriorating.

For these businesses, developing a culture that supports software delivery has not been considered a priority. Key areas include:

  • Transformational leadership: Teams with tranformational leaders are twice as likely to deliver high-performance than those without.
  • Adoption of Lean and Agile principles, including small batches, and earlier & continual feedback loops
  • Shifting left of security and testing.
  • Improving collaboration across all software delivery stakeholders.
  • Focus on customer experience and journeys.

High-performing organisations introduce the automation of software delivery strategically – not tactically – into their organisation. This introduction is not done in isolation, but supported by changes in culture to ensure that the bar of high-performance is achieved.

3. You’re not putting enough focus on continuous improvement

Becoming a high-performing organisation isn’t about never making mistakes; it’s about making mistakes as early as possible, and learning from them. High-performing organisations provide environments where failure is as a natural by-product of innovation. They conduct blameless post-mortems where failures are analysed, recovered from quickly, and used as a means to continually improve.

Being able to continually improve is key to both achieving and sustaining high-performance. Even the High-Performance Organization (HPO) Framework (a conceptual, scientifically validated structure that managers can use for deciding what to focus on to improve organisational performance) lists Continuous Improvement & Renewal as one of the key characteristics of a high-performer.

High-performers also continually measure and monitor outputs; allowing them to improve, simplify and align their offerings to what customers want.

Just as the consumer-world is constantly changing and evolving, the process of transformation within any organisation is an ongoing journey. Unfortunately for some, there is no set route to becoming a high-performing organisation. DevOps encompasses a variety of cultures, working practices and tooling. Its successful adoption requires an understanding of the specific needs of your organisation needs – as much as it needs experience and expertise to drive transformation.


ECS Digital offers consulting services to organisations of all sizes, to help them transform their business through the adoption of DevOps and Continuous Delivery practices. If you’re experiencing issues with your transformation journey, are not achieving the results you expected, have reached a blocker or need help assessing cultures within your teams, why not get in touch.

Andy Cureton3 Reasons Why You’re not a High-Performing Organisation
read more
How FinTech is impacting the Financial Services sector?

How FinTech is impacting the Financial Services sector?

There have been several advances in Financial Technology (FinTech) over the past few years.  We’ve seen both traditional financial companies looking to innovate quickly, and new entrants being backed by plenty of investment cash –  but which are here to stay, and what changes will the coming years bring?

We spoke to John White OBE, current chairman of ABOR LTD, ECS Group board member and previous CIO at a range of financial institutions including the Royal Bank of Scotland (RBS), to understand the impact that progresses in digital technologies will have on the banking sector.

Here’s what he had to say:

Q: What have been the main changes to the Financial Services industry over the last 5-10 years?

John White OBE: By far the biggest change we’ve seen is in global investment in Financial technology, which has risen from around 1 billion to over 12 billion over the past 10 years. It has risen in both commercial value and money being spent on it, with London leading the way.

Q: In your opinion, what exactly does Financial Technology mean? 

John White OBE: Many people may know it better in its abbreviated form: FinTech. FinTech exists to support business processes in the banking and insurance sectors. This covers the provision of financial information in the payments, investments, financing and advisory industries. Examples include mobile payments solutions (like Apple Pay and PayPal).

Q: What is the current market place like for FinTech?

John White OBE: The market place is currently strongest in retail, corporate and investment banking – and to an extent in private banking. A priority for UK banks right now is to separate their retail and investment banking divisions, which is costing them a lot and has lead the industry to become extremely cost conscious. In parallel to this, FinTech is offering innovation and hope of optimising and reducing traditional IT costs. As such, we are beginning to see FinTech bypass traditional IT functions (information systems; technology functions) and offer up solutions directly to individual segments of banks.

Q: What change has FinTech made to the banking sector?

John White OBE: A big change has been a focus on innovation and efficiency. Most retail and investment banks, have begun to set up FinTech incubators. They invite small companies to work on their premises, under their guidance, with the hope that they’ll create solutions useful to them.

Q: How are advances in Digital Payments changing the banking approach? 

John White OBE: In my experience, banks generally see digital technology as a great opportunity to move away from legacy systems that can be a huge burden. Managing and running legacy systems costs the big banks billions each year. Banks are traditionally risk averse, meaning that they need to be pushed a certain way to branch into anything new, but new small start-up banks are pushing banks to become more innovative with their use of technology. Right now, banks have handled mobile banking well, and there are many other technologies for banks to make the most of. But security remains a challenge.

Q: What predictions do you have for the future of FinTech?  

John White OBE: Much like the huge number of companies that grew out of the late 1990s Internet boom, I would suggest we’ll see a boom in FinTech companies over the next few years. We’ll see a lot of money and rounds of capital investment being put into the creation of lots of companies and then an inevitable collapse of the companies that don’t make it either because a) they can’t sell or b) they don’t have a large enough customer base to support growth. Out of the ashes, companies with a much stronger base and experience around what will and will not work, will appear.

Q: In your opinion – which areas of FinTech will, and will not, succeed?

John White OBE: Payments (digital wall and peer to peer) investments, banking and insurance & risk management are all prospering, and I expect they will continue to succeed. For me, one of the most interesting areas of FinTech right now is big data and predictive analytics modelling. Many businesses view this as “the future” in terms of understanding who their customers are and what they want. But, very few companies make any money from big data. Amazon is the most advanced company in the world at using big data analytics. They’ve been in the game for around 14 years – and only in the past 12 months announced their first profit! 

Q: Digital payments are a big area in FinTech and the Blockchain technology is also innovating that area. What do you know about Blockchain and Bitcoin?

John White OBE: Blockchain is a distributed database that contains a continuously growing list of records (or blocks) that are completely secure from tampering. That’s great, but what makes it particularly interesting to banks is the fact that each block (or record) contains a time stamp and a link to the previous block, meaning it’s practically unshakable. Bitcoin is an end-user of blockchain, It’s simply digital money, and a way of distributing money between un-clustered and global third-parties, without the need for a bank.

Q: Since bitcoin removes the need for banks, are banks wary of it – or should they be wary of it?

John White OBE: Up until now, Bitcoin has generally been ignored by the banks. There is an exception with global controllers of banks, who have been very troubled by the global currency for some time. US and British authorities are only now beginning to take an interest and recognise bitcoin as something that they can’t stop from growing. Since bitcoin fees are between 0 and 2% whereas card fees are between 2 and 3% (a considerable cost reduction for business transactions), I predict that bitcoin will grow, and banks will need to find the best way to work with the technology.  

Q: Do you think there are going to be other forms of digital payments used on Blockchain?

John White OBE: Yes, I think there will be other forms of digital payment. Younger generations are starting to use their mobile phones more and more, which has so far prompted huge growth in mobile banking. Many problems – including the issue of security – come with this. I believe that Blockchain could offer a more secure method of recording these transactions.

Q: Should traditional banks be worried about smaller and more nimble challenger banks (like Monzo) – or excited that they could transform business?

John White OBE: As someone that used to sit on the executive committee of RBS, I can tell you about a word that always troubles banks: disintermediation (definition: a reduction in the use of intermediaries between producers and consumers, for example by investing directly in the securities market rather than through a bank). Because newer technologies are inexpensive (using newer and less expensive technologies) and readily available, they threaten to disintermediate banks from their customers. Yes, they might steal some customers, but even the top 5 start-up banks have fewer than 50,000 customers. Most of the smaller banks need to first worry about growing their customer base and gaining experience in managing their credits and assets before posing a real threat to bigger banks.

Q: What do FinTech companies need to do to survive?

John White OBE: The first and main concern as a FinTech should be safety and security. Whatever they do, they need to be able to provide assurances to their customer that above all, sensitive financial data is well-protected. To succeed, FinTech companies need to either enhance or add to that protection.

At ECS Digital, we’ve worked with several large retail and commercial banks including RBS, HSBC and LBG. Using DevOps and Continuous Delivery practices, we help organisations across sectors to drive innovation and efficiency, and improve security throughout their business. 

Whether you’re looking to build security into your processes, improve the speed and efficiency of legacy systems or enable organisational innovation by encouraging your teams to collaborate more effectively, shorten customer feedback loops and respond with greater creativity and agility to changes, threats, demands and inevitable failures – please get in touch.  

Andy CuretonHow FinTech is impacting the Financial Services sector?
read more
Adopting Blockchain: How a DevOps approach can help

Adopting Blockchain: How a DevOps approach can help

An often discussed but rarely understood topic, Blockchain – the technology made famous by its role in providing the basis for virtual currency Bitcoin – is on the brink of completely redefining the way we structure and share data, but what exactly is it? And how might a DevOps way of working support its adoption.

What is Blockchain?

“A way of describing Blockchain is to imagine a timeline of trusted data, created by consensus of shared partners, rather than blocks. This is because you can’t re-write or change what’s happened in the past if you make a mistake, you can only adjust to create a better future.”

Daniel Halstead, founder,

For our not-so technically advanced readers, Blockchain is a digital ledger, distributed database or timeline that provides a secure way of making and recording transactions, agreements and contracts – effectively anything that needs to be recorded and verified as having taken place.  It does this by creating public lists of data sets or ‘Blocks’ and distributing them in a de-centralised manner to a network of computers. Each ‘Block’ has a timestamp and link to the one preceding it, something that ensures everybody’s copy of the distributed Blockchain is kept in sync.

Blockchain diagram.jpg
Source: Using Blockchain to Secure IoT

Commercial Opportunities

Despite it being a relatively new topic, Blockchain technology has been around longer than you may think. As we mentioned at the beginning of our article, its’ most well-known use so far is its public Bitcoin or ‘transaction recording’ role. However, the uses of Blockchain are not limited to public financial transactions and the financial services sector, in fact it has two other key roles – Establishing trust/identity and Establishing contracts or ‘Smart Contracts, – roles that could have a significant impact on both the music and legal industries, especially where intellectual property or ‘rights’ are involved and there is a need for a better sharing economy.

But for now, the sector most invested in the possibilities of Blockchain is financial services, and several initiatives can be found below:

  • ABN AMRO is investigating how Blockchain smart contracts can be applied to problems in trade finance and transaction banking e.g. how the technology can facilitate issuance of letters of credit, in which a bank guarantees that a buyer’s payment will be received according to the agreed terms and conditions.
  • US based bank Citigroup has been investigating the possibilities private Blockchains present as well as the introduction of an internal currency focusing on payments and eliminating counterparty risks when dealing with smaller local banks.
  • Santander has identified 20-25 possible applications of Blockchain technology in banking, including international remittance, syndicated lending and collateral management.

Blockchain and DevOps

Financial services companies – the early adopters of Blockchain – are the same organisations that are now wrestling with increasing regulations, cost pressures, legacy IT estates and increasing customer demands. As we have discussed in previous articles, DevOps practices can provide great value to organisations under pressure to become more customer-centric and innovation focused.

The efficiency, quality and consistency that the adoption of DevOps provides is exactly what is required for traditional organisations looking to embrace leading-edge technology such a Blockchain. 

If you have any questions about Blockchain or DevOps, don’t hesitate to get in touch!

ECS Digital are leaders in Automation and Digital Transformation. We’ve been helping enterprises deliver software and software-related services faster and at lower cost through the adoption of DevOps and Continuous Delivery practices, since 2003.

Andy CuretonAdopting Blockchain: How a DevOps approach can help
read more
Building Security into DevOps: Is DevSecOps the beginning of the future?

Building Security into DevOps: Is DevSecOps the beginning of the future?

In early 2015, Gartner predicted 2016 to be the year that DevOps goes mainstream, being adopted by 25% of Global 2000 companiesAs we begin 2017, DevOps adoption is becoming the new norm as the benefits are realised by a wider audience.

Another key priority for organisations is IT security. With 64,000 incidents and 2,300 breaches in 2016 alone, it’s easy to see why the protection of personal data has become increasingly important to businesses and individuals alike.

Gartner recently reported that for 90% of companies using DevOps, security is an afterthought. By 2019, a predicted 70% of enterprise DevOps initiatives will have realised the importance of incorporating security into the foundations of their DevOps practices. Coined by analyst Neil MacDonald in 2012, Gartner calls this DevSecOps.


“All too often, we tack on security testing at the end of the delivery process. This typically means we discover significant problems, that are very expensive and painful to fix once development is complete, and which could have been avoided altogether if security experts had worked with delivery teams throughout the delivery process.”

Puppet State of DevOps Report, 2016


As DevOps becomes the “new normal,” and as security becomes an ever-important part of modern business, teams must build security into DevOps practices.

To remain true to the spirit of DevOps, security needs to be built in at the beginning of the delivery process – at ground zero – and embrace the philosophy of teamwork, coordination, agility and shared responsibility.

In this article, consultants from ECS Digital and ECS Security practices explore why it’s so important to build security into your DevOps practices, how to facilitate this relationship, and how far we are from Gartner’s DevSecOps.


“DevOps teams are delivering at a velocity that security teams are simply not structured to keep up with. By owning the security problem, DevOps teams are more self-sufficient and able to deliver rugged products at speed.”

Jeremy Foote, Managing Consultant at ECS Security


Why do organisations need to build security into the foundations of DevOps?

Put simply, to save time and money by preventing security incidents.

If security is integrated into the foundations of DevOps, teams can feedback on and deal with security issues as they arise, instead of at the end of a lifecycle. Typically, we see that a lot of applications at large enterprises have a final “security check” which often takes weeks, in some cases, months to complete. This slows down the whole process and is a blocker to any DevOps initiative.

By shortening the feedback loop between doing and passing security checks, teams can decrease the number of issues later down the line and improve the security of their applications and environments.


“High [DevOps] performers spend 50 percent less time remediating security issues than low performers.”

Puppet State of DevOps Report 2016


How do you build security into the foundations of your DevOps?

1. Understand what’s at stake if you don’t get security right

A good starting point for DevOps and security teams is understanding the risk of getting security wrong.

Make sure you know the answers to the following questions:

  1. Do I know what would happen if my applications were to unexpectedly fail or were breached?
  2. What about the impacts or pain that would be caused to my organisation from a security breach?
  3. Finally, is my company equipped to deal with these risks, or do we need to invest?

It’s important that organisations understand the worst-case scenario should security be compromised – whether it’s financial or reputational damage.


“The average cost of a breach to large businesses was £36,500, while the biggest cost of a breach recorded in the survey as a whole was £3 million.”

Business Matters Magazine, 2016


2. Focus your security efforts where they matter most

Understanding the worst-case scenario of a security breach helps teams to recognise which applications or systems they should be focusing resources on. Organisations can then make the most of their resources.

Your teams should be aware of which technical components might be exposed, should security be compromised, as well as potential motives for individuals to breach your applications. If a team does not understand the security implications or why it is needed, they will just ignore it.

Teams can then ensure that systems are as secure as they can be, and that testing occurs at the right places.

A vital component of focusing security efforts is communication with the rest of the team, something encouraged through the DevOps methodology. This helps to make sure all teams within IT, Security and business are rowing in the same direction, and delivering with speed, quality and consistency.


3. Provide freedom (but monitor everything!)

Building security effectively into DevOps requires teams to have the freedom to operate freely, and benefit from shared responsibilities.

Freedom enables teams to work effectively whilst shared responsibility means that teams can work quickly towards recovering security issues, without the fear of blame.


 “The hallmarks of a generative organization are good information flow, high cooperation and trust, bridging between teams, and conscious inquiry.”

Puppet State of DevOps Report 2016


At the same time as providing freedom, businesses need to monitor and manage identity and access throughout their systems and applications. Everyone in the organisation should have access and permissions only to the areas they need. This way, businesses can rest assured that the applications that need to remain secure, are.


4. Automate and continuously assess your vulnerabilities

Automation is a key element of DevOps. It supports rapid change within businesses, in a controlled and compliant fashion, which enables them to work at pace.

Your goal should be to include security testing into the daily work of Dev, QA, infrastructure and Operations and automate as much as possible. This alone will go a long way to ensure security issues aren’t tackled at the end of the delivery process. Every manual process could potentially be a security risk, or introduce security debt which is more costly to address over time. However, it’s important to make sure that your software development is secure and identity protected, before you can automate it (and remain confident in the security of your business).

End-to-end automation during development, testing and operations means teams can generate evidence on demand to demonstrate that controls are operating effectively. Such evidence is a requirement for auditors and assessors, and beneficial for anyone else working in our value stream.


“The automation of security processes in DevOps enables teams to discover significant problems — including architectural flaws — that are very expensive and painful to fix once development is complete.”

Puppet State of DevOps Report 2016.


5. Protect your toolchain and your code

Whilst there are many amazing tools available on the market, effective processes and implementation are key. A well-defined and optimised process supported by an average tool will deliver a better outcome than a poor process supported by an amazing tool. Processes support people and are supported by tools. People, Process, Tools is a deliberate order that defines importance and where to focus effort.

At ECS Digital, we call this “People, Processes, Tools”.

Your toolchain controls everything; it provides a backdoor into all applications and infrastructure. If it’s not protected, you risk losing control of your product, which can have serious implications.  For example: provisioning infrastructure dynamically for a purpose and tearing down afterwards provides great assurance that the environment will be the desired configuration. 

If security concerns have not been addressed in the toolchain (who has access to what?) then it may allow inappropriate access, which may cause unauthorised changes leading, to vulnerabilities in your product.

What are the main obstacles when building Security into DevOps?

Whilst bringing security into DevOps can enhance a company’s ability to innovate and prevent security becoming a roadblock, there are always a few obstacles to adopting new ways of working in an organisation. Some of these include:

  1. Differing priorities

Security teams are not traditionally included as a DevOps stakeholder, which means they can have different priorities. To build security effectively into the foundations of DevOps, they must be included and their priorities aligned.

  1. Going at pace

Deploying at pace using DevOps can be viewed as risky by security teams as mistakes might be made. Aim to maximise the use of automation as part of your DevOps adoption, minimising human errors as much as possible whilst moving at speed.

  1. Adopting DevOps incorrectly

There are many horror stories around companies adopting DevOps incorrectly, and most of these failures are to do with culture. If businesses fail to embrace DevOps across entire organisations, it is often only enabled in certain sections. This can then cause further silos, resulting in failure.

In other words, if you have the wrong culture, your DevOps and your DevSecOps projects are likely to fail.

  1. Dealing with legacy systems and teams

There are battles adopting different cultures, processes and tooling within any organisation. But these can be more prominent within a traditional organisation, where people and processes have been working in certain ways for some time. We believe that all organisations – big, small, old or new – can adopt elements of DevOps to help achieve their business objectives.

  1. Maintaining governance structure

Working as a unified and aligned team (physical or virtual) removes security from the sole hands of security professionals. This change in governance could create issues between teams used to being in control, and has the potential to create issues for other teams without the correct training or background. The management of security governance needs to remain a key priority of businesses to get this right.


Know when to get help!

Whilst ECS Digital fully believes in the results of DevOps, like any framework or collection of methodologies, regular feedback is key to ensuring that you’re delivering products securely and to also look at how to improve from past situations. Companies must remember the significance of knowing the status of and gaps in their workflows, always.

Only through complete transparency can teams know when they’re working securely, and when they might need additional help.


Soon, many organisations will have adopted DevOps in one way or another.

Security breaches have potential to destroy company reputations, lose customers and revenue, and ultimately stop business. Just one of many examples includes Yahoo, who had 1bn email accounts compromised by biggest data breach in history and continue to battle questions around the security of customer data.

As application security becomes more and more of a critical concern for businesses, it’s going to become crucial that security is built, correctly, into the foundations of DevOps practices.

Whilst DevOps facilitates teams working together, the integration of DevOps and Security teams might require compromise from both sides to work together effectively.

Businesses that build in security at the beginning of the delivery process – at ground zero – and work to embrace the DevOps philosophies of teamwork, coordination, agility and shared responsibility, will be those that succeed in 2017.

How far away from Gartner’s DevSecOps are we? At ECS Digital, we’re first to admit that most companies aren’t quite there yet. But, we’re getting there, and we believe that with a slight change in focus, DevSecOps will become a reality over the coming years.

Are you building security into your DevOps?


How can ECS Digital help?

At ECS Digital, we understand the importance of integrating Security into your DevOps practices. Working in partnership with our colleagues at ECS Security, we’re able to focus our expertise to not only increase the speed and cost efficiency of your software-related services – but also their security.

Many of our customers begin their journey with ECS Digital through our DevOps Maturity Assessment. We’ll review your organisational culture, structure, processes and tools and recommend how DevOps and Continuous Delivery methodologies could be implemented to deliver more value to your company. Get in touch here.

Looking to assess the strength of your security practices? ECS Security offers a Security Assessment. They’ll provide you with visibility into how strong your security practices are, and areas that you should be focusing on. Get in touch here.

Andy CuretonBuilding Security into DevOps: Is DevSecOps the beginning of the future?
read more
“Continuous Innovation” WTF is that about?

“Continuous Innovation” WTF is that about?

For those that haven’t noticed, we recently re-branded. We’d love to hear your thoughts in the comments below.

Following our acquisition by ECS Group, Forest Technologies has become ECS Digital. And with that re-brand, comes a new tagline. You’ve probably seen it: it’s splashed across our homepage, our business cards and our conference swag: Continuous Innovation.

We think it sums up everything we do here at ECS Digital – and why – but what exactly does it mean?

Put simply, continuous innovation is what it says on the tin: It’s a methodology that allows companies to continuously improve in line with customer demand and market expectations, as well as new and existing competitors.

But, why is Continuous Innovation so important?

Nearly 100 years ago, Albert Einstein, himself, said:

“we cannot solve problems with the same thinking we used when we created them”.

This has never been as true as it is today.  Customer expectations have dramatically increased in recent years with the consumerisation of IT. Since the emergence of disruptive industry challengers, web 2.0 companies have begun to establish not only new markets, but new ways of consuming existing or traditional services.

As we head deeper into the digital age, new products, services and features are surfacing all the time, and customers have come to expect these to be delivered to them quickly.  This speed at which the consumer market is moving is forcing companies to innovate at an ever increasing rate.  With the breadth of choice and ease of switching providers eroding customer loyalty, this innovation has to be delivered to the highest standards.

Increasingly, companies are finding that in order to survive – let alone grow – they need to change the way they work.  At the same time, they’re being pushed to do more with less (or at least the same) making it imperative that organisations work smarter, not harder. It is no longer an option to do what’s always been done.


Industry disruption is so real nowadays that all businesses face the threat of disruptor companies.

In fact, compared to 1995, only 12% of Fortune 500 firms remain, thanks to the creative destruction that fuels economic prosperity, and the average time companies now spend on the Fortune 500 will shrink to 12 years by 2020 from 60 years back in 1960.

The more agile and able to innovate you are, the easier it is to keep up with changes in consumer trends, and avoid going out of business.

Let’s rewind a few years…

…and remember Blockbuster:  In 2004, the leader in home movies and video game rentals was valued at over $6 billion.   By 2010, Netflix had become a household name for online video streaming services, rendering Blockbuster stores bankrupt.


Despite Blockbuster’s efforts to send rentals-by-mail and offer streaming services, they were unable to do so soon enough. Blockbuster were beaten to the post by a company that could innovate both continuously and rapidly, and left by fickle consumers demanding convenience at speed and value. Those of us that remember can only reminisce on the Friday nights going to Blockbusters, grabbing some popcorn and renting the latest releases.

If Blockbuster had been capable of innovating and delivering new services to customers faster, could they have competed against Netflix? 

It’s possible: more than simply allowing companies to stay ahead of trends, innovation has become one of the keys to dominating a market. Evolution is no longer enough to win, let alone retain customers:“The light bulb wasn’t invented by continuously improving the candle…it was about understanding what the job to be done was and then stepping back to look for solutions to solve this.”

Picture1-4.pngWho would have thought the adoption of agile principles would allow the world’s biggest online book seller, Amazon, to not only kill the traditional bookstore, the traditional bookstore, but become the world’s biggest cloud provider?

What if Amazon launched a bank…?

How does ECS Digital help companies achieve Continuous Innovation?

Here at ECS Digital, we believe that everything is done with the aim of helping our customer achieve continuous innovation.  As a DevOps and Continuous Delivery consultancy, we help companies of all sizes to adopt the working practices, processes and tools that enable them to deliver the continuous innovation that customers and users demand.

DevOps itself is an enabler of innovation.  As well as improving the speed, failure rates and efficiency of organisations, it encourages businesses to:

  • Collaborate more effectively, making for not only more satisfied and productive employees, but a more rounded view and wider pool of internal ideas. As Adam Jacob, CTO of Chef once said, Happy people make happy products.”

Achieving the above allows companies to continually innovate. At ECS Digital, we transform enterprises through the adoption of DevOps and Continuous Delivery, allowing them to stay ahead of competition and giving them the opportunity to disrupt their markets.


To learn more about how DevOps helps organisations to innovate, why not read my article, placed in Horizon Business Innovation: DevOps enables CIOs to create Innovation.”

Andy Cureton“Continuous Innovation” WTF is that about?
read more
DevOps enables CIOs to create Innovation

DevOps enables CIOs to create Innovation

Why has Innovation become such a high priority to the CIO? And how can DevOps help?

In the spirit of the Innovation Leadership Summit, our founder Andy Cureton, takes a look how DevOps can help CIOs achieve the most prominent 2016 objective: Innovation (up 19% since last year alone).


You can view the full article as published in Horizon Business Innovation, here.

Andy CuretonDevOps enables CIOs to create Innovation
read more
HashiCorp selects ECS Digital to be official Training Partner in UK

HashiCorp selects ECS Digital to be official Training Partner in UK

Industry leaders partner to extend the adoption of DevOps Infrastructure solutions

San Francisco, London 8th September, 2016 – Forest Technologies (now ECS Digital), the leading DevOps and Digital Transformation Consultany headquartered in London, and HashiCorp, the leader in DevOps Infrastructure solutions, today announced a strategic partnership wherein HashiCorp will leverage ECS Digital’s significant training and enablement experience to broaden the adoption of HashiCorp tools in the United Kingdom.

Under this partnership, ECS Digital will provide public scheduled training courses initially on the Consul, Terraform and Vault products.  ECS Digital will also add the HashiCorp solutions to its reference continuous delivery tool chain for their customers’ DevOps and digital transformation engagements. Every business relies on software to deliver value to its customers and DevOps is the perfect catalyst for innovation in software development, and more importantly a powerful tool for organisations looking to stay relevant in an ever-changing digital-led market.

“HashiCorp is a company that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks.  Since it’s formation in 2012 to support Vagrant development full time, HashiCorp has continued to develop products that solve specific infrastructure problems”

says Andy Cureton, Managing Director of ECS Digital.

Terraform and Vault are two such market leading examples.  We are delighted that HashiCorp has recognised Forest Technologies – now ECS Digital’s – experience and thought leadership in the DevOps community.  We look forward to broadening the HashiCorp community and adoption of the products with this training partnership.”

“We’re excited to have Forest Technologies (now ECS Digital) be part of the HashiCorp training partner program. Their expertise in DevOps and advanced Continuous Delivery workflows makes them an ideal partner for HashiCorp as we look to scale our training offerings in the United Kingdom”

says Burzin Patel, VP of Startegic Alliances at HashiCorp. 

This partnership puts great products and great people together to ensure our collective customers gain maximum value from their investment in HashiCorp.

ECS Digital Logo.png 

About ECS Digital:

ECS Digital, a leader in automation, helps enterprises deliver software and software related services faster and at a lower cost through the adoption of DevOps and Continuous Delivery practices.  Fanatical about customer service,  ECS Digital consultants are hired as much for their DNA as their ability. Established in 2003 with headquarters in London and offices in Singapore ECS Digital has over 100 customers from startups to enterprises across sectors including finance, retail, telco, and online gambling. More information can be found at

Connect with ECS Digital on Twitter and LinkedIn


About HashiCorp:

HashiCorp is the DevOps infrastructure company. HashiCorp technology aligns development, operations, and security to accelerate application delivery. The company manages seven open source tools (Vagrant, Packer, Terraform, Serf, Consul, Vault, and Nomad) that span runtime, infrastructure, and security management. Enterprise versions of Terraform, Vault, Consul, and Nomad enhance the respective open source tools with enterprise features that promote collaboration, policy-validation, and intelligent automation. The company is headquartered in San Francisco and backed by Mayfield, GGV Capital, True Ventures, and Redpoint. For more information visit:

Connect with HashiCorp on Twitter and LinkedIn

Andy CuretonHashiCorp selects ECS Digital to be official Training Partner in UK
read more
ECS takes DevOps to the Enterprise with acquisition of Forest Technologies

ECS takes DevOps to the Enterprise with acquisition of Forest Technologies

Proof that DevOps is going mainstream, the acquisition of Forest Technologies by ECS aims to fill the gap between global consulting behemoths and niche players for large businesses undertaking digital transformations.

ECS Digital will be one of only a handful of companies to implement large-scale DevOps projects for established brands including a global top three retailer, a top five UK retail bank and a large European telco.

To read this article in full on the ECS website, please click here

Andy CuretonECS takes DevOps to the Enterprise with acquisition of Forest Technologies
read more