A certain bank is one of the earliest joint-stock commercial banks listed in the country. Its headquarter is located in Shenzhen. It has hundreds of branches and thousands of business institutions across the country, with total assets of hundreds of billions of yuan. In recent years, the bank has made every effort to build a "digital bank" centering on digitization, intelligence, and ecology to help build a "digital China."
Technology leads the development of business intelligence
Unprecedented level of security
As a modern commercial bank, the bank always puts "technology leadership" at the top of its development strategy, and strives to create a "digital bank business card". Focusing on changes in "contactless" demand, the bank has vigorously promoted the construction of a digital and intelligent operation system in recent years. Promote the development of traditional business processing in the direction of light, online, centralized, and intelligent, reshape diversified, integrated, intelligent and efficient service processes, create a bank that is ready to use, and promote continuous social and economic progress through its own transformation and development .
During the development of digital banks, security issues have also been brought up to unprecedented heights by the bank. How to ensure the user experience on the basis of security is the focus of its attention . During the process of security construction, the bank encountered some problems:
-
Security work takes a long time and is presented in fragments, requiring a full-process solution
-
Application security quality is strongly dependent on the penetration test link, the cut-in time node is late, and the detection cost is high
-
R&D personnel's security protection thinking is driven by loopholes, and has been in a relatively passive defense state
-
The demand for development is increasing day by day, and the traditional security control process is inefficient, unable to meet the security requirements under rapid iteration
Introducing S-SDLC solution
Make safety protection sound
After full research and preparation in the early stage, the bank chose to work with Open Source Network Security to develop an effective implementation plan: introducing the S-SDLC security development management process. Implement 100% of the S-SDLC development process in the application system in the industry, comprehensively identify and control the security risks in all stages of application development from architecture design to deployment, operation and maintenance, enter security construction in advance, and build security development capabilities. After the implementation of S-SDLC, the bank's security defense mode has changed from passive defense to active prevention and control. 80% of the security issues are solved in the design, development, and testing links. Security vulnerabilities are significantly reduced, and high-risk security issues are reduced by 85%. Safety input costs. At the same time, in the face of a large number of development needs from the business side, S-SDLC also helped the bank realize systematic security quantitative management, improve the ability to resist risks, and help it provide customers with diversified, high-quality, and strong financial services.
After adopting the S-SDLC security development and management process, the bank's security system construction has been further developed, which has promoted the security transformation of digital finance, continuously improved the quality and efficiency of its financial services, and provided more accurate and secure services for different customer groups . In addition to serving the bank, Open Source Network Security has also provided leading, cross-dimensional software security solutions for dozens of financial institutions, promoting enterprises to provide users with better services while safely carrying out digital construction.
