This global financial services provider focuses on health insurance. It uses in-house software to improve health outcomes and ensure data compliance, supporting its diverse client base with secure, custom technology solutions.

Employees:

35,000+
Number of countries covered:

40+
Market capitalization:

US$ 5+ billion

Summary

Challenges

Increasing focus on application security to create higher quality secure code.
Achieving full global data privacy regulation compliance.
Improving efficiency in software development lifecycles.

Solution

Leveraged Fortify’s end-to-end application security approach.
Offered feature-rich functionality and broad integration capabilities.

Results

Delivered shift-left move in development
Streamlined auditing process for regulation compliance

Challenges

Found an alternative to SonarQube for application security, as it no longer met requirements
Created end-to-end integration in the development cycle to produce secure, quality, innovative software

This major financial services provider seeks disruption as it leads a global transformation in financial services. With health insurance as one of its major pillars, it is very conscious that there is a clear science behind increasing life expectancy and, therefore, reducing health-related insurance claims.

In-house developed software plays a key part in creating a science-based behavior change program so that members can take active steps to know and improve their health. With software solutions creating a competitive edge, the organization invests heavily in its development efforts, with hundreds of specialized software developers and outsourced third-party software development. The combined teams create a mix of web and mobile applications to support its diverse client base directly. To ensure secure and clean code, the development teams worked with SonarQube, acquired through local IT consultancy partner, 9th BIT.

9th BIT’s CEO, Barry De Waal, explained further: “Active through companies around the world, this customer is heavily regulated and needs to be fully GDPR and POPIA (Protection of Personal Information Act) compliant. Because it regularly deals with sensitive client information, security is embedded into the core of its business. The breadth of the company means it holds not just personal credit card or contact details, but some subsidiaries store clients’ medical, insurance, and financial investment information as well. The organization wants to be in full control of its software solutions, including stored data, and will favor in-house developed solutions over off-the-shelf commercial ones.”

He continued, “In a bid to create a full CI/CD pipeline and shift left, the team adopted Flutter an open-source framework by Google to build natively compiled, multi-platform applications from a single code base. Considering the increased focus on security within the software development lifecycle, it was felt that the community version of SonarQube no longer met the requirements, and we were asked to suggest an alternative.”

The person using digital tablet in operation room

Regulation compliance was a key factor in the decision to increase the focus on application security. Fortify’s automated results scanning makes the audit process infinitely easier and faster. The added benefits are higher quality and more secure solutions that benefit customer satisfaction.

Barry De Waal
CEO, 9th BIT

Solution

The organization liked Fortify’s software-as-a-service approach as it matched working practices following the COVID-19 pandemic. Seamless Fortify integration with other key software players in the development cycle was also perceived as a benefit.

Products deployed

OpenText™ Fortify

OpenText™ Fortify Static Code Analyzer spots root causes of vulnerabilities in the source code, prioritizes issues, and provides guidance on fixes

Leveraging Fortify’s end-to-end application security approach

OpenText Fortify is a recognized market leader in application security. It is designed to detect security flaws as code is written, allowing developers to find and fix security issues at every stage of the development cycle. This creates secure software with more flexibility and speed. It offers automated static application security testing (SAST) and dynamic application security testing (DAST) of any software code, from development through production. SAST identifies the root cause and helps remediate underlying security flaws. DAST simulates controlled attacks to identify exploitable vulnerabilities.

Offering feature-rich functionality and broad integration capabilities

The team at 9th BIT led workshops, presentations, and demonstrations to highlight the value of Fortify. De Waal commented: “The decision-making process fell in the middle of the COVID-19 pandemic and in a way, this was fortunate, as the organization was mainly working remotely by then and really appreciated the value of a software-as-a-service platform, which Fortify offers. The team could see how feature-rich Fortify is. The native integration between Sonatype, used to secure the organization’s software development cycle, and Fortify can empower every engineering team with the necessary intelligence to create and maintain secure, quality, innovative software at scale. In the end, it was an easy decision.”

The native integration between Sonatype, used to secure the organization’s software development cycle, and Fortify can empower every engineering team with the necessary intelligence to create and maintain secure, quality, innovative software at scale. In the end, it was an easy decision.

Barry De Waal
CEO, 9th BIT

Results

Fortify’s full integration with the organization’s existing development tools enabled the introduction of an efficient CI/CD software pipeline. Automated results scanning streamlined the auditing process for global data privacy regulation compliance.

Delivered shift left move in development

Fortify was soon implemented with full integration in the Azure single sign-on environment and with Jenkins to build, test, and deploy the software. It is now used daily within the in-house and outsourced development teams. Although process refinement is ongoing and code scanning is often done ad-hoc rather than as an integral part of the development cycle, the teams are moving toward complete CI/CD integration with Fortify, and a significant shift left in the development processes. Already, Fortify scans are accepted by independent industry regulators as evidence that the organization is compliant with regulations.

Streamlined auditing process for regulation compliance

De Waal concluded, “Regulation compliance was a key factor in the decision to increase the focus on application security. Fortify’s automated results scanning makes the audit process infinitely easier and faster. The added benefits are higher quality and more secure solutions that benefit customer satisfaction as most of the organization’s solutions are client-facing. Introducing an efficient CI/CD software development pipeline is now a realistic option that Fortify fully supports. This will enable continuous code scanning and testing, further enhancing the clients’ experience.”

Share your story

Become an OpenText Navigator Champion to raise your profile, connect with leaders and enjoy exclusive promotions and experiences.

Learn more