Integrating Application Security into Software Development Life Cycle: A Case Study of Envestnet | Yodlee
Technology Category
- Cybersecurity & Privacy - Application Security
- Platform as a Service (PaaS) - Application Development Platforms
Applicable Industries
- Equipment & Machinery
- National Security & Defense
Applicable Functions
- Product Research & Development
- Quality Assurance
Use Cases
- Experimentation Automation
- Tamper Detection
Services
- System Integration
- Testing & Certification
About The Customer
Envestnet | Yodlee is a leading data aggregation and data analytics platform powering dynamic, cloud-based innovation for digital financial services. The company serves more than 1,000 companies, including 13 of the 20 largest U.S. banks and hundreds of Internet services companies. These companies subscribe to the Envestnet | Yodlee platform to power personalized financial apps and services for millions of consumers. Envestnet | Yodlee solutions help transform the speed and delivery of financial innovation, improve digital customer experiences, and drive better outcomes for clients and their customers. The company is supervised and examined by the Office of the Controller of Currency (OCC) and all major banking regulators, and has undergone nearly 200 audits by financial institutions over a recent 24-month period.
The Challenge
Envestnet | Yodlee, a leading data aggregation and data analytics platform for digital financial services, faced the challenge of seamlessly and cost-effectively aiding developers in identifying and fixing application security vulnerabilities within their code early in the Software Development Life Cycle (SDLC). The company also aimed to reduce the burden that development and security practitioners encounter by reducing the number of false positives reported. As a fintech company, security is paramount for Envestnet | Yodlee, and they needed to ensure that every product on its platform met the most stringent security and compliance requirements. The company periodically conducted code reviews to ensure there were no vulnerabilities, but they wanted a better solution that could reduce the number of false positives, as triaging them wasted time and reduced efficiency. They also desired a security solution that could scale, augment and seamlessly integrate with the current toolset.
The Solution
Envestnet | Yodlee adopted Contrast Assess to aid its development and application security teams by weaving security into its DevSecOps methodologies. The company also used Contrast to supplement Penetration Testing. Contrast Assess was used to supplement Envestnet | Yodlee’s Penetration Testing tools. Contrast’s dashboard and reports were shared with internal Penetration Testing team members, highlighting key vulnerabilities and providing immediate and actionable recommendations to triage. Contrast Security utilized the AWS Core Cloud Services such as EC2, Auto Scaling Groups, VPC, and RDS to provide High Availability and Elastic Scalability to meet the changing security workloads of Envestnet | Yodlee. AWS Encryption Services, such as Key Management Services and Amazon Certificate Manager, were used to keep data confidential in transit and at rest. Contrast Security also leveraged AWS Lambda serverless solutions to build cloud native products that power data intelligence feeds to their customers worldwide.
Operational Impact
Quantitative Benefit
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
Related Case Studies.
Case Study
Smart Water Filtration Systems
Before working with Ayla Networks, Ozner was already using cloud connectivity to identify and solve water-filtration system malfunctions as well as to monitor filter cartridges for replacements.But, in June 2015, Ozner executives talked with Ayla about how the company might further improve its water systems with IoT technology. They liked what they heard from Ayla, but the executives needed to be sure that Ayla’s Agile IoT Platform provided the security and reliability Ozner required.
Case Study
IoT enabled Fleet Management with MindSphere
In view of growing competition, Gämmerler had a strong need to remain competitive via process optimization, reliability and gentle handling of printed products, even at highest press speeds. In addition, a digitalization initiative also included developing a key differentiation via data-driven services offers.
Case Study
Predictive Maintenance for Industrial Chillers
For global leaders in the industrial chiller manufacturing, reliability of the entire production process is of the utmost importance. Chillers are refrigeration systems that produce ice water to provide cooling for a process or industrial application. One of those leaders sought a way to respond to asset performance issues, even before they occur. The intelligence to guarantee maximum reliability of cooling devices is embedded (pre-alarming). A pre-alarming phase means that the cooling device still works, but symptoms may appear, telling manufacturers that a failure is likely to occur in the near future. Chillers who are not internet connected at that moment, provide little insight in this pre-alarming phase.
Case Study
Premium Appliance Producer Innovates with Internet of Everything
Sub-Zero faced the largest product launch in the company’s history:It wanted to launch 60 new products as scheduled while simultaneously opening a new “greenfield” production facility, yet still adhering to stringent quality requirements and manage issues from new supply-chain partners. A the same time, it wanted to increase staff productivity time and collaboration while reducing travel and costs.
Case Study
Integration of PLC with IoT for Bosch Rexroth
The application arises from the need to monitor and anticipate the problems of one or more machines managed by a PLC. These problems, often resulting from the accumulation over time of small discrepancies, require, when they occur, ex post technical operations maintenance.
Case Study
Data Gathering Solution for Joy Global
Joy Global's existing business processes required customers to work through an unstable legacy system to collect mass volumes of data. With inadequate processes and tools, field level analytics were not sufficient to properly inform business decisions.
