Fintech Company Streamlines Software Supply Chain Management for Enhanced Security

Company Overview

This financial services technology company is a premier developer and operator of electronic marketplaces. It provides cutting-edge technology and a wide array of data solutions to its institutional, wholesale, and retail market participants. A publicly traded company, it connects thousands of clients across a worldwide network that includes major banks, asset managers, hedge funds, insurance companies, wealth managers, and retail clients.

The organization has been leveraging the JFrog Platform since 2014. Recently, a new era of company leadership has led to their expanding JFrog usage — particularly around security efforts.

Challenges

Fintech is a highly regulated industry and is often targeted by malicious actors. To meet legal regulations and protect themselves against the high risk of exploitation, Fintech companies tend to be on the leading edge of technology, development, and security, and therefore faster to adopt cutting-edge technoJFrog’s advanced automation makes it easier for developers to store, protect, and retrieve source code, binaries, libraries, and dependencies.nagement, and multiple other security tools for triaging vulnerabilities. This created two distinct issues for the team:

• Chaotic and duplicative signals: The team had to train hundreds of developers on every tool, and each tool uses a different language and signals vulnerabilities differently. Because of this, the team was having to sift through a lot of noise to try and parse out which signals were most important and needed attention.
• Security had limited oversight and control: Because the Development team owned their instance of JFrog Artifactory, there were disconnects that made it difficult for the Security team to enforce shift-left protocols, and nearly impossible to conduct clean end-to-end traceability and visibility for security management. The security team wasn’t able to control the flow of binaries — and if you don’t control it, you can’t secure it.

Solution

Transferring technical ownership of the JFrog Platform from the DevOps team to the Security team, and expanding their use of the JFrog Security solutions, improved the Fintech company’s efficiency by aligning development and security efforts. Their long-term goals include consolidating many of their current security solutions with JFrog Xray, JFrog Curation, and JFrog Advanced Security.

• Enforceable Shift-left Security Policies: By taking over the company’s Artifactory license and applying JFrog Curation, the team was finally able to screen for malicious and risky packages as well as open-source vulnerabilities even before they entered their development environment.
• Streamlined Security: Adopting JFrog Advanced Security made security a significantly more automated, streamlined, and scalable process with efficient detection and remediation of exposed secrets, and vulnerabilities in source code, binaries, and containers.
• Improved Auditability & Traceability: By uniting their development and security efforts under a unified platform, they gained a single source of truth for greater scalability, traceability, and auditability.

JFrog Architecture for Fintech Company

Results

In essence, their expanded use of the JFrog Platform enabled:

• Tool consolidation – The platform eliminates the need for multiple disjointed security tools and simplifies the development process for improved productivity.
• End-to-end security – The platform incorporates security into the full software development lifecycle with features such as source code and binary vulnerability scanning, license compliance, access control, and proactive risk mitigation.
• Auditability & traceability – The platform provides enhanced visibility into the software supply chain, enabling more effective oversight by the security team.

Not only did The JFrog Platform provide a technical solution for consolidating development and security practices, but it also set the stage for these crucial business achievements:

• Reduced redundancy
• Streamlined operations
• Ability to scale security

All these enhancements together aligned the teams at the Fintech organization, enabling them to weave an end-to-end story. Before joining their DevOps and security efforts within the JFrog Platform, the team struggled to enforce shift-left security processes, couldn’t get full traceability and visibility for security management, and had a patchwork system of multiple vendors to meet various needs — all of which created a disjointed system, often yielding redundancy and noise.

With the JFrog Platform now under the ownership of the Security team, they can finally standardize security scanning and remediation pathways, gain detailed and actionable visibility into attestation trails, and streamline workflows through a single source of truth for repeatable, scalable, and secure development practices.

We invite DevOps and security professionals from the financial services industry to take a product tour or start a free trial to see how the JFrog Platform transforms enterprise software development.

Products
The JFrog Platform, JFrog Artifactory, JFrog Xray, JFrog Advanced Security, JFrog Curation

JFrog Services
Professional Services

Additional Resources
White Paper:       The Definitive Guide to Securing the Software Supply Chain
Solution Sheet:   Software Supply Chain Platform for Financial Services
Case Study:          Leading Financial Services Company Scales Enterprise Software with the JFrog Platform