Development of an IT security tool for the financial sector
How we developed a self-service tool for IT security.
Highest security standards in the financial sector
IT in the financial sector is a major challenge for in-house teams and service providers. IT security does not just play a secondary role here. Because wherever financial transactions are processed and documented, a large number of hacking attacks take place every day. In addition to actively combating these attacks, financial companies must also ensure that each individual application is as low-risk as possible.
Our customer – a medium-sized international bank – therefore worked with consultants from birkle IT on a self-service solution for automatic code analysis.
The challenge: identifying security gaps before they occur
Security gaps in the financial sector can cost a lot of money. Ensuring sufficient IT security is also a regulatory issue. BaFin regularly checks whether financial institutions are fulfilling their duty of care in this area. According to the european central bank the area of it security still gets a raw deal.
Our customer recognized the need to tackle the issue systematically and launched a project that represents a real game changer. The “code checker tool” to be developed is intended to check every single line of code written – both internally and externally – for compliance with minimum standards. Experts from birkle IT were actively involved in the development of this tool.
These were the requirements:
- Web application or application accessible from both internally and externally
- Connection and integration with multiple IDE software
- Checking different code languages for compliance with standards
- Self-service: easy use of the tool without extensive training by the developers themselves
The development phase: defining and applying standards
Together with an international group of experts, the birkle IT consultants draw up a catalog of requirements for the IT security check, which is based on the OWASP (Open Web Application Security Project) Foundation rules. The OWASP Mobile Application Security (MAS) is recognized throughout Europe as the standard in the field of IT security for web applications.
In addition to the classic rules such as defense in depth, end-to-end security, minimalism and modularity, the customer defined further standards that the tool was to test individually.
The implementation: A flagship in IT security
The application co-developed by birkle IT ultimately comprised a multi-page catalog of test measures that are applied to the respective code by the software. This means that external service providers can be checked in the same way as the results of in-house IT groups. No application goes live that does not meet the minimum IT security standards.
This is a big step for the security of the customer’s financial transactions and data. Even if it only represents part of the overall BaFin measures required.
After the release of the “Codechecker Program”, the bank was able to close several security gaps in the process within a very short time, which might otherwise have only become apparent later. The costs alone that a security gap in this area would have caused represent a significant return on investment for the project.
Understanding the finance sector
The benefit: A long-term safety device
In addition to ongoing operations and selective IT security projects, the introduction of the “Codechecker Tool” is a long-term investment in structural IT security. We at birkle IT AG are proud to bring top IT security experts to projects throughout Europe with our innovation hubs in the Baltic States and Vilnius – a popular fintech location – and thus contribute to the security and competitiveness of our European domestic economy.
.
Contact Us!
Your contact person for finance-related topics
Max Benjamin Fuchs
Senior Corporate Development Manager