SWIFT, the backbone of global financial messaging, faces an automation challenge unlike most organizations. With tens of thousands of virtual machines, network devices, and elevated privileges spanning production systems, every Ansible playbook executed represents a critical node in a vast software supply chain. At Red Hat Summit 2026, Suvasish Ghosh, Product Owner for CI/CD Engineering and DevOps Engineering Services at SWIFT, revealed how the organization transformed its automation governance to meet these unprecedented demands.
Automation governance: a necessity, not an option
For SWIFT, automation isn’t just a convenience—it’s foundational infrastructure. The organization connects over 11,000 financial institutions worldwide, meaning even minor disruptions in automation pipelines can ripple across global financial systems. This reality demands that governance be embedded into automation workflows, not treated as an afterthought.
Regulatory frameworks like the Digital Operational Resilience Act (DORA) reinforce this need, but SWIFT’s approach goes further by treating automation as production code from the outset. As Ghosh emphasized during the summit, "We spent a lot of time being compliant and secure in our application, but we often don’t pay too much attention to what’s coming into our development environment via Ansible collections and through badly written Ansible scripts." This oversight introduced potential vulnerabilities in the very tools used to build and maintain the infrastructure.
Modernizing playbooks at scale: the numbers behind the win
The first major test of SWIFT’s new governance strategy was a migration from Ansible 2.9 to 2.16—a task that, if handled manually, would have consumed approximately 100 hours of engineering time per 100 playbooks. With around 2,000 playbooks in their estate, the manual route was clearly unsustainable. The real bottlenecks weren’t the fixes themselves but the upstream challenges:
- Identifying which changes were necessary
- Locating the correct solutions in an ever-expanding knowledge base
- Validating fixes before deployment
Enter Steampunk Spotter, a tool designed to automate these exact pain points. Spotter scans playbooks, identifies required changes, cross-references solutions from trusted sources, validates fixes, and even auto-rewrites playbooks in most cases. Engineers then review and approve the changes, eliminating the need to rebuild playbooks from scratch.
The projected outcomes for SWIFT’s modernization initiative speak for themselves:
- Over 2,000 playbooks targeted for migration
- An estimated 75–85% of fixes automated
- A savings of approximately 6,500 engineering hours
- Completion of the migration within three months
This approach allowed SWIFT to execute a controlled, auditable transformation without derailing ongoing operations or requiring a multi-quarter overhaul.
Beyond migration: embedding governance into daily workflows
The success of the migration project set the stage for a broader transformation in how SWIFT manages automation. Steampunk Spotter is now integrated into two critical areas of their automation lifecycle:
Pre-approval assessment of third-party Ansible collections SWIFT needed a way to safely leverage community-driven Ansible collections like community.mongodb and containers.podman without expanding their attack surface. Spotter provides risk-based reports on Galaxy content, enabling SWIFT to approve high-value collections with confidence. This not only streamlines internal adoption but also simplifies compliance reporting for auditors.
Continuous enforcement of security and compliance standards Every internal Ansible playbook now undergoes automated scanning before reaching production. This real-time oversight catches vulnerabilities, misconfigurations, and policy violations early, reducing reliance on manual spot-checks. The same policy engine, software bill of materials (SBOM) analysis, and vulnerability scanning apply uniformly across all teams, ensuring consistency and reducing tribal knowledge.
Feedback loops further strengthen this system. Issues and findings are automatically routed to Jira and ServiceNow for resolution, while security signals flow into SIEM tools like Splunk and QRadar. Compliance reports align directly with frameworks such as FFIEC, PCI-DSS, and SOC 2, simplifying audit processes.
Four pillars of a scalable automation governance framework
SWIFT’s approach to automation governance rests on four core principles that any organization can adapt:
- Visibility
Full transparency into what is executed, including all dependencies. Eliminate blind spots by cataloging every playbook, collection, and module in use.
- Consistency
Uniform rules across all teams. No exceptions, no undocumented shortcuts. Automation policies must be universal.
- Policy as code
Human memory doesn’t scale. Policies must be machine-readable, version-controlled, and updated alongside the platform.
- Feedback loops
Early, automated detection of issues within the developer’s workflow. Address problems before they reach production, not after.
Far from stifling innovation, this framework ensures that operational speed doesn’t come at the cost of security or compliance. Instead, it creates a foundation where velocity and governance reinforce each other.
Key lessons for your automation journey
The challenges SWIFT faced aren’t unique to financial services. Organizations of all sizes wrestle with legacy automation sprawl, security risks in third-party content, and the need for real-time compliance reporting. The takeaways from SWIFT’s initiative are clear:
- Treat automation as production infrastructure, not an afterthought.
- Automate the upstream challenges—identification, validation, and remediation—before they become bottlenecks.
- Embed governance into daily workflows to prevent technical debt from accumulating.
- Use policy as code to enforce consistency and scalability.
As automation continues to expand its footprint across industries, the organizations that succeed will be those that recognize governance not as a constraint, but as the enabler of sustainable growth.
AI summary
SWIFT, Red Hat Summit 2026’da Ansible playbook’larını nasıl modernize ettiğini ve binlerce otomasyonu güvenli şekilde yönetebildiğini açıkladı. İşte detaylar ve alınan dersler.
