Financial servicesSecurity and modernization

Halving security incidents while modernizing a core lending system

Cobalt needed to modernize an aging lending application and tighten security at the same time, under real regulatory scrutiny.

Client

Cobalt Financial

Timeline

26 weeks

Platforms

Google Cloud, US regions

Team

6 Synabix engineers across security and software

52%

fewer security incidents year on year

faster release cadence, from monthly to weekly

SOC 2 Type II

achieved on the first attempt

The challenge

Where they started.

Cobalt's lending system was a decade old, slow to change, and increasingly hard to defend. Audits were stressful, incidents were rising, and every release felt like a gamble. They could not pause the business to fix it.

The stack

Google CloudGoReactHashiCorp VaultGitLab CICloud Armor

What we did

We hardened identity and access first, then added detection and logging so the team could see what was happening.
Using a strangler-fig approach, we peeled the riskiest parts of the monolith into well-tested services without a big-bang rewrite.
Security review became part of the pipeline, not a gate at the end, so changes shipped safely and often.
We mapped controls to SOC 2 and the bank's regulatory obligations and left an evidence trail that makes audits routine.

Synabix treated security as architecture, not paperwork. We modernized the core system and came out of our audit stronger, with incidents down by half.

Priya RamanChief Information Security Officer, Cobalt Financial

Practices involved

Security Software

More work