Sunwest Bank Strengthens Security and Innovation with Automated Continuous API Testing

About Sunwest Bank

Founded in 1969 in Tustin, CA, Sunwest Bank has been in business for over fifty years and proudly serves the nation, with a physical presence in Arizona, California, Idaho, Florida, and Utah. Although we have grown significantly over the years, we remain a bank with a community focus dedicated to building solid relationships with our clients. We provide best-in-class service and a tailored approach to entrepreneurs, small and medium-sized businesses, privately held corporations, family offices, developers, and investors. We are the bank built for entrepreneurs by entrepreneurs.

Sunwest’s innovation is fueled by the vision of industry veteran CIO Matt March. Under March’s guidance, Sunwest has transformed its technology landscape significantly. March leads technology transformation efforts across all bank systems, focusing on APIs, banking-as-a-service, payment rails, fintech integration, proprietary application development, data management, information security, information technology, and regulatory compliance.  One of the contributing success factors to Sunwest’s success is March’s commitment to a unified “one team” approach, fostering collaboration and cohesiveness within the organization. 

The Challenge

• Internal, partner, and external development teams
• Expansive set of modular APIs
• Continuously evolving applications with evolving business logic exposed through APIs
• Complex and stringent regulatory requirements

Sunwest combines internal, partner, and external development teams to provide digital customer experiences. Beyond these digital customer engagement channels, Sunwest delivers a comprehensive set of adaptable, modular APIs. These APIs allow fintech and retail partners to leverage the full range of Sunwest Bank offerings and establish direct connections to its core provider, Fiserv.

Sunwest applications continuously evolve, with the logic exposed through APIs constantly changing.  Sunwest has identified top API security priorities, achieving a comprehensive understanding of their Application / API landscape and implementing proactive, continuous API testing of applications. 

The Sunwest Bank infosec and risk teams are confronted with securing a continuously expanding API landscape across a distributed development model involving internal and third-party developed applications. Sunwest set out to find a successful API security program to support their organization's close partnership between the development, IT, and security teams and continuously test the APIs to reduce risk and combat some of the challenges they faced. 

The Solution

As Sunwest searched for the right solution, they prioritized finding an approach that could maintain security and the speed of innovation. APISec's pre-production, automated, and continuous API testing solution was the answer that addressed the challenges Sunwest faced. The APISec solution effectively monitors all of Sunwest’s APIs, serving as an essential security resource for the team. The real-time updates on risks and issues have been vital in maintaining the security of the Sunwest platform ecosystem.  The integration of APISec meets Sunwest Bank's security requirements and aligns with the organization's need for continuous innovation without compromising safety.

Additionally, the partnership with APIsec extends beyond API monitoring.  Sunwest now benefits from APISec University's award-winning, broad API security education system. Seamlessly integrated into the Sunwest LMS system, APISec University training programs are fundamental to providing additional security training for Sunwest employees. The partnership with APISec has empowered Sunwest to build a proactive security approach, providing predictive and detailed insights. The insights enable Sunwest to identify and correct API vulnerabilities before they can impact the product.  

The Results

Coverage

"There are API security solutions that may monitor for anomalies or alert you when something might be under attack. That information is valuable, but the reactive nature of it is dangerous, especially in this industry, because that's where breaches happen. The ability to do proactive, continuous scanning of our APIs offers a much more comprehensive approach to API security. APIsec is always checking our APIs, finding vulnerabilities, and the level of detail is amazing." 

Responsiveness

"As with any security implementation, some things that need to be solved will pop up. With APIsec, the few things that have come up, they've embraced and formed a solution efficiently.”

Speed to Value

"We've basically gone from ground zero – evaluating the solution, to onboarding our APIs and building our models, to seeing significant progress against our API security in a short span of time. It's been incredible for me to see that level of growth in such a short amount of time."  

Frictionless

"In many situations, security solutions create friction where it doesn't need to exist. APIsec supports our "one team" approach in a way that makes it easy for all of us to work together to ensure we're identifying and fixing vulnerabilities; to deliver experiences with the speed and security that serves our customers."