Client Story

A guiding North Star for cyber risk strength

KPMG helped a FORTUNE 500 omnichannel retailer's enterprise risk team assess and strengthen cloud risk management practices.

Sai Gadia

Sai Gadia

Partner, KPMG LLP

+1 612-305-5087

A leading Fortune 500 omnichannel retailer
Consumer and Retail
Google Cloud cyber security platform and cyber risk assessment
  • Client challenge
  • Key KPMG initiatives
  • Business impact
  • Why KPMG?

Client challenge

An omnichannel retailer had become a Fortune 500 household name by investing in innovation, managing risk every step of the way, and keeping long-term strategy in mind, regardless of the immediate challenge. Its multiyear information technology (IT) transformation journey is no exception.

As the company embraces the possibilities of Google Cloud Platform (GCP), it asked KPMG to assess and help strengthen its cloud risk management practices, with larger business objectives.

Key KPMG initiatives

KPMG helped the company assess current risk posture and develop a framework for ongoing monitoring of platform security and resiliency. Working with the company’s Enterprise Risk team, we leveraged the company’s existing cyber risk audit assets and experience with GCP to deliver a set of risk frameworks aligned to key cloud resources and risk domains. KPMG:

  • conducted stakeholder discussions to assess the cloud roadmap, GCP services, third-party application development tools, and data types for cyber risk resilience
  • designed a set of technical audit guides that capture resource-specific risks, outline controls and configuration settings by vendor platform, and set forth testing approaches
  • incorporated additional, sector-specific customer data security and regulatory knowledge to configure the audit program to the company’s needs
  • tested controls to identify gaps in current processes, communicated critical risks to leadership periodically, and provided recommended actions to mitigate risks.

Business impact

With the help of KPMG, the Enterprise Risk team has identified key risks across the cloud platform and developed a foundational framework for ongoing management of risk and controls in GCP. Specific benefits include:

  • governance leveraged as an IT value lever, as the company moves through a multiyear digital transformation
  • visibility into critical security, resiliency risks and misconfigurations, as the company continues adoption of GCP
  • framework for ongoing monitoring, audit visibility across GCP platform configuration to help ensure consistent application of appropriate processes, configurations and access model.


Strength and knowledge deliver a winning combination

The KPMG next-generation alliance with GCP synergizes Google strengths in cloud-enabled IT transformation, with our own domain experience in risk, regulatory compliance, and enterprise deployment.

We know cyber security

The right cyber strategy is an investment in the growth of the business, protecting and enabling the business to move at speed and pace. Our experience in cyber risk and security response combines that strategic perspective with tactical knowledge in areas such as security controls, cloud data storage, backup and recovery, and enterprise implementations.

We understand that risk and governance are value levers

Organizations count on KPMG to bring a high-level strategic perspective to the design and implementation of technology-intensive risk and governance processes, including dimensions of compliance, effectiveness, cost, and resilience.

Moving through a multiyear digital transformation, this company counted on KPMG to help it ensure that governance is an IT value lever.