Automated monitoring brings IT security out of the black box

Alliance Cloud is SWIFT’s future-proof platform for the exchange of money and information in the financial sector, offering financial institutions a wide range of benefits.

That is why a major Danish financial organization chose to become a SWIFT Alliance Cloud Partner. This meant that in 2024, the organization faced the challenge of meeting a number of significant security requirements.

As part of the response, the organization chose to implement NNIT’s Application DevSecOps. In addition to full SWIFT compliance, the solution provides real insight into their digital vulnerabilities. This gives them the ability to manage IT security on an informed, evidence-based foundation.

Today, the Application DevSecOps solution automatically monitors the organization’s integration solutions with SWIFT for vulnerabilities and continuously scans new components during the development phase. All data is collected in a dashboard, ensuring that employees always have an up-to-date overview of vulnerabilities along with guidance from NNIT specialists.

NNIT assisted the organization from analysis to implementation and is now responsible for ongoing security scans and advising on security matters.

Tools, processes, and guidance for enhanced security

The solution combines a variety of scanning tools with DevSecOps processes, updated workflows, and guidelines from OWASP (Open Worldwide Application Security Project) and SWIFT CSP (Customer Security Programme).

Today, the solution performs continuous automated penetration tests and conducts scans every time new code is committed. This ensures that no new code introducing security holes can be added, and any potentially inappropriate code must be approved by a senior employee.

The new workflows and processes ensure that secure code is developed in compliance with current legislation and requirements for quality, transparency, and collaboration. At the same time, they support the securing of all components during development, as well as testing and secure integration into the production environment. In short, the solution supports best practices for CI/CD.

Employees receive ongoing guidance on the significance of security scans for governance and processes. With our experienced consultants’ deep knowledge of the public sector and regulated industries, we support the team with actionable recommendations for specific initiatives.

Taking IT security out of the black box

Most organizations have IT security high on their agenda, but few have an overview of their vulnerabilities or a clear plan for their approach to the area. NNIT Application DevSecOps can help strengthen the security of both critical systems and CI/CD.

In this way, the organization has gained a tool that has fundamentally changed their approach to IT security. Today, they have a concrete and continuously updated data foundation as well as tangible recommendations that can easily be translated into management advice and KPIs.

In other words, the organization now has a much better basis for all decisions related to IT security.