Client Case Study
Our scope was to support Santander a high-street retail, business and investment bank
Client within the UK to ensure that their Banking infrastructure could embrace the requirements
from PSD2 known as Open Banking. The scope of our remit was to support the bank in
ensuring conformance to the Open Banking requirements, support the change in deploying new
infrastructure to support integration with the Open Banking eco-system and support the
development teams in building secure software via a SecDevOps approach.
Changing a bank's posture to opening up their infrastructure for third-party access is
no easy task. Managing several teams to ensuring that security is baked into their mindset and
enforcing security checks in the building and deployment was an entirely new process, meaning
frustrations were felt with the changes Complete Cyber introduced. In addition to this, we had to
engineer a secure solution alongside the architecture functions to ensure the Bank's
infrastructure was not only protected, but conformed with the Open Banking standards.
Using our passion for driving security into a program, we actively built and supported
continuous development pipelines that incorporated the latest security testing to perform
SAST/DAST/SCA testing of all software developed by the teams. We also supported the as-is IT
and Network architecture and built a solution that incorporated physical HSM’s to support
storing of cryptographic material needed for compliance against PCI-DSS and PSD2
requirements whilst ensuring a highly scalable and reliable internal PKI solution to support the
needs of the Banks zero-trust policy for microservices. We also supported the various teams
overall Open Banking solution to ensure compliance to the Open Banking standards and
provided support in advising on security software solutions when required.