Leading Financial Services Company Enhances Software Development Security and Efficiency with JFrog

7M
Number of customers		 $150K+
Reduction in annual costs		 20%
Reduction in time fixing vulnerabilities 
Integrated security at every stage of the development lifecycle Single system of record for secure, automated software releases End-to-end auditing and tracing of software artifacts

 

The company was at a crossroads with their software development lifecycle, facing inefficiencies, security gaps, and the challenges of managing a fragmented toolset. They needed a solution to modernize processes, reduce costs, and improve developer productivity. The team chose the JFrog Software Supply Chain Platform, including JFrog Advanced Security and JFrog Curation, to address these needs. The results: streamlined workflows, improved risk management, and enhanced security posture.

 

Download

COMPANY

Founded in 1993, this leading financial services company has grown into one of the UK’s most recognizable insurance brands, serving over 7 million customers across its various offerings including car insurance, home insurance, and personal loans.

Known for its innovative approach, the company was one of the pioneers of the multi-car insurance model, which allows families to insure multiple vehicles under a single policy, offering convenience and cost savings. They are committed to fostering a strong corporate culture, emphasizing employee well-being, inclusivity, and sustainability.

CHALLENGE

When facing escalating costs and outdated tools, the company sought a transformative solution to modernize their software development lifecycle. The legacy setup – stitching together point solutions – required costly maintenance and lacked the agility and security required to support modern development practices. Critical gaps included:

  • Limited functionality: Legacy tools did not support modern pipelines or newer technologies like Java 17.
  • Tool sprawl: Multiple point solutions used for binary management increased complexity and costs.
  • Security risks: Vulnerabilities went unaddressed due to ineffective tools and lack of blocking capabilities.

Faced with an increasingly complex and competitive landscape, the company sought to adopt modern DevSecOps practices to optimize workflows, improve product security, and maintain their leadership position. Key to this transformation was finding a comprehensive toolset to support their evolving needs.

SOLUTION

After an extensive evaluation process, JFrog emerged as the clear choice. Key differentiators included:

  • Seamless integration of Software Composition Analysis (SCA) and binary management.
  • Terraform support and robust IDE integration, enabling engineers to address vulnerabilities before pushing code.
  • A single platform to consolidate multiple tools, reducing overhead and enhancing productivity.

The JFrog Platform, with its Advanced Security and Curation offerings, is an end-to-end solution that not only addressed these challenges but also delivered unmatched value, enabling seamless tool consolidation, enhanced security, and efficiency at scale.

Here is how the team leverages the JFrog Platform:

  • JFrog Artifactory: JFrog Artifactory is used as a centralized repository manager for storing and managing build artifacts across their SDLC. It integrates with their CI/CD pipeline, enabling efficient storage, versioning, and distribution of software components. Artifactory supports multiple technologies and helps reduce build times while enhancing collaboration across engineering teams.
  • JFrog Xray: The team uses JFrog Xray for security scanning of their artifacts. Xray detects vulnerabilities and compliance issues within dependencies, integrating into the CI/CD pipeline to catch security flaws early. It also scans non-Java components like Python, addressing gaps in the team’s previous toolset and improving overall security visibility.
  • JFrog Advanced Security: The team leverages JFrog Advanced Security for in-depth vulnerability scanning and risk management. Advanced Security detects and blocks hard-coded secrets, and provides contextual analysis to prioritize risks. Integrated early in the SDLC, its SAST capabilities ensure security is addressed before code reaches production, improving overall security posture.
“JFrog’s Advanced Security exposed legacy issues we didn’t even know existed, like hard-coded secrets, improving our risk posture overnight.”

– Senior Chapter Lead
Leading Financial Services Company

 

  • JFrog Curation: JFrog Curation helps the team automatically and proactively block malicious packages and those that fall outside of security policy from being brought in by developers. It provides a detailed audit log of what is being brought into the software supply chain and by whom.

 

 

The JFrog Platform serves as a single source of truth, providing full traceability and visibility into artifacts, improving security by detecting issues like version discrepancies, and enforcing consistent deployment practices.

“Blocking malicious packages from day one with JFrog Curation has been a game-changer, ensuring only the safest components entire our pipelines.”

 

RESULTS

The team’s journey with JFrog highlights the transformative power of modern DevSecOps practices. By adopting the JFrog Platform with Advanced Security and Curation, they not only addressed immediate challenges but also positioned themselves for long-term success in an ever-evolving technological landscape. Additionally, with JFrog Professional Services, the team was able to achieve adoption within two months.

Key benefits include:

  • Enhanced Security Posture: By leveraging real-time blocking policies, the team can identify and mitigate vulnerabilities as they arise, ensuring proactive protection and drastically improving visibility. With JFrog, security is now seamlessly integrated into every stage of development, providing end-to-end traceability and enabling the team to maintain a robust security framework.
  • Increased Efficiency: The JFrog Platform has helped streamline development operation, allowing faster updates through centralized Terraform configuration. JFrog’s cloud-based solution reduced maintenance costs and provided scalability. With centralized security controls and automated blocking of malicious packages, engineers now follow better processes to manage dependencies reducing risk.
  • Improved Compliance and Risk Management: The JFrog Platform provides the team with a single source of truth for secure, automated software releases, minimizing risks and ensuring full compliance with regulatory standards. This has bolstered the team’s ability to deliver trusted, high-quality software to its customers. By capturing signed evidence of all actions against immutable releases, the company has established a reliable audit trail that ensures accountability.
“The visibility and control we’ve gained with JFrog have revolutionized how we manage third-party dependencies, leading to a more secure and compliant ecosystem.”

 

  • Single Source of Truth: The JFrog Platform has become the single system of record for all software releases, ensuring that only tested and verified packages are deployed. This consistency eliminates issues where teams were inadvertently deploying different versions to production, improving the integrity of their deployments.

 

 

“With JFrog, we consolidated multiple tools into one powerful platform, saving significant time and resources while enabling our engineers to focus on innovation.”

 

  • Scalability and Time-to-Market: By consolidating their tools and automating many manual processes, the development team has improved their time-to-market, ensuring faster and more secure deliver of their services to customers.

 

 

“The flexibility and efficiency gained through JFrog have transformed our development process, cutting costs and accelerating delivery timelines.”

 

  • Secure distribution between environments: JFrog Distribution overcame network constraints and maintained consistency and security throughout the development lifecycle by securely deploying artifacts to a variety of environments.

 

 

The JFrog Software Supply Chain Platform

We invite Financial Services professionals to schedule a one-on-one demo to see how the JFrog Platform transforms DevOps and Security across their organizations.

Products
The JFrog Platform, JFrog Artifactory, JFrog Xray, JFrog Advanced Security, JFrog Curation

Partner
Google Cloud

Additional Resources
White Paper:  The Definitive Guide to Securing the Software Supply Chain
Solution Sheet:  The JFrog Software Supply Chain Platform
Page: Trusted Software Delivery for Financial Services Software Supply Chains

Release Fast Or Die

Start Free