Lloyds Banking Group: Container Security Maturity Model

How a financial institution assessed and improved their container security posture
Lloyds Banking Group: Container Security Maturity Model

About Lloyds Banking Group

Lloyds Banking Group is a British financial services institution headquartered in London. The group provides a variety of financial services through brands such as Lloyds Bank, Halifax, and Bank of Scotland. The group serves a total of 27 million customers and employs 66,000 people.

Assessing the container security maturity level

Due to the extensive use of container technologies within the group, Lloyds Banking Group sought to evaluate the security posture of their container environments. To achieve this, ControlPlane was engaged to define a maturity model that would enable Lloyds Banking Group to assess their container security maturity level.

Challenges

Lloyds Banking Group utilised various container technologies across multiple cloud and on-premise environments, making it challenging to establish a framework to measure their overall security posture. It was important to have a maturity model that was agnostic enough to apply to multiple container technologies and platforms while covering a wide range of low level and technical requirements.

Solutions

ControlPlane defined a maturity model covering several domains, each containing multiple capabilities. For each capability, a detailed description of the implementation requirements for all maturity levels was provided. The implementation definitions were based on industry best practices and Controlplane’s extensive experience in container security across various institutions.

The deliverable enabled the client to:

  • Utilise a framework based on best practices applicable to multiple container technologies and platforms
  • Evaluate the security posture of their containerised applications across diverse and heterogeneous environments
  • Understand their maturity level in comparison to high standards and best practices
  • Compare the maturity levels of their different platforms in a standardised manner
  • Identify areas of improvement in their container security strategy
  • Plan for enhancements to drive their security posture to the highest maturity levels

Business outcomes

The client was equipped to assess the security level of their workloads and understand how mature they are compared to the highest standards. After an initial assessment, Lloyds Banking Group could identify potential areas of improvement and plan the next steps in their container security strategy.

Similar case studies

Featured Image

The Linux Foundation: Authoring the Kubernetes and Cloud Native Security Associate (KCSA) Exam

How the world’s leading open source organisation developed a new certification for the next generation of Cloud Native security professionals
Featured Image

Citigroup: Continuous Secure Ingestion for OSS Software Packages

How a multinational bank implemented automated provenance verification of over three million external packages
Featured Image

Questrade, Inc: GKE Infrastructure Threat Modelling

How an online brokerage enhanced the security of their GKE infrastructure to support their successful banking licence application