Societe Generale

Comprehensive security filtering and faster API exposure

SECTOR  Financial Services
PRODUCT  Self-Managed

Who is Société Générale?

Société Générale, one of Europe’s leading financial services groups and a major player in the economy for over 150 years, supports 29 million clients every day with 138,000 staff in 62 countries.

The Group draws on its European roots to develop activities internationally. Its unique geographic position enables it to connect Europe, Russia and Africa with major global financial centres in Asia and the Americas.

The Group combines financial strength, proven expertise in innovation and a sustainable growth strategy with the objective of creating value for all stakeholders. It seeks to be a trusted partner in the projects of those building tomorrow’s world today.

This engagement informs the Group’s mission: to protect and manage assets and savings, finance projects, protect clients in both their day-to-day lives and in their professional activities, ensure secure transactions and offer the best technological solutions.

Why Société Générale use an API gateway

APIs are at the heart of Société Générale’s digital strategy. They give the business the ability to develop products faster, seamlessly integrate data systems and extend their reach to new partners and other value co-creators.

Using APIs as a new method for accessing data and services presents cyber-criminals with a new way to attack the assets of the Group, its customers and partners.

An API Gateway is an external policy enforcement point that limits the risk of API exposure. As part of the group-wide solution, the platform needed to include security features to protect Société Générale’s APIs. Given the nature of the group’s business, security is extremely important, so the internal security team was heavily involved in the evaluation and approval process.

Why Société Générale chose Tyk

Société Générale looked for an API gateway solution that combines API security features, performance and ease-of-use.

Tyk’s embedded features were perfect for meeting Société Générale’s prerequisites. Christophe P. comments:

“Most of our Société Générale security requirements are achieved by Tyk’s embedded features. The Tyk solution also permits us to develop specific modules to enforce security points.”

For Société Générale, the security enforcement must have no impact for its clients.
Performance was a key consideration and so was Tyk’s speedy and attentive support service.

Société Générale also chose Tyk for its gateway architecture setup, allowing for resiliency in production and the fact that, once the solution had been integrated, the ongoing maintenance operations were simplified.

How Société Générale is working with Tyk

Société Générale’s API team implemented Tyk as an on-premise API Management platform.
The on-premise deployment supports user acceptance testing, production and production backup environments. It was a complex implementation. Christophe P. comments:

“The main obstacles were the understanding of the Tyk MDCB architecture: the role of each component, the technical knowledge to implement security and high availability.”

Société Générale provides APIs to external and internal clients and configure Tyk’s API Management solution to deliver the required security level for API exposure.

Société Générale is also making good use of the API analytics that the solution facilitates.