Customer stories

Major financial services provider

Financial services provider used custom software solutions to boost health management and ensure global data compliance with OpenText™ Fortify™

About this major financial services provider

This global financial services provider focuses on health insurance. It uses in-house software to improve health outcomes and ensure data compliance, supporting its diverse client base with secure, custom technology solutions.

Employees:

35,000+
Number of countries covered:

40+
Market capitalization:

US$ 5+ billion

Summary

Challenges

Increasing focus on application security to create higher quality secure code.
Achieving full global data privacy regulation compliance.
Improving efficiency in software development lifecycles.

Solution

Leveraged Fortify’s end-to-end application security approach.
Offered feature-rich functionality and broad integration capabilities.

Results

Delivered shift-left move in development
Streamlined auditing process for regulation compliance

Challenges

Found an alternative to SonarQube for application security, as it no longer met requirements
Created end-to-end integration in the development cycle to produce secure, quality, innovative software

This major financial services provider seeks disruption as it leads a global transformation in financial services. With health insurance as one of its major pillars, it is very conscious that there is a clear science behind increasing life expectancy and, therefore, reducing health-related insurance claims.

In-house developed software plays a key part in creating a science-based behavior change program so that members can take active steps to know and improve their health. With software solutions creating a competitive edge, the organization invests heavily in its development efforts, with hundreds of specialized software developers and outsourced third-party software development. The combined teams create a mix of web and mobile applications to support its diverse client base directly. To ensure secure and clean code, the development teams worked with SonarQube, acquired through local IT consultancy partner, 9th BIT.

9th BIT’s CEO, Barry De Waal, explained further: “Active through companies around the world, this customer is heavily regulated and needs to be fully GDPR and POPIA (Protection of Personal Information Act) compliant. Because it regularly deals with sensitive client information, security is embedded into the core of its business. The breadth of the company means it holds not just personal credit card or contact details, but some subsidiaries store clients’ medical, insurance, and financial investment information as well. The organization wants to be in full control of its software solutions, including stored data, and will favor in-house developed solutions over off-the-shelf commercial ones.”

He continued, “In a bid to create a full CI/CD pipeline and shift left, the team adopted Flutter an open-source framework by Google to build natively compiled, multi-platform applications from a single code base. Considering the increased focus on security within the software development lifecycle, it was felt that the community version of SonarQube no longer met the requirements, and we were asked to suggest an alternative.”

The person using digital tablet in operation room

Regulation compliance was a key factor in the decision to increase the focus on application security. Fortify’s automated results scanning makes the audit process infinitely easier and faster. The added benefits are higher quality and more secure solutions that benefit customer satisfaction.

Barry De Waal
CEO, 9th BIT

Solution

The organization liked Fortify’s software-as-a-service approach as it matched working practices following the COVID-19 pandemic. Seamless Fortify integration with other key software players in the development cycle was also perceived as a benefit.

Products deployed

OpenText™ Fortify

OpenText™ Fortify Static Code Analyzer spots root causes of vulnerabilities in the source code, prioritizes issues, and provides guidance on fixes

Leveraging Fortify’s end-to-end application security approach

OpenText Fortify is a recognized market leader in application security. It is designed to detect security flaws as code is written, allowing developers to find and fix security issues at every stage of the development cycle. This creates secure software with more flexibility and speed. It offers automated static application security testing (SAST) and dynamic application security testing (DAST) of any software code, from development through production. SAST identifies the root cause and helps remediate underlying security flaws. DAST simulates controlled attacks to identify exploitable vulnerabilities.

Offering feature-rich functionality and broad integration capabilities

The team at 9th BIT led workshops, presentations, and demonstrations to highlight the value of Fortify. De Waal commented: “The decision-making process fell in the middle of the COVID-19 pandemic and in a way, this was fortunate, as the organization was mainly working remotely by then and really appreciated the value of a software-as-a-service platform, which Fortify offers. The team could see how feature-rich Fortify is. The native integration between Sonatype, used to secure the organization’s software development cycle, and Fortify can empower every engineering team with the necessary intelligence to create and maintain secure, quality, innovative software at scale. In the end, it was an easy decision.”

The native integration between Sonatype, used to secure the organization’s software development cycle, and Fortify can empower every engineering team with the necessary intelligence to create and maintain secure, quality, innovative software at scale. In the end, it was an easy decision.

Barry De Waal
CEO, 9th BIT

Results

Fortify’s full integration with the organization’s existing development tools enabled the introduction of an efficient CI/CD software pipeline. Automated results scanning streamlined the auditing process for global data privacy regulation compliance.

Delivered shift left move in development

Fortify was soon implemented with full integration in the Azure single sign-on environment and with Jenkins to build, test, and deploy the software. It is now used daily within the in-house and outsourced development teams. Although process refinement is ongoing and code scanning is often done ad-hoc rather than as an integral part of the development cycle, the teams are moving toward complete CI/CD integration with Fortify, and a significant shift left in the development processes. Already, Fortify scans are accepted by independent industry regulators as evidence that the organization is compliant with regulations.

Streamlined auditing process for regulation compliance

De Waal concluded, “Regulation compliance was a key factor in the decision to increase the focus on application security. Fortify’s automated results scanning makes the audit process infinitely easier and faster. The added benefits are higher quality and more secure solutions that benefit customer satisfaction as most of the organization’s solutions are client-facing. Introducing an efficient CI/CD software development pipeline is now a realistic option that Fortify fully supports. This will enable continuous code scanning and testing, further enhancing the clients’ experience.”

FeaturedFeatured

Analytics CloudAnalytics Cloud

Data Lakehouse & AnalyticsData Lakehouse & Analytics

BI, Visualization & ReportingBI, Visualization & Reporting

eDiscovery and Legal SolutionseDiscovery and Legal Solutions

OpenText™ Aviator Search

Business Network CloudBusiness Network Cloud

Supply Chain AutomationSupply Chain Automation

B2B IntegrationB2B Integration

Secure CollaborationSecure Collaboration

Supply Chain TraceabilitySupply Chain Traceability

Supply Chain InsightsSupply Chain Insights

Industry Applications and ServicesIndustry Applications and Services

OpenText™ Business Network Aviator

Content CloudContent Cloud

Document ManagementDocument Management

AI Content ManagementAI Content Management

Capture Intelligent Document ProcessingCapture Intelligent Document Processing

Process AutomationProcess Automation

Business IntegrationsBusiness Integrations

Information ArchivingInformation Archiving

Industry SolutionsIndustry Solutions

Information GovernanceInformation Governance

OpenText™ Content Aviator

Cybersecurity CloudCybersecurity Cloud

Application SecurityApplication Security

Data Privacy and ProtectionData Privacy and Protection

Threat Detection and ResponseThreat Detection and Response

Identity and Access ManagementIdentity and Access Management

Digital Investigations and ForensicsDigital Investigations and Forensics

Threat IntelligenceThreat Intelligence

OpenText™ Cybersecurity Aviator

DevOps CloudDevOps Cloud

DevOps PlatformDevOps Platform

Functional TestingFunctional Testing

PPM and Strategic Portfolio ManagementPPM and Strategic Portfolio Management

Quality ManagementQuality Management

Performance EngineeringPerformance Engineering

OpenText™ DevOps Aviator

Experience CloudExperience Cloud

Web & Mobile ExperiencesWeb & Mobile Experiences

Contact Center AnalyticsContact Center Analytics

Messaging & FaxMessaging & Fax

Customer CommunicationsCustomer Communications

Digital Asset ManagementDigital Asset Management

Customer Journey and DataCustomer Journey and Data

OpenText™ Experience Aviator

IT Operations CloudIT Operations Cloud

Service ManagementService Management

Discovery & CMDBDiscovery & CMDB

AIOps and ObservabilityAIOps and Observability

Network ManagementNetwork Management

Cloud Management, FinOps & GreenOpsCloud Management, FinOps & GreenOps

AutomationAutomation

OpenText™ IT Operations Aviator

OpenText™ ThrustOpenText™ Thrust

OpenText™ Thrust bundleOpenText™ Thrust bundle

OpenText™ Aviator Thrust

PortfolioPortfolio

Data ProtectionData Protection

Endpoint Management and Mobile Security Endpoint Management and Mobile Security

Hybrid Work, Email, and Team Collaboration Hybrid Work, Email, and Team Collaboration

Archiving, eDiscovery, and Data SecurityArchiving, eDiscovery, and Data Security

Connectivity and Document ManagementConnectivity and Document Management

Information reimaginedInformation reimagined

Artificial IntelligenceArtificial Intelligence

IndustryIndustry

Enterprise ApplicationsEnterprise Applications

Your journey to successYour journey to success

Customer SupportCustomer Support

Customer Success ServicesCustomer Success Services

Consulting ServicesConsulting Services

NextGen ServicesNextGen Services

Learning ServicesLearning Services

Managed ServicesManaged Services

Find an OpenText PartnerFind an OpenText Partner

Find a Partner SolutionFind a Partner Solution

Grow as a PartnerGrow as a Partner

Become a Partner

Asset LibraryAsset Library

Featured

Analytics Cloud

Data Lakehouse & Analytics

BI, Visualization & Reporting

eDiscovery and Legal Solutions

Business Network Cloud

Supply Chain Automation

B2B Integration

Secure Collaboration

Supply Chain Traceability

Supply Chain Insights

Industry Applications and Services

Content Cloud

Document Management

AI Content Management

Capture Intelligent Document Processing

Process Automation

Business Integrations

Information Archiving

Industry Solutions

Information Governance

Cybersecurity Cloud

Application Security

Data Privacy and Protection

Threat Detection and Response

Identity and Access Management

Digital Investigations and Forensics

Threat Intelligence

DevOps Cloud

DevOps Platform

Functional Testing

PPM and Strategic Portfolio Management

Quality Management

Performance Engineering

Experience Cloud

Web & Mobile Experiences

Contact Center Analytics

Messaging & Fax

Customer Communications

Digital Asset Management

Customer Journey and Data

IT Operations Cloud

Service Management

Discovery & CMDB

AIOps and Observability

Network Management

Cloud Management, FinOps & GreenOps

Automation

OpenText™ Thrust

OpenText™ Thrust bundle

Portfolio

Data Protection

Endpoint Management and Mobile Security

Hybrid Work, Email, and Team Collaboration

Archiving, eDiscovery, and Data Security

Connectivity and Document Management

Information reimagined

Artificial Intelligence

Industry

Enterprise Applications

Your journey to success

Customer Support

Customer Success Services

Consulting Services

NextGen Services

Learning Services

Managed Services

Find an OpenText Partner

Find a Partner Solution

Grow as a Partner

Asset Library

Blogs

Events

Communities

Customer Stories

OpenText Navigator