Background Information
The Client is a multinational banking and financial services corporation headquartered in Europe. Its primary businesses are retail banking, direct banking, commercial banking, investment banking, wholesale banking, private banking, asset management, and insurance services. it is one of the biggest banks in the world, and consistently ranks among the top 30 largest banks globally. In Malaysia it operates various insurance, financial and investment services, at the time for the project delivery.
Due to business IT quality assurance and process improvement initiative, The Client seeks for end to end web application software quality control and assurance solutions that are capable to automate and integrate into their existing workflow process and minimize exploitable vulnerabilities before hackers do.
Before The Client engages E-SPIN Group, within the region, they fail the regional regulatory compliance as per their regional headquarter requirements from the external penetration testing. As per the internal requirement they need to remediate within a quarter time frame.
Another challenge The Client facing is programming languages transitioning from classic ASP to dotnet, the seven enterprise applications developed in the mix of the code deployed to support (include enterprise applications that support agency business). The Client is look for the solution provider no just for assist them to deliver application security testing tool and system to improve the security assurance (SA), but also step in and outsource the mitigation module development to deliver as new module to plug into their existing enterprise application to mitigate the existing behavior, as well as provide full project management, from deployment, training and knowledge transfer, and software maintenance during the project duration.
Solution Overview
Proposed solution include leading web site and web application security and vulnerability scanning, auditing and reporting system licenses for unlimited internal IP scanning and reporting; software warranty and ongoing vulnerability signature update subscription, project deployment, product system administration training and knowledge transfer, operation consulting, project coaching, process integration and automation, local technical support and maintenance subscription as single package solution to resolve current technology, risk compliance and process improvement challenges.
Solution Architecture
Single package solution that design and develop to address client business IT and operation requirements and deliver better technologies, process, policy and procedures, people skill set, knowledge and ability, full empowering support service from consulting, coaching, custom built risk mitigation and fixing module software development, product system administration training and knowledge transfer, to process integration and automation.
Solution Benefits
- Immediate cost saving by being able to automate website web application security and vulnerability scanning, auditing and reporting to free up important manpower to focus on interpreting, enforcing and implementing the vulnerability fixes and patches before hackers exploits it and bringing tangible damage against client reputation.
- Existing business IT and software development process integration and automation to streamline web application testing and debugging cycle to ensure less vulnerable, hackable and secure web application roll out to the production.
- Ensure always access to latest software version and technology in the fraction of the total software ownership cost to enjoy latest features and functionality, ongoing update on vulnerability signature and patterns.
- Perform mission critical and sensitive internal web application security test and ongoing check, report and distribute vulnerabilities to be fixed and get it done without 3rd party involvement and use it to validate 3rd party web application penetration test report.
E-SPIN value added services (VAS) engage for the project:
- Web Application Security and Vulnerability Scanning, Audit and Reporting, Process Integration and Automation, Training and Knowledge Transfer, Risk Mitigation Fixing Module Development, Operation Consulting, Project Coaching, Software and Technical Support.
We hope the case Insurance ebusiness enterprise application risk and regulatory compliance, will help for those who are looking for the solution with context. Feel free to contact E-SPIN for your project requirements and discussion session, we see what we can duplicate the project success to your unique case.