The Client is one of the world’s largest banking and financial services organizations. They offer services in the areas of Commercial Banking, Retail Banking etc. The client is present across countries in Europe, Asia, Middle East, Africa, North America, Latin America etc.
As part of digital transformation initiative, client was looking to automate the customer onboarding process. As part of this process, there were several client applications that were integrated with tax-regulatory application to avoid manual data entries. API enablement, not only helped eliminate the manual intervention but also reduce time to market by approximately 98%.
Key Challenges
The tax-regulatory application followed the microservices architecture and was deployed on different application servers. Although UI layer is secured by proper security policies, the underline communication to different microservices didn’t have any security policies
- Existence of insufficient security policies, users with basic developer tools could have been able to access/modify/delete customer information anonymously. More than 5.5 million customer data from 35+ countries were at risk due to inadequate security policies
- This could have caused reconciliation breaks in year-end regulatory audits and could have also caused reputation loss for the bank
- Integration with other applications was difficult which was impacting time to market since other applications were requiring manual intervention from back office systems for data entry causing overall delay by a couple of hours
Ready to experience?
TALK TO EXPERTS
The Solution
The Infosys Methodology
- As part of strategic fix, Infosys proposed to introduce API gateway between UI layer and microservices. This would be the entry point for all microservices and would act as single point of authentication and authorization
- Mule gateway from client’s technology stack was used for building the gateway layer
- Best practices of Mule gateway for authentication, traffic control, analytics, monitoring, transformations, logging and other security features were leveraged
Building an Integrated foundation Approach
- Effective implementation of API gateway enabled usage of heterogeneous technologies & secured communication protocols in microservices
- Involved identification of security risks and establishing security governance using API Gateway
Benefits
Enhanced security features strengthened the online platform security and reduced security risk of the application platform. The platform is now 100% secure
Due to secure API enablement, fixing of the manual processes are totally eliminated and also resulted in savings of USD 100K
Due to secured APIs enablement, back office dependency has been removed completely. This reduced time to market by approximately 98%
Integration of API testing with DevOps pipeline ensured quality and zero-defect deliverables
Proactive identification and fixing of the security flaw ensured preserving reputation
