Crosskey develops, delivers and maintains systems and solutions for the European bank and capital markets. Crosskey’s services include core banking solutions, credit card solutions and channel solutions such as mobile, Internet banking and front office solutions.
The Challenge: Embracing Compliance to Differentiate Within Their Market
Organizations that process payment card transactions must meet international requirements established by the Payment Card Industry Data Security Standard (PCI DSS). Monika Liikamaa, Director of Crosskey Card Solutions, saw compliance as a daunting task—but also a rare opportunity to differentiate Crosskey in their highly competitive market. The compliance process started with a team of developers and architects who thoroughly researched how Crosskey could become compliant—and stay compliant over time— with minimal manual effort.
The Solution: Using Sonatype to Ensure PCI Compliance While Streamlining OSS Development
Sonatype plays an instrumental role in helping organizations address PCI compliance, including OWASP A9, by reducing risk in components/artifacts which currently comprise about 80 percent of an average application. These requirements include having a complete inventory of components and avoiding known vulnerabilities. “It was essential for us to choose solutions that not only helped us with compliance, but offered easily sustainable and agile long term processes that would not burden staff. We want new releases on average every six weeks, so going to the Internet and manually checking each individual component 1 was not a viable alternative,” says Liikamaa. “Sonatype specializes in streamlining component-based development so the quality is much higher than any other solution we evaluated and far better than manual effort. We can do our work faster and have full control. Plus our developers and architects really liked the fact they could be more secure and meet requirements without slowing down the development effort.”
The Outcome: Complying With Payment Card Industry Data Security Standard Using Sonatype
“Protecting cardholder’s data is incredibly important yet many organizations are not yet PCI compliant. For us it is a big competitive advantage,” says Liikamaa. “With PCI, we offer trust to the end user and Sonatype is a key part of the solution.” Within days, Sonatype Lifecycle (formerly Component Lifecycle Management - CLM) solution helped Crosskey create a bill of materials of all components/artifacts used in their card processing solution, identified which were most vulnerable and facilitated implementation of safer options. “Doing this manually was out of the question,” says Liikamaa. “First you’d have to create the procedure, then someone has to constantly check the artifacts and then how do you prove what you did? I really don’t think a manual effort would have been good enough for PCI. There’s no such thing as 98% compliant. You either are compliant, or you aren’t. “We would definitely recommend Sonatype’s software. It has been all that we wanted it to be, and more. Identifying and choosing the best and safest artifacts was a big part of the requirement. However, the product also speeds up the overall build and release process too. With Sonatype, we are more agile and more secure than ever before and one of the top service providers in this business.”
