Test env: Separate permanent envs. From playground where nothing matters, env with some fake data in similar databases and variants of all systems, to mirror of prod with anonymised data, then prod
There are dummy online banking web interfaces
What sets it apart is that the operating system is painful to use and never stops being painful to use. And your employer is paranoid and keeps you in a digital prison for security so very few permissions so there is no creativity or off-road improvisational innovation just assemblyline style development
That, um, sounds reasonable to me in the context of what they're developing.
But this is regretful, and slows down everything by orders of magnitude. One of the big problems is lack of EFFICIENT documentation/Quick Starts. The guides are labrynthine in layout, looping and colliding spiders' webs of wtfness.
Access to production and its data should be highly regulated. Ideally no dev machine has any kind of write access to prod - instead it's commit access to a (non-master) branch which needs multiple approvals to be merged into a release branch.
Access to dev environments and their local code? Who cares, let them explore. As long as all code is reviewed prior to deploying, they could even be developing on a compromised machine and the live system will still be secure.
I think anything that could be appropriately described as infrastructure could also be described as outdated and messy, so that's not necessarily a reason in and of itself to let people experiment on banking infrastructure. Are software engineers (again, the type who end up working for the federal government and banks and government contractors) any more qualified to experiment on this stuff than people who have working in banking and finance?
Are they qualified? Sometimes a fresh perspective and courage is what is actually required rather than the home blindness that comes with following the careful bureacratic method for decennia. I would want there to be at least one mechanism in the universe that willpower from the bottom to actually improve the health of the core of these old institutions and companies. There is no mechanism at all currently for the person doing the actual work to take ownership, out of passion or duty, without first climbing the corporate ladder and becoming the grey suit decisionmaker not actually doing the tinkering any more.
I want to be able to own my own risk. If I identify a team need or personal need or business need I want to prototype it autonomously and have the control over my own computer and systems to do so while following all tests and procedures. I can pass it upward for a green light while following all test and development practices. Not only put someone elses decisions into practice while being bottlenecked by guardrails. These old institutions and old companies would pay anything to have something resembling startup agility, but they won't give up any power to self-selected intrapreneurs. I say let me own my own calculated risk . It can even be calculated risk, agreed ahead of time, this happens, that consequence. Off with my head, sure, tell me the cost that comes if I fail with some freedom and if it's losing my job then I'll accept it. If it's paying out of my pocket then I'll accept it. I'm not saying be reckless or not know what sort of risk one is taking. Open the door for calculated personal risk and let me remove the appropriate part of the guardrail. What's the point of being here if I can't use my own life force to change for the better that which crosses my path. Certainly not going to waste time, just fire me or fine me, I agreed to it to do more and better work because I care, hypothetically.
I'll admit the risks that comes with more access, if the risk is uncalculated and can't be owned in scale. Don't take risks, any at all, where the worst outcome is unethical or illegal, for everything that is production and customer data, or where the worst outcome is not even understood or out of scale. So some mindfulness, yes.
If someones personal tool becomes actually useful and the person leaves, then it becomes a weak link in an already unhealthy codebase. Or if they take decisions that don't come from above and somehow have enough access to also leak customer data or cause production issues, then compliance fines could happen. Or getting hacked, or breaking laws with unlicensed software or piracy or anything else, or disrupting other teams, or causing irreversible damage or data loss. Scary, I admit it! I see the paranoia from the top and I empathise!
Let's use bottom-up freedom for replacing the infrastructure with new technology, or lifecycle treatment or archiving, not for entrenching it with new development, or just not knowing what one is doing. But let's not get paralysed with fear. The scale is too heavily tipped in one direction. Shift it in the right direction.
