Fubon Financial Reduces API Security Risks with Kong Gateway Enterprise
Leading Asia-Pacific financial institution depends on Kong for standardization and governance across subsidiaries
Fubon Financial Strengthens its Foothold in APAC
Intent on becoming one of Asia's first-class financial institutions, Fubon Financial Holdings has the most complete portfolio of financial products and services in the industry, provided by a strong lineup of subsidiaries that includes Fubon Life, Taipei Fubon Bank, Fubon Bank (Hong Kong), Fubon Bank (China), Fubon Insurance, Fubon Securities and Fubon Asset Management. These subsidiaries ensure that Fubon delivers consistently strong results and remains a market leader.
With total assets of more than $300 billion, Fubon Financial is among the largest financial holding companies in the region. In recognition of its strong performance, Fubon has been named to the Fortune Global 500 and Brand Finances list of the Top 500 Most Valuable Global Brands for multiple years.
Centralizing Business Operations With Decentralized Deployments
The Fubon Financial team looked to API management as a way for their business to build a modern technology foundation in a reliable and scalable way. However, the team soon realized that not all API management solutions were created equal. With several subsidiaries yielding unique deployment requirements, it became a top priority to identify a lightweight solution that could offer their business the deployment flexibility it needed.
"Many API management solutions today are often highly system-integrated with a single gateway for reporting and monitoring. We were looking for a solution that offered more deployment flexibility so we could use it across disparate environments," says Su Chingwei, Chief Information Officer.
As a large financial institution with many subsidiaries, Chingwei and the team also struggled to find a solution that could meet the requirements of their many business units. They required a federated approach to API management that allowed subsidiaries to be autonomous, to allow for their own operations and scalability, but still needed the platform team at the parent company to enforce centralized policy and governance across the whole ecosystem.
Standardizing Security and Governance
After reviewing many different solutions, Fubon Financial selected Kong as its API Management solution of choice. "Many of our subsidiary companies had already onboarded Kong. Kong's deployment flexibility paves the way for our subsidiaries to operate across legacy and modern environments while expediting service integration and strengthening our connectivity," shared Chingwei.
Kong provided Fubon Financial with the ability to provision API governance in a centralized fashion across the entirety of its business, no matter which environments were being used by the various subsidiaries. As Chingwei said, "Configuration and implementation can be standardized and governed by Kong to achieve unified management. Each of our subsidiaries can now effectively manage their own operations while still keeping their records local and focusing on their core business objective."
Reducing and Mitigating Security Risks of Open APIs
Before Kong, Fubon Financial relied on a physical firewall IP configuration to maintain the authentication and authorization of its systems manually. This was an extremely complex and error-prone process. Now Fubon Financial leverages Kongs plugin architecture to mitigate the security risks of its external Open APIs while scaling operations across Asia without compromise.
With subsidiary autonomy and parent company central control and management, it helps to expedite API service development, facilitate audit, and define security control policies and specifications. "Kong's API platform security and governance capabilities (for example, authentication and authorization) enhance Fubon's overall security posture," says Chingwei.
"Kong provides flexible deployment and has a great user experience interface. The rich Kong Plugins selection equips us to accelerate service integration and connection across our legacy and modern environments."