Give users access to the answers they need, faster and easier, with multi-repository AI-based search that lets you contextualize everything from clicks to conversations

Products

Overview Business Network

Connect once, reach anything with a secure B2B integration platform

Industry Applications and Services

OpenText™ Business Network Aviator(AI)

Revolutionize connectivity across the internet of clouds

Products

Overview Content

Reimagine knowledge with AI-ready content management solutions

Capture and Intelligent Document Processing

OpenText™ Content Aviator(AI)

Supercharge intelligent workspaces with AI to modernize work

Products

Overview Cybersecurity

Integrated cybersecurity solutions for enterprise protection

Identity and Access Management

Digital Forensics and Incident Response

OpenText Cybersecurity for SMBs & MSPs

Purpose built data protection and security solutions

OpenText™ Cybersecurity Aviator(AI)

Reinvent threat hunting to improve security posture with the power of agile AI

Products

Overview DevOps

Ship better software—faster—with AI-driven DevOps automation, testing, and quality

DevOps Platform

OpenText™ Core Software Delivery Platform

PPM and Strategic Portfolio Management

OpenText™ Project and Portfolio Management

OpenText™ DevOps Aviator(AI)

Elevate millions of developers with AI-powered DevOps experiences

Products

Overview Experience

Reimagine conversations with unforgettable customer experiences

OpenText™ Experience Aviator(AI)

Transform customer communications with private generative AI

Products

Overview Observability and Service Management

Get the clarity needed to cut the cost and complexity of IT operations

Automation and Vulnerability Remediation

OpenText™ Service Management Aviator(AI)

Redefine Tier 1 business support functions with self-service capabilities from private generative AI

Products

Overview APIs

Build custom applications using proven OpenText Information Management technology

OpenText™ API Technical Documentation

OpenText™ Aviator Thrust

Build it your way with OpenText Cloud APIs that create the real-time information flows that enable custom applications and workflows

Products

Overview Device and Data Protection

Protect what matters, recover when it counts

Enterprise Data Backup and Disaster Recovery Solutions

Hybrid Work, Email, and Team Collaboration

Unified Endpoint Management Tools

Email Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document Management

Back

Solutions

Overview Information Reimagined

Get greater visibility and sharper insights from AI-driven information management. Ready to see how?

Solutions

Overview Aviator AI

Break free from silos, streamline processes, and improve customer experiences with secure information management for AI

Solutions

Overview Industry solutions

Improve efficiency, security, and customer satisfaction with OpenText

Solutions

Overview Solutions for Enterprise Applications

Run processes faster and with less risk

Maximize sustained growth, value, and innovation with intelligent enterprise solutions from OpenText and SAP

Connect content to business processes for better productivity and stronger governance

Optimize Salesforce effectiveness by bringing together transactional data and unstructured content

Back

Services

Overview Services

Achieve digital transformation with guidance from certified experts

Professional Services

Modernize your information management with certified experts

Customer Success Services

Unlock the full potential of your information management solution

Support Services

Turn support into your strategic advantage

Managed Services

Extend IT teams with certified OpenText application experts

Learning Services

Discover training options to help users of all skill levels effectively adopt and use OpenText products

Services

Overview Professional Services

Modernize your information management with certified experts

Services

Overview Customer Success Services

Unlock the full potential of your information management solution

Services

Overview Support Services

Turn support into your strategic advantage

Services

Overview Managed Services

Extend IT teams with certified OpenText application experts

Services

Overview Learning Services

Discover training options to help users of all skill levels effectively adopt and use OpenText products

Back

Partners

Overview Find a partner

Information is the heartbeat of every organization. We build information management software so you can build the future

Featured Partners

Public Cloud Partners

Enterprise Application

Partners

Overview Cloud Partners

OpenText partners with leading cloud infrastructure providers to offer the flexibility to run OpenText solutions anywhere

Migrate, optimize and manage information management solutions on AWS

Optimize performance and reduce costs with applications deployed on a secure, globally scaled platform

Accelerate migration and modernization with deployment in a highly secure and compliant public cloud

Partners

Overview Enterprise Application Partners

OpenText partners with top enterprise app providers to unlock unstructured content for better business insights

Maximize sustained growth, value, and innovation with intelligent enterprise solutions from OpenText and SAP

Connect content to business processes for better productivity and stronger governance

Optimize Salesforce effectiveness by bringing together transactional data and unstructured content

Partners

Overview Partner Solutions

Discover flexible and innovative offerings designed to add value to OpenText solutions

Partners

Overview Resources for Partners

Discover the resources available to support and grow Partner capabilities

Back

Overview Customer Support

Get expert product and service support to accelerate issue resolution and keep business flows running efficiently

Overview Resources

Explore detailed services and consulting presentations, briefs, documentation and other resources

Major Credit Group

Fortify strengthens cyber resilience in preparation for DORA introduction while reducing code vulnerabilities by 50% and boosting vendor collaboration

Products and services

OpenText™ Fortify™

Outcomes

Full DORA compliance
50% reduction in code vulnerabilities
Improved vendor collaboration through simplified process to accept external software
Flexible deployment suits the credit group’s business model
‘Security by design’ principle strengthens cyber resilience

Challenge

Prepare banking client for new financial regulation compliance requirements while simplifying the process of introducing external software.

Details

Introduction of DORA presents new challenges

All financial industry participants already need to comply with many regulatory requirements. Within the European Union (EU), this has recently been expanded to include the Digital Operational Resilience Act (DORA). This promotes Europe-wide convergence on the requirements financial institutions must adopt to raise the security of their digital systems. As part of it, financial entities need to conduct vulnerability assessments before introducing or re-introducing new or existing services. They also are required to test all critical applications and systems at least once a year.

A major credit group needed to integrate appropriate testing tools within its software development cycle to increase the level of resilience of its software solutions and prepare for DORA compliance. The credit group turned to its trusted partner, Join Business Management Consulting. This strategy and management consulting firm is ranked among the fastest-growing companies in Europe by the Financial Times and Il Sole 24 Ore. “We initially carried out a market analysis to identify the solutions that met the client’s requirements, such as the need to introduce static code analysis mechanisms within the application lifecycle,” explains Maurizio Garofalo, Head of the Risk, Compliance and Cybersecurity Practice at Join Business Management Consulting.

We consider the adoption of the ‘security by design’ principle in our software lifecycle management a building block of our cyber resilience strategy. Fortify has proved to be the ideal technology partner for this in terms of depth, breadth, and precision of vulnerability analysis, DevOps integration, and service model flexibility.

Chief Information Security Officer
Major Credit Group

Fortify exceeds expectations compared to alternatives

Garofalo continues: “We identified Fortify as the best solution for the credit group’s needs. In fact, in addition to the criteria we determined with the client, Fortify outshone other solutions in a number of ways. First of all, we like the superior level of reliability and rich functionality that comes from being an established solution, recognized as market leader by leading analysts: Gartner, Forrester, IDC, and G2. We also appreciated the broad language support and the opportunity to use Fortify both in an on-premises mode for easy inclusion in the development cycle infrastructure, or as a flexible service in the cloud, more suitable for our client’s software partners. These benefits came at a similar cost to that of far less performant solutions.”

Fortify is the inclusive and extendible suite of application security solutions with two decades of experience and continuous improvement. Fortify solutions enable end-to-end application lifecycle management by providing static code testing through its static application security testing (SAST) module, dynamic code testing with its dynamic application security testing (DAST) module, and software composition analysis (SCA) to ensure the security of any open source code components that are used. Using sophisticated artificial intelligence (AI) technology, Fortify allows automated security checks to be performed on code as it is written, suggesting changes required to ensure the code is as robust as possible. “The level of protection provided by Fortify facilitates DevSecOps development models and regulatory compliance in multiple areas, including the financial sector,” comments Garofalo.

Full DORA compliance and improved vendor collaboration

The start of the project involved Fortify on Demand, providing application security as a service without the need for additional infrastructure or resources. This is particularly valuable to validate software from external or commercial vendors, often small software companies specializing in banking solutions. The credit group cannot share its source code with external vendors, as it is protected by intellectual property law, nor can it accept code that hasn’t been checked according to its own software development standards. However, leveraging Fortify on Demand, the credit group can offer external vendors access to application testing via a code security scan. This allows the credit group to obtain an independent security certification to ensure that the security of the software conforms with its requirements.

The credit group leverages Fortify’s on-premises solution within its three in-house development factories where pre-defined languages are used. The first factory focuses on the development of home banking applications and its related apps for mobile access. The second factory develops the core applications for the group’s information system that manages communication between its 180 branch offices. The third factory develops the software used to create debit, credit, and pre-paid cards. “The Fortify hybrid deployment model, with on-demand and on-premises capabilities, is central to all software development at the credit group by ensuring that every code component is checked and corrected on the fly before it goes into production,” explains Garofalo.

50% reduction in code vulnerabilities and 15 critical applications successfully implemented

The introduction of Fortify led to the successful and seamless implementation of 15 business-critical applications, including both developed code and Open Source components. Following the Fortify process, 100 percent of new software releases are secured and certified against the Open Source foundation for application security (OWASP) top 10, as well as sysadmin, audit, network and security (SANS) top 25 standards. The credit group has identified a 50 percent reduction in code vulnerabilities associated with its developers’ higher level of security awareness through the introduction of Fortify and a gamified training program. The credit group’s CISO comments: “We consider the adoption of the ‘security by design’ principle in our software lifecycle management a building block of our cyber resilience strategy. Fortify has proved to be the ideal technology partner for this in terms of depth, breadth, and precision of vulnerability analysis, DevOps integration, and service model flexibility.”

Garofalo concludes: “The credit group is delighted with Fortify’s ability to strengthen application development security, eliminate code vulnerabilities, and comply with DORA regulations. It also leverages the Voltage SecureData Payments by OpenText solution to ensure payment data encryption.

This simplifies PCI compliance and protects clients’ credit card data in e-commerce applications, as well as web and mobile payments. Given the success of both Voltage and Fortify, the credit group is considering integrating the two to provide further value.”

Fortify is central to all software development at the credit
group by ensuring every code component is checked
and corrected on the fly before it goes into production.

Maurizio Garofalo
Head of the Risk, Compliance and Cybersecurity Practice, Join Business Management Consulting

About Major Credit Group

A major credit group needed to integrate appropriate testing tools within its software development cycle to increase the level of resilience of its software solutions and prepare for DORA compliance.