Open Banking
Our scope was to support Santander a high-street retail, business and investment bank client within the UK to ensure that their Banking infrastructure could embrace the requirements from PSD2 known as Open Banking. The scope of our remit was to support the bank in ensuring conformance to the Open Banking requirements, support the change in deploying new infrastructure to support integration with the Open Banking eco-system and support the development teams in building secure software via a SecDevOps approach.
SCOPE
CHALLENGES
Changing a bank's posture to opening up their infrastructure for third-party access is no easy task. Managing several teams to ensuring that security is baked into their mindset and enforcing security checks in the building and deployment was an entirely new process, meaning frustrations were felt with the changes Complete Cyber introduced. In addition to this, we had to engineer a secure solution alongside the architecture functions to ensure the Bank's infrastructure was not only protected, but conformed with the Open Banking standards.
OUTCOMES
Using our passion for driving security into a program, we actively built and supported continuous development pipelines that incorporated the latest security testing to perform SAST/DAST/SCA testing of all software developed by the teams. We also supported the as-is IT and Network architecture and built a solution that incorporated physical HSM’s to support storing of cryptographic material needed for compliance against PCI-DSS and PSD2 requirements whilst ensuring a highly scalable and reliable internal PKI solution to support the needs of the Banks zero-trust policy for microservices. We also supported the various teams overall Open Banking solution to ensure compliance to the Open Banking standards and
provided support in advising on security software solutions when required.