A large European retail serves clients in the retail, private banking and corporate banking sectors with primary focus on Northwest Europe. The bank understands the need to keep innovating and improving both their products and their organization to stay ahead of the competition. With disruption from the advent of Fintechs and new age digital banks, traditional banking business models are necessarily undergoing a huge transformation.
With a Faster pace of digital disruption, the product deliveries to be done at speed and scale with robust Security. It became imperative to address incessant problems with Tooling, Manual processes and inefficiencies that slow down the releases. Infosys helped the bank achieve Zero Touch Deployment along with a strong security check early in the lifecycle by integrating Security in their DevOps pipeline.
Key Challenges
- Manual Security Scans were done post deployment, resulting in security issues, being identified late
- Limited security knowledge within the team increased dependency on Security SMEs
- Lack of centralized governance model resulted in inconsistencies in tools adoption and enforcement of Security Scan rules across enterprise
- Need for increased security compliance due to adoption of OSS libraries
- The bank is in the middle of transition to CI/CD, multi-cloud, containerization and more secure practices. This has necessitated increased focus on Container security and secrets management
Ready to experience?
TALK TO EXPERTS
The Solution
Agile and Automation Based Solution Deployed
- Embed DevOps security checks, build breakers and quality Gates as part of CI CD pipeline
- Secure application coding practices
- Incremental scans for every incremental code checks
- Open source policy
- Improved Secret management with the usage of HashiCorp Vault
- Automated Onboarding pipeline
- Automated security scans with tools like OWASP ZAP, Fortify and Nexus Lifecycle
- Twistlock for Container security leveraged
Infosys Methodology
- Putting security early in lifecycle, Sec SME and tools are involved early in SDLC
- Boot camps conducted on security practices
- Multi skilling of development teams in Security coding practices and security vulnerability checks
Benefits
Improved code quality & secure coding issues reduced by more than 50%
Greater coverage of security checks and security included as input for future state decisions
Reduced vulnerabilities after introduction of build breakers and Quality Gates
Automated compliance checks in place resulting in increased confidence
Alignment of the teams towards security best practices due to automated tools and early feedback
