Empowering DevSecOps Value Streams in the Cloud with JFrog and ServiceNow

Customer Success Story with JFrog and ServiceNow

COMPANY

The company serves customers worldwide to provide insurance, wealth management, estate and retirement planning, and investment services. Among the largest mutual insurers in the U.S, the company maintains a AA+ rating from Standard and Poors with over $700B in assets under management, 11,000 employees and 12,000 agents.

CHALLENGES

The insurance enterprise relies on in-house financial services technology to collect sensitive data, identify coverage risk, and accelerate the underwriting process. This demands empowering the developer, security, and operations value streams to speed production of safe, quality software.

Holding them back were disconnected, often manually triggered processes to advance release candidates through testing, validation, and deployment. This was an obstacle to adopting uniform best practices and a consistent security posture across the organization at scale. In addition, operations teams were burdened with maintaining on-premises, self-managed systems that siphoned capacity to focus on enhancing DevOps processes.

RESULTS

For their cloud-first digital transformation, the company set up a JFrog Enterprise cloud (SaaS) account on AWS within minutes. The JFrog-managed account helped reduce their hardware footprint, and provides a secure, private, and highly available artifact management service that is always up-to-date and backed up for disaster recovery. “We don’t have to worry about reliability, this is very nicely handled by JFrog.”

JFrog Xray rapidly enabled an organization-wide security posture against vulnerabilities and license conflicts, reducing risks throughout their software supply chain. “With Xray, we can scan for any kind of vulnerability that has come in.”

The company further empowers their value stream with a ServiceNow workflow management solution. Xray identifies threat alerts through the JFrog ServiceNow Spoke, and continuous integration (CI) servers promoting builds to production repositories in Artifactory, trigger ServiceNow to drive final phases of validation and deployment.

ServiceNow deployment

Their JFrog-powered DevSecOps processes have also enabled rapid integration of recent acquisitions. Ready for future expansion, “We don’t have to worry if another M&A comes into play.”

“JFrog Enterprise has been very helpful for us; Artifactory is the lifeline for our CI/CD pipelines and, with Xray, is our strategic direction for binary management.”
-Corporate Vice President, Head of Application Service Management


INDUSTRY

Insurance and Investment Services

PROBLEM

  • On-premises self-hosting requires large hardware footprint
  • Cost and time of self-managing updates
  • Must self-guarantee SLA and provide disaster recovery
  • Supply chain risks not fully known or mitigated
  • Manual processes for final validation and deployment

RESULTS

  • Rapid modernization to a cloud-first strategy
  • Reduced maintenance overhead from SaaS, leaving more time to focus on pipeline and DevOps enhancements
  • Reliability to 99.9% (“three-nines”) SLA, with disaster recovery
  • Software supply chain security through Software Composition Analysis scanning for vulnerabilities and license policy compliance
  • Support scale and growth by merger and acquisition with business continuity
  • Amplified threat visibility and automated response to open source risks through ServiceNow
  • Empowered value streams, automating final validation and deployment with ServiceNow

SOLUTIONS

JFrog Artifactory
JFrog Xray
ServiceNow

Release Fast Or Die