Skip to main content
Customers

Acuity Knowledge Partners

Acuity knowledge partners improve security in financial services industry with Snyk

Destaque do cliente

Sameer Goyal

Head of Engineering

Setor: Finserv
Location: United Kingdom

Products Featured

Snyk Open Source Snyk Container Snyk IaC

Destaques:

Implemented security program across 200+ employee technology department

Seamlessly integrated Snyk Open Source with Microsoft-focused technology stack

Leveraged webhooks and CLI to automate security scanning throughout build pipeline

Secured Terraform deployments using Snyk Infrastructure as Code

Improved security posture re-assures financial services customers on the firm’s technology

The Challenge: Becoming a technology-first organization

While Acuity focused on offering subject matter experts (SMEs) to its customers in the past and continues to do so, the company is shifting towards delivering value through technology. As part of these efforts, Acuity is developing proprietary technologies and automated solutions, including its suite of Business Excellence and Automation Tools (BEAT). While transitioning to a technology-first company, however, Acuity realized the need to prioritize application security to give its financial services customers greater confidence in its technology.

“Security - whether it’s for data, platform, or infrastructure - is essentially job zero for the firm,” stated Sameer Goyal, Head of Engineering at Acuity Knowledge Partners. “Since we work with the financial services firms, there are several compliance and audit requirements that we need to take into consideration.”

The Solution: Introducing Snyk into the SDLC

As a technology leader, Acuity relies on a global team for developing its internal digital productivity tools, customer-facing self-service digital apps, and other digital services & software solutions. In fact, BEAT, the company’s research and development (R&D) department is made up of over 200 developers, test automation engineers, user experience designers, product owners, and other key personnel. While Acuity formalized its technology program over the past few years, the company recognized the need for an application security tool that could be integrated into its development pipeline across this large and growing R&D team.

“There are two ways of addressing security,” Goyal explained. “One approach is to build something and fix the problems later. The better option is to build security into the development process from the start. That’s why we chose to adopt Snyk.”

Snyk’s focus on developer-first security not only prevented issues from reaching production, but also made it easier for developers to adopt the security tool. Acuity was able to integrate Snyk into its build pipeline to automatically scan for vulnerabilities. This has eliminated manual effort and ensures that whenever a build is successful, it has fulfilled the security requirements for release.

“With Snyk, our deployment process from development to production has significantly shortened,” revealed Goyal. “We can deliver faster without having to worry about being off the mark for our security benchmark.”

Streamlined integration with Microsoft technology stack

Acuity’s technology stack is focused on the Microsoft ecosystem, so its developers primarily use the .NET framework and Visual Studio IDE to build applications. Snyk’s IDE plugin in the Visual Studio Marketplace and command line interface (CLI) made it straightforward for Acuity to integrate the scanning tool into its existing build process. Acuity can now use Snyk Open Source to detect and remediate vulnerabilities in third-party .NET packages.

“We’re primarily a Microsoft shop, so developers used Visual Studio to write code on a daily basis,” explained Goyal. “One of the main reasons we decided to go with Snyk was because the Visual Studio integration was available out-of-the-box. The security also fits in nicely with the other technologies in our ecosystem.”

Acuity also uses Snyk Infrastructure as Code to secure its infrastructure configurations. The company’s development and production environments run on hundreds of servers managed by Terraform on Amazon Web Services (AWS). Snyk can scan for vulnerabilities in Terraform files to ensure Acuity's environments are secure across all of these servers as well.

The Impact: Proactively Improving Security & Compliance

With the implementation of Snyk, Acuity is now able to stay on top of the security and compliance requirements expected by its financial services customers. The security tool has enabled developers to proactively improve the security posture of their applications without slowing down delivery. As Acuity shifts towards more containerized deployments, the company hopes to leverage Snyk Container to further secure its software as well.

“The speed at which Snyk updates its vulnerability database is a clear differentiator,” Goyal said. “I’ve seen other databases take weeks or even months to include newly identified vulnerabilities, but Snyk helps us stay current with security issues automatically.”

/about/ Acuity Knowledge Partners

A Acuity Knowledge Partners -, que antes fazia parte da Moody's -, é um provedor líder de serviços de pesquisa, análises e business intelligence de alto valor para o setor de serviços financeiros. A empresa auxilia mais de 350 bancos de investimentos, gestores de ativos e outras instituições financeiras com a prestação de serviços para ajudar a melhorar a eficiência operacional e impulsionar o crescimento da receita.

Comece a proteger o código gerado por IA

Crie sua conta gratuita da Snyk para começar a proteger o código gerado por IA em questão de minutos. Ou agende uma demonstração com um especialista para ver como a Snyk se adapta a seus casos de uso de segurança de desenvolvedores.

Não requer cartão de crédito.

Comece grátis com o GitHubComece grátis com o Google

Or Sign up with

SSOBitbucketAzure ADDocker ID

Ao fazer login ou se cadastrar, você concorda em cumprir nossas políticas, incluindo os Termos de Serviço e a Política de Privacidade

Snyk é uma plataforma de segurança para desenvolvedores. Integrando-se diretamente a ferramentas de desenvolvimento, fluxos de trabalhos e pipelines de automação, a Snyk possibilita que as equipes encontrem, priorizem e corrijam mais facilmente vulnerabilidades em códigos, dependências, contêineres e infraestrutura como código. Com o suporte do melhor aplicativo do setor e inteligência em segurança, a Snyk coloca a experiência em segurança no kit de ferramentas de todo desenvolvedor.

Comece grátisAgende uma demonstração ao vivo

Produto

O que é a Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerInfraestrutura como Código da SnykSnyk AppRisk (ASPM)Plataforma de Segurança para o DesenvolvedorSegurança de aplicativosSegurança da cadeia de suprimentos de softwareProteja o código gerado por IA DeepCode AIPreçosOpções de implantaçãoIntegraçõesPlugins de IDESegurança GitSegurança de pipelines de CI/CDSnyk CLISnyk LearnSnyk para JavaScript

Recursos

DocumentaçãoDocumentação da API da SnykStatus APIVulnerabilidades reveladasPortal de suporte e perguntas frequentesBlogElementos básicos da segurançaRecursos para líderes de segurançaRecursos para hackers éticosBanco de dados de vulnerabilidadesSnyk OSS AdvisorSnyk Top 10VídeosRecursos do clienteSecurity LabsThe Secure Developer Podcast

Empresa

SobreClientesCarreirasEventosSnyk para governoSegurança e confiançaTermos jurídicosPrivacidadePara os residentes na Califórnia: Não vender minhas informações pessoaisTermos de uso do siteProcurement

Conecte-se

Agende uma demonstração ao vivoFale conoscoSuporteRelatar nova vulnerabilidade

Segurança

Segurança de aplicativosSegurança de contêineresSegurança da cadeia de suprimentosSegurança JavaScriptSegurança de código abertoSegurança AWSSDLC protegidoPostura de segurançaCódigo protegidoHacking éticoIA em cibersegurançaVerificador de códigoPythonCibersegurança para grandes empresasJavaScriptSnyk com GitHubSnyk vs VeracodeSnyk vs. CheckmarxSnyk vs Synopsys

© 2024 Snyk Limited
Registrada na Inglaterra e País de Gales

logo-devseccon