Case Study Info

Secure Data Proxy

.pdfSecure Data Proxy.pdf

The Challenge

In some circumstances it is impossible for client companies to allow unrestricted access to applications, even to the developers engaged to maintain and upgrade them. So it is in the relationship between Softage and FTechnics Inc, a large and respected provider of IT services to the financial sector. The integrity of their systems is crucial not only to their own success as a business, but also to that of their customers, and not only in terms of reputation.

The security of IT systems of the type provided by FTechnics is of critical importance, not only to the corporation itself, but also to the end users of their products. In acknowledgement of this, FTechnics is constantly striving to exclude even the slightest possibility of compromising its applications. In the modern era, the slightest vulnerability will be pounced upon and exploited by the many would-be IT criminals. As a part of their program of development and improvement of their applications, FTechnics approaches Softage in March 2011 and asks for help improving the already robust safeguards and protections on the integrity of their systems.

Understandably, there are constraints within which Softage must work on their software.

Solution Overview

FTechnics Inc specializes in the provision of financial IT to the banking, brokerage, and finance industries. They develop and provide systems dealing with foreign exchange transactions, share trading, and the buying and selling of derivatives and commodities. Their customers are financial companies drawn from the full spectrum of the market, from the smallest start-up company to the mightiest multinational corporations. FTechnics now offers not only trading systems, but also back office systems, account management services, and software and hardware integration services. Based on Wall Street in New York, they have clients in every corner of the world relying entirely on the products and systems that they provide.

FTechnics wants to bolster the already high levels of security in their own internal systems by reconfiguring the way in which one of their trading applications works. They want to put greater protection around a key application running on their own servers by using high performance encryption proxy servers to prevent any possibility of access to the application. To ensure the highest levels of security, the whole communication was to pass through the secure proxy server.

The task presented something of a challenge to our team. The client’s need to be 100% certain that the integrity of their system cannot be compromised so they are unable to allow Softage’s developers access to everything we might want. In fact, so tight is security around the application that we can’t even be given access to the server itself, or to any of the source code, or to the application’s interfaces. All we have to go on is a document which described the communications protocol within the system itself.

Despite the roadblocks, the Softage development team draws upon their significant experience of this type of issue to deliver a configurable windows service meeting all of FTechnics’s needs. The service is rolled out in February 2012, and FTechnics declares themselves to be delighted with it in every respect.

Tools & Technologies

Developing the configurable Windows service for FTechnics requires deep knowledge and understanding of C/C++, TCP/IP and IOCP (an API for performing multiple simultaneous asynchronous input/output operations in Windows).