CyberArk Case Studies European Bank's DevSecOps Cloud-Based Initiative with SIGHUP and CyberArk

Edit This Case Study Record

	European Bank's DevSecOps Cloud-Based Initiative with SIGHUP and CyberArk CyberArk

European Bank's DevSecOps Cloud-Based Initiative with SIGHUP and CyberArk

CyberArk

Technology Category	Cybersecurity & Privacy - Cloud Security Infrastructure as a Service (IaaS) - Cloud Databases
Applicable Industries	Finance & Insurance National Security & Defense
Applicable Functions	Product Research & Development
Use Cases	Cybersecurity Tamper Detection
Services	Cloud Planning, Design & Implementation Services System Integration
Challenge	A leading European bank, serving over ten million customers, was looking to enhance its digital banking services with Kubernetes and cloud-native computing environments. However, with the increased digitization of services, security became a paramount concern for the bank’s stakeholders and clients. As the bank initiated its journey to the cloud, it adopted a variety of cloud-based technologies to rapidly address and respond to new business needs, such as providing customers with secure home banking services and secure apps for mobile phones. The bank realized that adopting cloud and related open-source technologies came with a price in terms of management and security constraints. One of the most critical aspects of the cloud journey was how to properly manage identities and secrets (privileged credentials or grants) across different cloud services. Managing secrets across different cloud and hybrid services are typically a pain point in every organization’s cloud journey. Read More
About Customer	The customer is a leading European bank that serves more than ten million customers. The bank was looking to enhance its digital banking services with Kubernetes and cloud-native computing environments. However, with the increased digitization of services, security became a paramount concern for the bank’s stakeholders and clients. The bank initiated its journey to the cloud and adopted a variety of cloud-based technologies to rapidly address and respond to new business needs, such as providing customers with secure home banking services and secure apps for mobile phones. The bank realized that adopting cloud and related open-source technologies came with a price in terms of management and security constraints. Read More
Solution	The bank decided to engage an external engineering firm with specialized expertise that could support and lead the bank in designing, selecting and deploying a secrets management platform to address the bank’s immediate and future needs. The bank leveraged SIGHUP to provide the necessary guidance and expertise. SIGHUP recommended the implementation of Conjur Secrets Manager Enterprise from CyberArk, which enables DevOps and infrastructure teams to safely manage secrets access and generate identities for the related workloads. Conjur was selected because it helps simplify application development with one centralized secrets management service to control and audit access. It also ensures robust authorization, supports enterprise scale and availability and provides an extensive integration library. The project’s second stage focused on aligning requirements with each business user to ensure compatibility with Conjur and the bank’s cloud-native security policies. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Cloud Security

Infrastructure as a Service (IaaS) - Cloud Databases

Applicable Industries

Finance & Insurance

National Security & Defense

Applicable Functions

Product Research & Development

Use Cases

Cybersecurity

Tamper Detection

Services

Cloud Planning, Design & Implementation Services

System Integration

Challenge

A leading European bank, serving over ten million customers, was looking to enhance its digital banking services with Kubernetes and cloud-native computing environments. However, with the increased digitization of services, security became a paramount concern for the bank’s stakeholders and clients. As the bank initiated its journey to the cloud, it adopted a variety of cloud-based technologies to rapidly address and respond to new business needs, such as providing customers with secure home banking services and secure apps for mobile phones. The bank realized that adopting cloud and related open-source technologies came with a price in terms of management and security constraints. One of the most critical aspects of the cloud journey was how to properly manage identities and secrets (privileged credentials or grants) across different cloud services. Managing secrets across different cloud and hybrid services are typically a pain point in every organization’s cloud journey.

About Customer

The customer is a leading European bank that serves more than ten million customers. The bank was looking to enhance its digital banking services with Kubernetes and cloud-native computing environments. However, with the increased digitization of services, security became a paramount concern for the bank’s stakeholders and clients. The bank initiated its journey to the cloud and adopted a variety of cloud-based technologies to rapidly address and respond to new business needs, such as providing customers with secure home banking services and secure apps for mobile phones. The bank realized that adopting cloud and related open-source technologies came with a price in terms of management and security constraints.

Solution

The bank decided to engage an external engineering firm with specialized expertise that could support and lead the bank in designing, selecting and deploying a secrets management platform to address the bank’s immediate and future needs. The bank leveraged SIGHUP to provide the necessary guidance and expertise. SIGHUP recommended the implementation of Conjur Secrets Manager Enterprise from CyberArk, which enables DevOps and infrastructure teams to safely manage secrets access and generate identities for the related workloads. Conjur was selected because it helps simplify application development with one centralized secrets management service to control and audit access. It also ensures robust authorization, supports enterprise scale and availability and provides an extensive integration library. The project’s second stage focused on aligning requirements with each business user to ensure compatibility with Conjur and the bank’s cloud-native security policies.

Impact #1	The bank has been able to establish a robust engagement and increased awareness of DevSecOps best practices. The bank established a long-term relationship with SIGHUP and CyberArk, who continue to work closely with the bank’s DevSecOps team to maintain security standards and to ensure that every new project adheres to internal security policies. The bank has enabled the organization to increasingly embrace DevOps and DevSecOps methodologies while adopting a “shift left” approach – so that security is considered earlier in the process. The bank has also embraced a “policy as a code” approach, which made security configuration parameters declarative, versionable and repeatable. The bank has established centralized audit records for all authorization events and secrets operations, avoiding the typical security islands approach of multi-cloud/platform scenario.

Impact #1

The bank has been able to establish a robust engagement and increased awareness of DevSecOps best practices. The bank established a long-term relationship with SIGHUP and CyberArk, who continue to work closely with the bank’s DevSecOps team to maintain security standards and to ensure that every new project adheres to internal security policies. The bank has enabled the organization to increasingly embrace DevOps and DevSecOps methodologies while adopting a “shift left” approach – so that security is considered earlier in the process. The bank has also embraced a “policy as a code” approach, which made security configuration parameters declarative, versionable and repeatable. The bank has established centralized audit records for all authorization events and secrets operations, avoiding the typical security islands approach of multi-cloud/platform scenario.

Benefit #1	Fully managed security in a cloud-based environment within six months
Benefit #2	Registered an 80% increase in adoption of DevSecOps practices within the last two years

Benefit #1

Fully managed security in a cloud-based environment within six months

Benefit #2

Registered an 80% increase in adoption of DevSecOps practices within the last two years

Download PDF Version

Overview

European Bank's DevSecOps Cloud-Based Initiative with SIGHUP and CyberArk

Operational Impact

Quantitative Benefit