Skip to content About the Client
The client is one of the world’s largest stock exchanges and runs one of the largest trading platforms. For the last five years, it has been number one globally in terms of derivatives contracts traded. According to the World Federation of Exchanges, it is one of the top three globally in the equity segment by volume of trades. The client has over 200 stockbrokers registered and 2000+ companies listed on the exchange. Recently, it set a world record regarding the number of transactions in a single day.
Since its inception, the market capitalization for companies listed on this stock exchange has increased 100 times to a staggering USD$5 trillion. The business leadership invests in advanced technology to operate its systems and maintain its state-of-the-art infrastructure to meet its dynamic requirements and pursue a high-performance IT strategy. They have built a highly versatile trading hub with a world-leading multi-asset class exchange and have always been pioneers in investing in tech ahead of time. For example, it introduced APIs two decades ago when no one thought about it.
A Foolproof Approach to Trading
The client’s IT strategy supports a complex, mission-critical trading ecosystem, requiring a robust infrastructure to stay at the cutting edge of technology. To achieve this, the client sought to enhance its software applications’ availability, security, and integrity, particularly those used by brokers and internal systems. Unique business and regulatory demands drive this approach:
Uninterrupted service
With zero tolerance for downtime during trading hours, the client-built core trading systems on fault-tolerant architectures, ensuring operations continue seamlessly during market hours and beyond.
Beyond standard security
Software security is designed to withstand primary data center failures, with performance and security intact. A SaaS-based trading platform enables continuity, while regulations require hosting it in other major exchanges’ data centers as a failsafe.
Trusted software distribution
Rigorous security layers ensure that software distributed to brokers remains genuine and tamper-free, maintaining trust at every level of the technology stack.
Comprehensive software validation
All internal systems, including self-developed, commercial, and open-source software, undergo rigorous validation to meet high security and performance standards.
These requirements reflect the client’s growing operational scale, the increasing complexity of cyber threats, and the critical need to uphold trust, transparency, and data integrity in the financial market.
Business Needs
As one of the largest and most trusted stock exchanges, the client operates under stringent demands for resilience, scalability, availability, and ultra-low latency- all within a highly regulated environment. To maintain a secure technology infrastructure that meets these exacting standards, the client partnered with a trusted provider to implement robust code security principles and best practices.
Dynamic code validation
The client has primed its software code infra for sudden market shifts. It monitors its system loads in real-time and requires dynamic code validation to support the process.
Balancing security with operational efficiency
Code signing implementation is needed to enhance security without significantly impacting the speed and efficiency of software deployment. The IT Team needed to find the right tool to automate the code-signing process to continue serving the internal systems and the external broker and trading community.
Near zero software latency
The systems must process millions of transactions per second. The code is fine- tuned continuously for rapid response, with some components clocking nanosecond latencies. This requires an advanced codesigning process.
Large and diverse software ecosystem
The client’s core trading application alone consists of 45 million lines of code across multiple market segments. The client uses a mix of self-developed, commercial, and open-source software, each requiring different validation approaches.
Business Solution
NuSummit Cybersecurity implemented a comprehensive code-signing solution with the following key features:
Private key security
HSM integration ensures private keys are securely stored and accessible only within the solution.
Role-Based access and policy enforcement
Controls each signing action, aligning with strict code-signing policies.
Certificate management
Centralized inventory for easy cross-platform certificate management.
Extensive file type support
Broad support for Windows and Linux applications
across the organization.
End-to-end validation
Ensured tamper-proof software security from development through deployment across the entire supply chain.
Third-party certificate-based signing
Implemented a system where an independent third party signs the code, enhancing trust and verifiability.
Role-Based access and policy enforcement
Controls each signing action, aligning with strict code-signing policies.
Seamless Dev/DevOps integration
CLI-based integration to streamline code signing within existing workflows.
Automated signing process
Streamlined the code signing procedure to minimize development and deployment pipeline friction.
Internal software validation
Extended code-signing to all internal applications, including proprietary, commercial, and open-source software.
Technology Stack
The technology stack included:
- CodeSign by NuSummit Cybersecurity
- Secure hash algorithms
- Digital signature technologies
- Integration with existing development and deployment tools
Project Differentiators
The code signing implementation stood out in several ways, demonstrating the exchange’s commitment to security and willingness to go beyond standard practices. These differentiating factors set the client apart in the financial services sector and positioned it as a leader in proactive security measures. The unique aspects of this project include
Proactive approach
The client implemented this solution ahead of regulatory requirements, demonstrating leadership in security practices.
Comprehensive scope
The project aimed to cover not just externally distributed software but all software running within the client’s systems.
Scale of implementation
Successfully implementing code signing across a 45-million-line codebase and convincing 1200+ developers is a significant achievement.
Business Impact
Implementing code signing at the stock exchange yielded significant benefits beyond technical improvements. This initiative had far-reaching implications for the client’s operations, reputation, and strategic positioning in the market. The client mitigated potential risks by enhancing trust and security and strengthening its foundation for future growth and innovation. The business impact of this project can be observed across various dimensions:
Proactive modernization
With code signing in place, the client’s technology team continuously modernizes the software portfolio, staying ahead of emerging threats and requirements.
80% Reduction in supply chain attack risk
Validating all software in operation has significantly reduced the client’s exposure to supply chain attacks and malicious code.
Securing 45 million lines of code
Code signing assures brokers and regulators of the software’s authenticity and integrity, reinforcing the client’s commitment to trust, transparency, and data integrity.
Future-proofing for regulatory requirements
By proactively adopting advanced security measures, the client is well-prepared for evolving regulatory standards.
75% Increase in DevOps efficiency
Automating code signing has streamlined DevOps workflows, boosting efficiency by 75% and minimizing risks associated with manual intervention.
Conclusion
Technology leaders often focus on core infrastructure needs—reliability, availability, scalability, and security—while navigating complex industry-specific demands. Our client exemplifies this balance, using advanced technology to meet rigorous regulatory standards and investor expectations.
Implementing code signing marked a pivotal advancement in the security and integrity of the client’s software ecosystem. By ensuring all software—both internally used and externally distributed—is verifiable, the client significantly reduced risks of tampering and malicious code.
This project strengthened the client’s position in the financial market and underscored NuSummit Cybersecurity’s commitment to the highest standards of security and trust. Despite the scale and complexity of this implementation, NuSummit Cybersecurity’ expertise helped deliver a seamless solution, positioning us as a leader in advanced security practices within the stock exchange sector.
