Case Studies

Fubon Financial Focuses on Security and Standardization with Kong Enterprise

Get Started with Kong

Overview

Fubon’s vision is to become a top-notch financial institution in Asia. It has various financial service subsidiaries, including Fubon Life Insurance, Taipei Fubon Bank, Fubon Bank (Hong Kong), Fubon Huayi Bank, Fubon Property Insurance, Fubon Securities and Fubon Investment Trust. Fubon is the pioneer in the Asia financial market, with a full product portfolio, diversified financial services and outstanding achievements. By the end of December 2021, Fubon’s total assets value is worth NT$10.5119 trillion, making it the second largest financial holding company in Taiwan. In 2021, it was awarded as one of the Fortune Global 500 for four consecutive years. Also, Fubon has been nominated as one of the Top 500 Most Valuable Global Brands for the past two years.

Results

Decentralized Architecture Deployment and Management

Standardized Configuration Security Controls and Processes

Reduce and Mitigate Security Risks of external Open APIs

Solutions:

  1. High performance and flexible deployment.
  2. A diverse range of Kong Plugins enable service integration across different deployment environments and facilitate centralized control and governance. 
  3. Reduce operation cost and improve efficiency.

Challenges:

  1. No unified UDDI for discovery.
  2. Authentication and authorization rely on the physical firewall IP configuration and are maintained manually
  3. Most of Fubon’s existing APIs are SOAP APIs. Authentication and authorization rely on the physical firewall IP configuration and are maintained manually. The processes are complex, difficult to control and error-prone. Therefore, there is a strong need to improve information security policies and control for sustainability and scaling. 
  4. No centralised management tool hinders service provision, integration, and connection. It renders lack of control on application development standard and security governance.
  5. The original structure cannot provide real-time insights, which degrades API management efficiency and time to resolution.

Decentralized Architecture Deployment and Management

To find the right solution for a large financial organization with multiple subsidiaries is utterly challenging, especially in the early days. Most solutions are highly system-integrated, including a single gateway, reporting, and monitoring mechanisms. However, we look for a solution that can be adaptively deployed in different environments across subsidiaries with multiple gateways and governance (i.e., authentication, authorization, monitoring etc.). Subsidiaries need autonomy to operate and scale. At the same time, they can be integrated and connected. Each of them can manage their own operation, focus on business core value, and keep log records locally. Overall, the parent company has centralized control, policy, and governance.

Standardized configuration security controls and processes

“Configuration and implementation can be standardized and governed by Kong to achieve unified management capacities. Current goal is to support and onboard child companies to the Kong platform and ramp up users’ Kong skills and knowledge, to pave the way for building Kong Gateway in each child company operating environment. Additionally, we are promoting Kong and planning to build a Kong community.”

Reduce and Mitigate Security Risks of external Open APIs

“With subsidiaries autonomy and parent company central control and management, it helps to expedite API service development, facilitate audit, and define security control policies and specifications. Kong API platform security and governance capabilities (for example, authentication and authorization) enhance Fubon’s overall security posture.”

“Kong provides flexible deployment and has a great user experience interface. The rich Kong Plugins selection equips us to accelerate service integration and connection across our legacy and modern environments.” – Su Qingwei, Chief Information Officer, Fubon Financial Holdings