Security was becoming increasingly important for one of the 10 largest banks in the world as it embarked on a process of Digital Transformation to streamline its domestic and international business.
The bank provides a fully integrated suite of financial products and services including retail, business and institutional banking, funds management, insurance, investment and brokerage services, and has more than 1,000 branches worldwide, 5,000 ATMs, over 50,000 employees, and millions of customers.
The head of the Application Security (AppSec) organization at the bank was responsible for establishing and executing the bank’s AppSec capabilities and integrating security in software development. Over the last few years, the AppSec team has depended on static tools to ensure the security of the software they develop in-house.
Changes in technology and the evolving threat landscape had motivated the bank to boost its defenses - requiring a
The changing technology challenges that the bank faced could be attributed to “Digital Transformation” - with software at the heart of this major shift. The bank had utilized the latest software methodologies to transform the way they ran their businesses – better customer experiences, business efficiencies, time and cost optimization. Most importantly, the bank wanted to stay relevant and competitive in the changing digital environment.
As part of its brand and reputation, the bank delivers seamless customer experiences, in smart and innovative ways and has a reputation for excellent customer experiences, service
The organization’s software had been developed and released at an increasingly rapid pace since the development team had combined Agile sprints with DevOps methodologies. As a result, the bank innovated faster, realized greater efficiencies and differentiated its products and services.
But, continually rolling out software at a faster rate introduces potential vulnerabilities and greater business risk. It became key for the bank to manage and balance between speed and risk.
The head of the AppSec team found that some of the bank’s current AppSec tools and processes were inadequate in addressing the issues that he faced.
That gap was placing a strain on the workload of his developers:
It was clear to the bank that they needed to move toward more Agile security processes.
We compared offerings from several leading AppSec testing suppliers. Contrast Security proved to be the most attractive, being the right tool for the right job.
Head of Application Security
The ease of using Contrast Assess allowed the team to seamlessly integrate into their Agile and DevOps SDLC processes while enhancing their current security posture.
Contrast Assess provided highly accurate results for developers without the dependence on experts for triage.
The bank currently has over 4,000 developers - comprised of internal staff, third parties and outsourced consultants including Penetration Testers (pen testers). These groups focus on the continuous development, release, maintenance, and security of thousands of applications. The applications are a combination of internally developed software and off the shelf Open Source Software (OSS).
The bank had been rapidly moving toward using microservices for the platforms used by the banks numerous business units. The platforms are used across multiple business units and composed of numerous microservices - these include the bank’s Flagship customer retail banking internet platform, as well as their business banking and digital asset platforms.
Users really like and rely on the Contrast product heavily. Since developers have been using Contrast and learning more about application security vulnerabilities, we have seen a significant reduction in the number of identified vulnerabilities. Contrast gives us a much greater assurance about the quality and security of our code.
The organization realized that software releases can be negatively impacted if code vulnerabilities are identified toward the end of the SDLC. This adds to increased delays and significant cost to remediate. At the bank, security practices need to keep pace with software development in Agile and DevOps environments. This shifts security from being a bottleneck to an enabler.
Contrast has provided the bank with security that ts with continuous integration and delivery (CI/CD), microservices and other development processes.
We wanted to automate and streamline our application security testing without having it slow us down in our continuous development environment.
By intersecting development, security, and operations, the bank successfully implemented a continuous and efficient way to roll out secure code. Furthermore, the software can now be created and deployed much faster, without compromising security – at the speed of Agile and DevOps.
The bank can now focus on remaining highly agile, developing quality code while mitigating software risk.
Customer Business Benefits: