Cross app security and controls

Addressing cloud risks across your front, middle, and back office applications

Laeeq Ahmed

Laeeq Ahmed

Managing Director, GRC Technology, KPMG US

+1 818-227-6032

Brian Jensen

Brian Jensen

Managing Director, GRC Technology, KPMG LLP

+1 817-946-9552

The challenge of security

Today, there are cloud applications for almost every business function: customer management, procurement, human resources, finance, and more. However, deploying an increasing number of cloud apps without a coordinated security and controls strategy can expose your organization to multiple new digital risks, especially at a time when an increasing number of employees are working remotely. Fraud, digital security exposures, and weak controls are serious and persistent problems for all organizations due to internal and external threats. And as the number of connected apps grows, the risks spread from one app to another.

Information doesn't stay in one platform - it travels from one app to another.

To remain safe in a "cloud-centric" environment, organizations need to apply security controls across all of their applications.

The challenge is to accomplish this with a full 360 ° perspective of the functions that must work together securely and efficiently.

The KPMG cross-app approach

To address these new and emerging security risks, organizations need to apply a cross-application view of on-premises and cloud application security and controls. This approach can help organizations effectively balance the divergent task of leveraging modern cloud applications to empower business users, while simultaneously protecting sensitive data and transactions. We use a holistic framework that runs across front, middle, and back office. This scalable approach encourages a connected enterprise. It doesn’t matter how many tools the organization uses; the goal is to mitigate risk across the board.


The KPMG cross-app framework is a single, comprehensive approach that addresses risk in four ways:

Application controls

Application security

Cyber and identity & access management integration

Cross-app Target Operating Model (TOM) 

It doesn't matter how many tools the organization uses; the goal is to mitigate risk across the board.