Finfare Financial Inc: Achieving Compliance and Increasing Efficiency with Chainguard

Finfare Financial Inc. is a financial technology company that helps businesses and consumers grow their money, manage their spending, and take control of their financial futures. Because Finfare handles personal identity and financial information, they operate in a highly regulated environment. Here, security and compliance are not just checkboxes, but fundamental to maintaining customer confidence. By adopting Chainguard, Finfare has been able to maintain compliance while reaching new levels of efficiency.

Challenge: Maturing Security and Compliance While Maintaining Speed

For Chad Brustin, Finfare’s VP of Information Security, the challenge his team encountered was twofold: prioritizing security fixes efficiently while ensuring development velocity remained unaffected. With a high number of vulnerabilities in their container images and limited engineering resources, it was difficult for Finfare to execute on both of these priorities without making significant compromises.

Additionally, meeting stringent compliance requirements like PCI, SOC 2 Type 2, and ISO 27001 was critical to maintaining customer trust and regulatory approval, and Finfare wanted to be able to present quantifiable security improvements to auditors.

“If you have 100 vulnerabilities you’re mandated to remediate, where do you start with limited resources to allocate between product development and application security?”

Solution: A Secure By Default Approach with Chainguard Containers

When Chad was introduced to Chainguard by his DevOps team, he saw an immediate opportunity to validate its impact. His approach was straightforward: put Chainguard Containers to the test. “Even in a simple proof of concept, you can see the value instantly—just run it alongside any static scanning tool and watch how many vulnerabilities it eliminates,” Chad shared.

Juan Diaz, Senior DevOps Engineer, quickly got the solution up and running. “Deploying Chainguard Containers was quick and straightforward,” Juan said. “We pushed the images to AWS ECR, updated our Dockerfiles, and made a few minor permission tweaks. That was it — a low-effort change with high-impact results.”

The results spoke for themselves. After evaluating vulnerability counts before and after deployment, the team swiftly rolled out Chainguard Containers for Node and JDK across 12 repositories. Within a week, the transformation was undeniable:

“In the course of deploying Chainguard Images over a week we saw immediate value, an immediate attack surface reduction, and a smaller blast radius. We went from 983 vulnerabilities down to just 36.”

Building Credibility

For both Chad and Finfare’s security auditors, the value was clear. With Chainguard Containers, Finfare could present their security improvements in a tangible, data-driven way, streamlining compliance discussions and reinforcing their security maturity. As Chad said, “An auditor isn’t going to take my word for it, they want to see the actual data. With Chainguard, we can show day-over-day and week-over-week scans.” Even for those without a technical background, Chad found that explaining the security improvements they’ve made was a simple story to tell them.

“Chainguard quickly demonstrated its overall value for Finfare. We can now deploy software without introducing new vulnerabilities and can show an ISO 27001 or SOC2 auditor the steps we’ve taken on our journey to mature our software development lifecycle.”

Driving Efficiency and Cost Savings

Finfare also found that the team could reduce the time and effort spent on vulnerability management. Security discussions in sprint planning became more focused, allowing teams to prioritize effectively rather than getting bogged down by low-priority issues. Chad noted, “I can spend less time in sprint planning talking about all of our vulnerabilities. Chainguard Containers are a quick way to take ground and show improvement.”

“Chainguard helps us build products faster because we know we have a strong foundation."

And while Chad can refocus his time toward other security tasks, Finfare’s software developers can focus on what they do best—shipping software. As Chad said, “Chainguard lets me focus on my role and lets developers do what they do best.”

"Chainguard Containers have made our lives easier as developers. We no longer waste time digging through tickets to fix image vulnerabilities or see a wall of red in our pipelines. With clean, secure base images, we can focus on building features and delivering value instead of firefighting."

Time and effort saved translates directly to cost savings. “When you compare a full-team of 25 people doing sprint planning for vulnerability management at $100 an hour to the Chainguard licence fee, the value is pretty straightforward,” Chad said.

For Finfare, integrating Chainguard into their security strategy was a game changer. As Chad puts it, "Even if you spent two weeks straight fixing vulnerabilities, you’re not gonna get as many wins as you will with Chainguard." With Chainguard handling the heavy lifting, Finfare was able to streamline compliance efforts, present tangible, data-driven security improvements to auditors, and save significant time and resources. As Chad adds, "If your goal is to shift left quickly and safely without breaking things, Chainguard is a tested way to do that."