How Anxin Securities Achieved Advanced DevSecOps Maturity in Financial Services

Large enterprises worldwide have found that standardization and tool empowerment are key to success. The DevOps standards and the DevOps continuous delivery pipeline platform based on these standards can significantly improve quality, efficiency, safety, and agility, boosting market competitiveness.

On December 26, the China Academy of Information and Communications Technology (CAICT) announced the latest batch of evaluation results for the DevOps series standards and AIOps series standards.

Anxin Securities Co., Ltd. participated in the evaluation with its Financial Store System project, which successfully passed the level‑2 assessment of the "Research and Development Operations Integration (DevOps) Capability Maturity Model" security and risk management (DevSecOps) module, indicating an advanced domestic level in DevSecOps.

To date, Anxin Securities has passed five CAICT DevOps standard evaluations: three for continuous delivery, one for technical operations, and one for security and risk management.

Interview Overview

Q: Please introduce yourself, your company, and the project you evaluated.

Li Weichun, Security Director of Anxin Securities, explained that the company is a fully licensed comprehensive securities firm under the State Development Investment Group, serving over 8 million clients with trading and wealth‑management IT services. The Financial Store System provides a complete investment‑trading suite, including intelligent wealth management, fund trading, asset panorama, personalized products, and non‑financial product ordering.

Q: How did the DevSecOps level‑2 assessment feel?

Li expressed great satisfaction, noting that the project’s success reflects advanced practice in DevSecOps. By aligning with industry standards and leveraging Anxin’s own technical characteristics, the team built a distinctive secure development solution, improving overall security and risk management.

Q: Why did you decide to participate in the DevSecOps assessment?

Li explained that Anxin Securities follows a "business‑driven + technology‑enabled" philosophy, integrating blockchain, cloud computing, and big data into its digital transformation. DevSecOps, as a security‑focused extension of DevOps, embeds security throughout the development lifecycle, enhancing efficiency, quality, and investment returns while controlling risks.

Q: What benefits has the assessment brought?

Li noted that the assessment confirmed the correctness of their security direction, establishing robust security processes and raising team awareness and skills. The experience will be generalized to other projects, achieving comprehensive security left‑shifting.

Q: What are the main security challenges of the Financial Store System?

The system’s critical role demands high risk‑prevention and identification capabilities.

Serving over 8 million internet users, the platform faces challenges in confidentiality, integrity, and availability.

Rapid adoption of new technologies introduces security and compliance risks that must be addressed.

Q: How do you implement DevSecOps across culture, process, and technology?

Qin Yangqing, Development Security Lead, described strong leadership support, cross‑team collaboration mechanisms, regular security training, embedding security checkpoints into the DevOps workflow, and automating security testing, hardening, and knowledge‑base management.

Q: Was the assessment process smooth? Any difficulties?

Qin said the assessment focused on material preparation and demo environment setup. Strict project planning, weekly meetings, and timely issue resolution ensured a smooth evaluation.

Q: What are the biggest gains and next steps?

Qin highlighted clarified information‑system classification standards, improved security requirement management, online security knowledge‑base, and automated metric tracking. Future plans include promoting the best‑practice solution to other projects and further advancing DevSecOps capabilities.

Q: What is your view on the future of DevOps?

Qin believes DevOps will continue evolving to meet business goals, and DevSecOps, as its security‑enhanced extension, will become the mainstream, helping enterprises address security risks early in the software development lifecycle.

The article also provides an overview of the "Research and Development Operations Integration (DevOps) Capability Maturity Model" developed by CAICT with industry partners, noting its status as the first international DevOps standard approved by ITU‑T in 2020.