Crosskey and Sonatype Lifecycle

More secure, more agile, more trusted banking solutions.

Crosskey develops, delivers and maintains systems and solutions for the European bank and capital markets. Crosskey’s services include core banking solutions, credit card solutions and channel solutions such as mobile, Internet banking and front office solutions.

The Challenge: Embracing Compliance to Differentiate Within Their Market

Organizations that process payment card transactions must meet international requirements established by the Payment Card Industry Data Security Standard (PCI DSS). Monika Liikamaa, Director of Crosskey Card Solutions, saw compliance as a daunting task—but also a rare opportunity to differentiate Crosskey in their highly competitive market. The compliance process started with a team of developers and architects who thoroughly researched how Crosskey could become compliant—and stay compliant over time— with minimal manual effort.

“Sonatype specializes in streamlining component-based development, so the quality is much higher than any other solution we evaluated and far better than manual effort.”

Director of Crosskey Card Solutions

The Solution: Using Sonatype to Ensure PCI Compliance While Streamlining OSS Development

Sonatype plays an instrumental role in helping organizations address PCI compliance, including OWASP A9, by reducing risk in components/artifacts which currently comprise about 80 percent of an average application. These requirements include having a complete inventory of components and avoiding known vulnerabilities. “It was essential for us to choose solutions that not only helped us with compliance, but offered easily sustainable and agile long term processes that would not burden staff. We want new releases on average every six weeks, so going to the Internet and manually checking each individual component 1 was not a viable alternative,” says Liikamaa. “Sonatype specializes in streamlining component-based development so the quality is much higher than any other solution we evaluated and far better than manual effort. We can do our work faster and have full control. Plus our developers and architects really liked the fact they could be more secure and meet requirements without slowing down the development effort.”