The Challenge: implement a security solution to meet regulatory requirements as a new bank
As a startup operating with only 120+ employees, Lunar empower their developers with the responsibility for addressing problems as they come up and ensure the company remains compliant. The ability to execute strategy and accomplish goals across the organization in a timely way is paramount to maintaining the company’s rapid growth. The addition of a banking license in 2019 provided even more of a challenge to meet a whole new set of regulatory standards they were unprepared for. It was determined a solution would need to be found that could be quickly and easily integrated into current workflows.
During the search Lunar found other companies were big and very enterprising - something that didn’t fit in with their start up culture. Instead they sought out true partners who would grow with them and tailor the solution to their needs, not just offer a standard solution to license.
"We want to be able to provide feedback and hopefully get the things that we're interested in, into the product as well. And so that was also a key thing in choosing Snyk because we felt we could influence it in some way."
The Solution: developer first approach led to an easy deployment of Snyk and instant insight into security vulnerabilities
The challenge of a small team meant that Lunar needed a solution that could be used right away, and didn’t require special training or separate web application to facilitate developer adoption. Implementing Snyk into their pipeline helps the team get a clearer picture of vulnerabilities across the board. This allows a busy team, to see high level concerns and mitigate what’s most urgent at that time.
"We needed to get something that could be used right away. Instead of saying, `Oh, you're doing all these things. And now you need to monitor this dashboard over here as well."
Snyk Container empowered developers to immediately fix crucial vulnerabilities
The Lunar team has already seen a change for the better in the workflow of developers when it comes to reviewing vulnerabilities. Snyk Containers provides unique capabilities for base image remediation, ensuring developers do not have to dedicate more time than necessary to quickly remediate and eliminate dozens of vulnerabilities in one fell swoop . Snyk ensures images are monitored continuously, alerting developers when new vulnerabilities are discovered. These streamlined communications are a boon to fast-growing companies who cannot burden a team pulled in so many directions with a deluge of information they must pick through.
"We tend to only push the right amount of info to developers and they can take it from there."
The Impact: Quick developer adoption meant a rapid and drastic reduction in the number of high severity vulnerabilities
While it was once difficult to find which dependencies need upgrades or has upgrades available, Snyk made it easier to do just that and get those needs into the automated pipeline. Now, it’s a matter of spending a fixed amount of time each day to discover if there’s something that needs to be fixed, then scheduling the time to fix it. The impact has been incredible.
"We went from 2,000 high vulnerabilities to a couple of hundred. Snyk provided a lot of value and went a long way to getting the developers to see this is a critical issue that needs to be regularly addressed."
Snyk helped Lunar quickly scale a stronger approach to security and easily meet looming regulatory requirements. When compared to other solutions, Snyk got off the ground faster and got the Lunar team the data needed to get their security process prioritized and solve problems from day one. The almost immediate drop in vulnerabilities also encouraged buy in throughout the company and generated excitement about what Snyk could do to fix other valuable parts of the business.