Building security by design into mobile app development
Building security by design into mobile app development
Shahn Alware

Shahn Alware

Director, CIO Advisory, KPMG US

+1 619-822-2584

CLIENT STORY

Building security by design into mobile app development

KPMG helped a global leader in managed mobility solutions enhance their Agile-based IT and application development capabilities.

Download PDF
Client
A global leader in managed mobility solutions
Sector
Technology
Project
Agile, secure development process design
  • Client challenge
  • Benefits to client
  • Approach
  • KPMG insights

Client challenge

This technology solution provider’s approach to mobile platform and application development was lacking risk management, governance, enterprise standards, processes and controls. KPMG was engaged to develop an operating model that would exploit Agile development’s continuous improvement and speed to product delivery capabilities, while simultaneously ensuring adherence to standards, controls and security requirements.

Benefits to client

The new KPMG-led mobile platform and application implementation has enabled increased transparency, trust, and confidence in the security of its products through the standardization of key development components. It's also improved traceability through product backlog management, increased the development team’s security awareness and aptitude to respond to vendor audits, and standardized security analysis by embedding security by design throughout the Agile development process.

Approach

Given the breadth and depth of this engagement, KPMG leveraged the expertise and capabilities of an integrated team of professionals from its Experience Design and Engineering, Emerging Technology Risk Services, Cyber, and Security groups.

We assessed the current environment, provided delivery-focused guidance to help improve the product build and development stage, and developed a roadmap for implementation of leading Agile and Scrum practices, mandatory process controls, and an optimized risk-management process. We also embedded risk and threat modeling to improve product sustainability and accelerate identification of vulnerabilities.

KPMG insights

Proactively construct a culture of secure product development

By building security by design into the DNA of product development, you'll be able to reduce ever-increasing cyber security–related expenses.

Be Agile, but not at the expense of controls and standards

Integrating the best components of Agile development with auditability, reliability, standards and controls requirements isn’t only possible; it’s critical in today’s increasingly competitive and risk-filled environment.

An integrated team of professionals from KPMG's Experience Design and Engineering, Emerging Technology Risk Services, Cyber, and Security groups met this client's needs.

 

KPMG complies with the auditor independence rules of the AICPA, SEC, PCAOB and DOL. As a result, some services described herein may not be available to our audit clients. KPMG audit clients should check with their respective lead audit partner for more information.

Related service

Modern delivery

Service

Modern delivery

Technology solution development: How do you balance speed and risk while also putting the customer at the center of design?
Read more