Contrast Security Case Studies Integrating Application Security into Software Development Life Cycle: A Case Study of Envestnet | Yodlee

Edit This Case Study Record

	Integrating Application Security into Software Development Life Cycle: A Case Study of Envestnet \| Yodlee Contrast Security

Integrating Application Security into Software Development Life Cycle: A Case Study of Envestnet | Yodlee

Contrast Security

Technology Category	Cybersecurity & Privacy - Application Security Platform as a Service (PaaS) - Application Development Platforms
Applicable Industries	Equipment & Machinery National Security & Defense
Applicable Functions	Product Research & Development Quality Assurance
Use Cases	Experimentation Automation Tamper Detection
Services	System Integration Testing & Certification
Challenge	Envestnet \| Yodlee, a leading data aggregation and data analytics platform for digital financial services, faced the challenge of seamlessly and cost-effectively aiding developers in identifying and fixing application security vulnerabilities within their code early in the Software Development Life Cycle (SDLC). The company also aimed to reduce the burden that development and security practitioners encounter by reducing the number of false positives reported. As a fintech company, security is paramount for Envestnet \| Yodlee, and they needed to ensure that every product on its platform met the most stringent security and compliance requirements. The company periodically conducted code reviews to ensure there were no vulnerabilities, but they wanted a better solution that could reduce the number of false positives, as triaging them wasted time and reduced efficiency. They also desired a security solution that could scale, augment and seamlessly integrate with the current toolset. Read More
About Customer	Envestnet \| Yodlee is a leading data aggregation and data analytics platform powering dynamic, cloud-based innovation for digital financial services. The company serves more than 1,000 companies, including 13 of the 20 largest U.S. banks and hundreds of Internet services companies. These companies subscribe to the Envestnet \| Yodlee platform to power personalized financial apps and services for millions of consumers. Envestnet \| Yodlee solutions help transform the speed and delivery of financial innovation, improve digital customer experiences, and drive better outcomes for clients and their customers. The company is supervised and examined by the Office of the Controller of Currency (OCC) and all major banking regulators, and has undergone nearly 200 audits by financial institutions over a recent 24-month period. Read More
Solution	Envestnet \| Yodlee adopted Contrast Assess to aid its development and application security teams by weaving security into its DevSecOps methodologies. The company also used Contrast to supplement Penetration Testing. Contrast Assess was used to supplement Envestnet \| Yodlee’s Penetration Testing tools. Contrast’s dashboard and reports were shared with internal Penetration Testing team members, highlighting key vulnerabilities and providing immediate and actionable recommendations to triage. Contrast Security utilized the AWS Core Cloud Services such as EC2, Auto Scaling Groups, VPC, and RDS to provide High Availability and Elastic Scalability to meet the changing security workloads of Envestnet \| Yodlee. AWS Encryption Services, such as Key Management Services and Amazon Certificate Manager, were used to keep data confidential in transit and at rest. Contrast Security also leveraged AWS Lambda serverless solutions to build cloud native products that power data intelligence feeds to their customers worldwide. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Application Security

Platform as a Service (PaaS) - Application Development Platforms

Applicable Industries

Equipment & Machinery

National Security & Defense

Applicable Functions

Product Research & Development

Quality Assurance

Use Cases

Experimentation Automation

Tamper Detection

Services

System Integration

Testing & Certification

Challenge

Envestnet | Yodlee, a leading data aggregation and data analytics platform for digital financial services, faced the challenge of seamlessly and cost-effectively aiding developers in identifying and fixing application security vulnerabilities within their code early in the Software Development Life Cycle (SDLC). The company also aimed to reduce the burden that development and security practitioners encounter by reducing the number of false positives reported. As a fintech company, security is paramount for Envestnet | Yodlee, and they needed to ensure that every product on its platform met the most stringent security and compliance requirements. The company periodically conducted code reviews to ensure there were no vulnerabilities, but they wanted a better solution that could reduce the number of false positives, as triaging them wasted time and reduced efficiency. They also desired a security solution that could scale, augment and seamlessly integrate with the current toolset.

About Customer

Envestnet | Yodlee is a leading data aggregation and data analytics platform powering dynamic, cloud-based innovation for digital financial services. The company serves more than 1,000 companies, including 13 of the 20 largest U.S. banks and hundreds of Internet services companies. These companies subscribe to the Envestnet | Yodlee platform to power personalized financial apps and services for millions of consumers. Envestnet | Yodlee solutions help transform the speed and delivery of financial innovation, improve digital customer experiences, and drive better outcomes for clients and their customers. The company is supervised and examined by the Office of the Controller of Currency (OCC) and all major banking regulators, and has undergone nearly 200 audits by financial institutions over a recent 24-month period.

Solution

Envestnet | Yodlee adopted Contrast Assess to aid its development and application security teams by weaving security into its DevSecOps methodologies. The company also used Contrast to supplement Penetration Testing. Contrast Assess was used to supplement Envestnet | Yodlee’s Penetration Testing tools. Contrast’s dashboard and reports were shared with internal Penetration Testing team members, highlighting key vulnerabilities and providing immediate and actionable recommendations to triage. Contrast Security utilized the AWS Core Cloud Services such as EC2, Auto Scaling Groups, VPC, and RDS to provide High Availability and Elastic Scalability to meet the changing security workloads of Envestnet | Yodlee. AWS Encryption Services, such as Key Management Services and Amazon Certificate Manager, were used to keep data confidential in transit and at rest. Contrast Security also leveraged AWS Lambda serverless solutions to build cloud native products that power data intelligence feeds to their customers worldwide.

Impact #1	The implementation of Contrast Assess as part of their DevSecOps initiatives enabled Envestnet \| Yodlee to further integrate security into existing Agile and DevOps workflows and tools. This allowed Envestnet \| Yodlee to bring their secure financial software solutions to market faster and with greater confidence. Security was woven into daily coding practices, which not only increased developer productivity but also reduced the number of time-wasting false positives. The use of AWS services provided the flexibility, reliability, and scalability that Envestnet \| Yodlee needed to launch and integrate new applications quickly and effectively, accelerating time-to-market and providing a key competitive advantage.

Impact #1

The implementation of Contrast Assess as part of their DevSecOps initiatives enabled Envestnet | Yodlee to further integrate security into existing Agile and DevOps workflows and tools. This allowed Envestnet | Yodlee to bring their secure financial software solutions to market faster and with greater confidence. Security was woven into daily coding practices, which not only increased developer productivity but also reduced the number of time-wasting false positives. The use of AWS services provided the flexibility, reliability, and scalability that Envestnet | Yodlee needed to launch and integrate new applications quickly and effectively, accelerating time-to-market and providing a key competitive advantage.

Benefit #1	Significant reduction in the number of time-wasting false positives
Benefit #2	Increased developer productivity through reduced test-fix-redeploy cycle times
Benefit #3	Reduced Penetration Testing costs

Benefit #1

Significant reduction in the number of time-wasting false positives

Benefit #2

Increased developer productivity through reduced test-fix-redeploy cycle times

Benefit #3

Reduced Penetration Testing costs

Download PDF Version

Overview

Integrating Application Security into Software Development Life Cycle: A Case Study of Envestnet | Yodlee

Operational Impact

Quantitative Benefit