Finastra and Synopsys SIG: Partnering to bring world-class security to Finastra’s app ecosystem

The challenge: Ensuring the security of FinTech apps from design through deployment 

In the world of digital banking apps, security is paramount. That’s why Finastra, one of the largest FinTech companies in the world, partnered with the Synopsys Software Integrity Group (SIG) to bring world-class security to applications offered through Finastra’s FusionFabric.cloud, an open platform for developing, deploying, and consuming financial applications.

The partnership ensures that applications offered via FusionFabric.cloud are vetted by the Synopsys application security validation program—rigorous software security assessments that include static application security testing, software composition analysis, penetration testing, and code reviews.

The solution: The Synopsys application security validation program

FusionFabric.cloud is designed to give FinTechs, financial institutions, students, independent developers, system integrators, and consultants access to a global marketplace of financial applications. A key requirement of making that marketplace vibale is creating trust among all the parties involved.

“Security is a requisite in the FinTech space,” said Nir Valtman, VP and head of product and data security at Finastra. “Synopsys’ application validation program leverages Synopsys’ security testing technology and expertise to ensure that applications published on the FusionFabric.cloud platform are designed, developed, and deployed with the highest standards for security.”

The Synopsys application security validation program provides rigorous software security assessments, including Coverity® static application security testing (SAST), Black Duck® software composition analysis (SCA), penetration testing, and code reviews. Coverity identifies critical software quality defects and security vulnerabilities to ensure code that is secure, higher quality, and compliant with standards. Black Duck SCA provides a comprehensive solution for managing security, quality, and license compliance risk that comes from the use of open source and third-party code in applications and containers. Synopsys managed penetration testing systematically finds and eliminates business-critical vulnerabilities in running web applications and web services.

“The net result is a win-win for both FinTech providers and their financial services customers,” said Nir Valtman. “FinTech app providers get third-party validation from an industry-leading application security company, and their customers can rely on the applications with confidence.”

The results: Security validation for FinTechs and their customers

“We have more than 20 apps today in the store, all of which went through the SIG vetting process before going live on FusionStore,” Nir Valtman said. “With the easily understood reports that the Synopsys security validation program provides, it’s a relatively simple process for me to make a ‘go/no-go’ decision and provide any needed feedback to the FinTechs.”

“An added benefit is that FinTechs see the value of the program for themselves through these reports,” added Nir Valtman. “Their code is scanned and validated by a third party. And not just a third party, but Synopsys, one of the leaders in application security testing. Even the most sophisticated FinTechs may lack the expertise to review their own security posture. But they still need to assure customers that they’ve tested for security issues in their code. From their perspective, being able to produce the Synopsys report and say to customers, ‘yes we’ve had a security scan,’ is a major plus.”