European Regional Bank
.jpg?width=640&height=427&name=etienne-martin-2_K82gx9Uk8-unsplash%20(1).jpg "etienne-martin-2_K82gx9Uk8-unsplash (1)")
Executive Summary
A regional bank in Europe with an extensive array of traditional banking services as well as digital and mobile banking solutions has recently approached Codenotary about securing the DevOps lifecycle, especially in the mobile banking area.
With over 1100 software engineers and a multi-cloud (AWS and Google Cloud) deployment strategy, this bank needed a system to identify and track each and every component in their software development as it moved from source to build to Kubernetes runtime.
Trustcenter Success Story
Due to the involvement of a Top Four Consulting/Auditing company in the development project, it is of primary importance to the bank to keep track of source and module components independently if they are developed in-house or by outside consultants.
Furthermore, given the constant release cycle (the mobile banking system needs to be up 24/7), automation of the component trust checking is mandatory. Additionally, the banks’ statutory auditors and regulators need to get a monthly audit report about who did what to which software component. All of that needs to be guaranteed tamperproof.
Codenotary’s Trustcenter platform satisfies all these stringent requirements. Given that our platform is based on the leading immutabe database immudb (see https://immudb.io), we could satisfy regulations imposed by regulators and auditors.
Trustcenter now in version 3.5 can easily handle billions of artifacts verifications per day, and our command-line utility vcn integrates naturally with the Jenkins build system and the Kubernetes environment of the customer.
Through this integration this bank’s Jenkins system can now always check if a build is made up solely of verified trusted components before proceeding to produce the build, and the Trustcenter operator checks if a pod was built with exclusively known and trusted artifacts before launching the pod.