Coinbase & GitHub
Industry: Financial services
Company size: 50+
Location: Headquartered in San Francisco, CA
Coinbase is the world's largest consumer-facing Bitcoin company. The company offers a hosted wallet service, a professional exchange service, and an API platform for developers and merchants, all with the goal of making it easier for the world to use Bitcoin as a standard digital currency
Few people associate the highly-regulated financial services industry with ideas like openness, collaboration, and experimentation. Coinbase set out to change that by putting a system in place that would allow it to function more like a fast-moving technology startup than a bank. The result? A company where every employee is empowered to directly contribute to its core product and policies, without compromising security or compliance.
Rob Witoff, Director at Coinbase, explains, "Because of the confidence we have in our tools, anyone at the company can go beyond asking questions and actually take actions that make our product more secure or impactful for users and customers—not in weeks or months, but in hours."
Setting a new standard for transparency
Coinbase has been actively using GitHub since the company was founded in 2012. But when highly-secure collaboration became a business-critical initiative, upgrading to GitHub Enterprise was the first step toward creating the organization-wide transparency the team needed.
"Almost everything we do as a company is kept inside of GitHub Enterprise, from security controls and application code to internal policies," Rob says. "We call it company-as-code: a reminder that everything we do can be transparent and accessible by our employees because it's all version controlled and securely hosted and managed."
What makes this level of transparency possible is the combination of secure technologies that compose Coinbase's deployment stack, and the review process changes go through before they are pushed to production. "Through pull requests, protected branches, and controls for merging to master, we're working to eliminate single point failures while maximizing our ability to collaborate," Rob explains.
"Almost everything we do as a company is kept inside of GitHub Enterprise, from security controls and application code to internal policies."
A living model for security
The combination of strict government regulations and expensive, highly-embedded technology stacks can make it challenging for financial services companies to quickly change security policies or add and update technology. Coinbase purposefully built its technology around GitHub Enterprise to accommodate fast and frequent updates.
"Many financial services firms have rigid infrastructure and security policies designed to be deployed once to avoid introducing unnecessary risk. But technology is moving too fast for us to stand still. Constant innovation keeps us at the forefront of security and our industry," Rob says.
A Coinbase fraud analyst recently discovered that some of the company's risk controls could be improved. Rather than calling a meeting or waiting for an engineer, the analyst used GitHub Enterprise to directly propose a change through a Pull Request, explicitly optimizing the controls. When a Pull Request opens, a bot automatically begins the code review process. In this case, it streamlined a discussion with a payments engineer and the optimizations were pushed to production within the hour.
Even non-engineers across Coinbase are empowered to propose in-product changes. "Because of the GitHub workflow and Pull Request, this analyst was able to make our users safer within an hour, rather than days or weeks," Rob explains.
"GitHub is one of the de facto tools that engineers want to use, and because of that, we don't have long, expensive onboarding periods or productivity gaps."
An engineering environment rarely seen
"Working with GitHub has allowed us to work in a heavily regulated space and still maintain a strong engineering culture. We're resetting their expectations for what it means to work in finance," Rob says. "GitHub is one of the de facto tools that engineers want to use, and because of that, we don't have long, expensive onboarding periods or productivity gaps."
When a Coinbase intern noticed that some firewalls needed updates, he was able to propose a change and kick-off the process to deploy it to production. "It's rare for a company to let interns see code in this way, let alone have the autonomy to propose such extensive production changes. We've been able to default to an open policy with interns because of their familiarity with GitHub and the review cycle that happens through pull requests," Rob comments.
Using GitHub Issues as the foundation, Coinbase's infrastructure team was able to optimize project management by integrating the preferred tools of multiple teams with GitHub Enterprise. "All of our infrastructure management centers around using GitHub issues, whether it's our standup meetings that center around our Waffle.io integration or collaborating across the engineering team on forward looking features."
Rob continues, "I have yet to have an example where an engineer has asked me how to use GitHub, but it's about much more than that. It's about creating the best experience for engineers that centers around collaboration. It's about creating an environment where everyone is empowered to make a serious impact."