Stories
June 8

Standardization and security, a perfect match

This session talks about the challenges Northwestern Mutual faced with too many tools and too much choice. We talk about the idea of the "Paradox of Choice" and how it applies to platform engineering. Our approach to standardizing involved standardizing the tooling, the CI/CD pipelines, and implementing many guardrails. We also discuss the many cultural and organizational implications of this approach.
Talk abstract

How often have you scrolled through Netflix and had trouble finding something to watch? Or found yourself standing, staring at a kaleidoscope of flavors of ice cream at the grocery store? Choice is a luxury. We all prefer to have more options, not less. This is why ample choices are often considered a symbol of privilege. However, there comes a point when too many choices can start to hinder our decision-making ability. Too many choices can also hinder our security posture.

At Northwestern Mutual, we’ve had multiple tools (choices) - Multiple systems for Source Code, Build, artefact storage, deployment etc. Furthermore, we had various patterns of development and templates, with teams left with the choice to pick “what’s best for them.”

All the evidence indicated that all this choice was causing the teams to feel overwhelmed and hence creating inefficiency and increasing our time to market, leading to a paradox of choice. A Paradox of Choice with an overabundance of options could lead to anxiety, dissatisfaction and many ways to exploit systems.

So we decided to tackle this. There are several technical, cultural, and organizational implications to this. 

Join us as we share the story of how Northwestern Mutual improved our Cloud Security posture through standardization.