None of us are as fast as all of us Volume 1 / Issue 5    


   OVERALL PROGRAM

"I think goals should never be easy, they should force you to work, even if they are uncomfortable at the time." - Michael Phelps

Hello team! There are some exciting initiatives starting up and we wanted to make sure everyone saw all the great progress being made.




IDC HAS PASSED GO!

With some amazing leadership by Sudha Meruva and an incredibly passionate mission team, the Devopoly program is now in full swing in our IDC office. This month, the IDC team celebrated the kick off with their first Devopoly social, featuring a Game of Thrones theme. It looks like they had a great time, and they have already started talking about planning the next one. Great work everyone!



There are a bunch of teams from IDC that are now progressing through signoffs. Most recently, the Data Engineering team RCS has completed the first 5 Devopoly tiles, and are now operating with a fully automated CI/CD pipeline. Great work! Helix-CMS is another team that has made amazing progress, having recently completed the Feature Flag tile. It's gratifying to see teams come together to make their pipeline and work environment that much better.

Please join me in congratulating our Grand Prize Winner in IDC, Rohith Ramakrishnan and the entire IDC office in what was an amazing Devopoly kick-off! If you would like to read about more success stories, click here.




TAXOPOLY LAUNCHED!

Why stop at one game when you can have two? San Diego recently kicked off Taxopoly which is the gamification of the tax content development pipeline and process. The game will differ from Devopoly in that the tiles must be completed in order. Our first tile out the gate is the "Best Tech" tile which will help to ensure that we are creating content using the best methodology and with the most appropriate tooling. This is our first step into modernizing the tax tooling pipeline and will get us one step closer to a tax season where the goal will be ZERO tax accuracy issues!



Keeping with the launch theme, the kick-off was a blast. We passed out a ton of shirts during the event; so many that we needed to order a resupply for the next event! If you are in the tax organization and have not yet received your Taxopoly shirt, please contact Chad Bell, who will literally give you the shirt off his back.


CG SECURITY ON PATROL

Here to help you build Trust with our Customers

Did you know CG has its own team of security and compliance SMEs who can help you build security into your offerings and processes? Over the past two years, CG Security Director Marios Leventopoulos has hand-selected a team of multinational Intuit employees with diverse and substantial skills in data protection, secure software development, audit, fraud prevention and detection, and compliance. Dedicated to and embedded in CG, most of us are based in San Diego, with one representative in Canada and another in India. Wherever you need to build trust in your services, we are at your service!

Wondering about Contrast and IQServer? Curious about penetration testing? Flustered by regulatory audits? We're ready and eager to answer your questions about security and compliance. Here's how to reach us:

Slack: #ask-cgsecurity
Weekly CG Security Office Hours: Mondays at 10:00 PST in SDG-01-04 De Anza Cove or on BlueJeans
How to engage CG Security



Behind the INDOR Success: CG Security Partnering Across Intuit to Ensure Indiana Taxpayers Can File with Intuit

Just before the long Christmas holiday weekend, Intuit received a much hoped-for gift from the Indiana Department of Revenue (INDOR): approval for Hoosier taxpayers and accountants to use Intuit's tax filing systems and supporting services for TY18. Getting INDOR-certified for TY18 was just the start -- there's still work to be done to ensure we continue to meet INDOR's demanding level of information security, including upgrading our encryption services to FIPS 140-2 validated services and adopting SELinux in enforcing mode.

Since 2016, INDOR has examined the security posture of all online tax filing services doing business in that state. Each year, they've raised the bar on what's acceptable, leading to this year's mandate that INDOR-certified systems must meet or exceed the same system security configurations the US Department of Defense (DoD) demands of its systems -- and be able to prove we do what we say we do. In 2016 and 2017, meeting the INDOR standard required manual, arduous, time-consuming and disruptive work running concurrently with season readiness activities. The estimated level of effort for TY17 alone was 450 hours of tediousness! And in TY18, INDOR was requiring much more documentation and much greater rigor in what and how we reported.

To meet the challenge, a cross-functional team, led jointly by CG Security and IIS Governance, with significant contributions from CG SRE, PCG, Intuit Platform (PI), Product Infrastructure Reliability Engineering (PIRE), and Corporate Affairs turned the manual work into a sustainable program, supported by automation to ensure we could report on, monitor and implement good security practices into our offerings with minimal effort any time we chose throughout the year. Here are some of the numbers behind our TY18 INDOR certification:

  • 44 in-scope Intuit applications and services
  • 20 elements of the tax filing ecosystem technology stack (3 O/S, 7 DBMSs, 6 application layer tools, 4 network components)
  • 15 Department of DoD Security Technical Implementation Guides (STIGs) and Security Requirements Guidelines
  • 35 spreadsheets covering 4,752 distinct DoD security controls
  • 22 Intuit policies and standards
  • 117 responses to INDOR questions about our initial submissions
  • 38 key contributors from 6 BUs/FGs
  • Countless hours of coordination, collaboration and support over the course of 5 months, including logging in to work on weekends, late nights, very early mornings and several sick days
  • Certification received 2 weeks earlier than last year.

Thanks to lots of hard work, over a million Indiana taxpayers have the option to use our products for TY18 and Intuit has an established foundation of compliance automation upon which to build increased visibility into our security posture year-round.



SRE's ARE OPTIMIZING COSTS

The SRE team has a dedicated Cost Optimization Pillar, with the specific goal of operating in AWS with the lowest price while maintaining reliability. The team has been executing on several efforts over last two quarters that will reduce annual spend by over $300k annually. We are already seeing improved EC2 and RDS Reserved Instances coverage and infrastructure utilization as a result. CG is leading the Intuit ecosystem in implementation of best practices in AWS in this regard. Looking forward, in FY20 the goal is to aggressively drive savings by optimizing the AWS footprint.



You can learn more about CG Cost Optimization strategy here: Cost Optimization Strategy

More resources:

AWS scaling trend and status of Tax Ecosystem
AWS Cost Monitoring




DELIVERING QUALITY TOGETHER

A big thank you to everyone who contributed to our strong, quality-first TY18 season. We entered second peak with 14% fewer open defects compared to last year, and with 3% fewer leaked defects to production. That means our customers saw less defects, and therefore we built more trust with them, which is always our goal. The Quality Center of Excellence is working on the following initiatives to further improve quality in FY19 Q4:

  • E2E Automation running nightly
  • Defining and Documenting Quality Best Practices & Standards
  • Tax content unit tests running part of CI

Stay tuned for updates on progress in future newsletters!



A TOOL FOR EVERY JOB

Workbench

In our never-ending effort to improve the working environment of our tax experts, we recently added the ability to perform Text Search for Help and Diagnostics Content. This allows users to find content when it is not directly associated with Form or Field, and therefore simplifies the process of identifying the total impact. We've also enabled the preview for Help and Diagnostics Content. We gauge our success via adoption (it's easy to make tools, but hard to make tools people want to use). We now have an average of 15 unique users per day, which is over 3 times the total users at our last checkpoint, so we're moving in the right direction.

We need a feedback loop to succeed, so let us know what you think! Email or Slack Anant Saxena with any ideas, suggestions, funny gifs you found, or feedback.



Office Hours
Remote Office Hours: Thursday At 10am (PT) Blue Jeans
SDG Office Hours: Thursday At 11am (PT)
IDC Office Hours: Thursday At 9:30am (IST) Blue Jeans

Dashboards
You can review the leaderboard and see where your team is along the path compared to other teams.

Devopoly Season 2 Prizes!
Spin to Win has changed! We have added a few new prizes to the wheel and one "Mystery" prize. First one to hit it finds out what it is!



        CONTRIBUTING WRITERS:
        The Speed and Trust Organization