Building security by design into mobile app development

KPMG helped a global leader in managed mobility solutions enhance their Agile-based IT and application development capabilities.

A global leader in managed mobility solutions
Agile, secure development process design
  • Client challenge
  • Benefits to client
  • Approach
  • KPMG insights

Client challenge

This technology solution provider’s approach to mobile platform and application development was lacking risk management, governance, enterprise standards, processes and controls. KPMG was engaged to develop an operating model that would exploit Agile development’s continuous improvement and speed to product delivery capabilities, while simultaneously ensuring adherence to standards, controls and security requirements.

Benefits to client

The new KPMG-led mobile platform and application implementation has enabled increased transparency, trust, and confidence in the security of its products through the standardization of key development components. It's also improved traceability through product backlog management, increased the development team’s security awareness and aptitude to respond to vendor audits, and standardized security analysis by embedding security by design throughout the Agile development process.


Given the breadth and depth of this engagement, KPMG leveraged the expertise and capabilities of an integrated team of professionals from its Experience Design and Engineering, Technology Management Risk Services, Cyber, and Security groups.

We assessed the current environment, provided delivery-focused guidance to help improve the product build and development stage, and developed a roadmap for implementation of leading Agile and Scrum practices, mandatory process controls, and an optimized risk-management process. We also embedded risk and threat modeling to improve product sustainability and accelerate identification of vulnerabilities.

KPMG insights

Proactively construct a culture of secure product development

By building security by design into the DNA of product development, you'll be able to reduce ever-increasing cyber security–related expenses.

Be Agile, but not at the expense of controls and standards

Integrating the best components of Agile development with auditability, reliability, standards and controls requirements isn’t only possible; it’s critical in today’s increasingly competitive and risk-filled environment.

An integrated team of professionals from KPMG's Experience Design and Engineering, Technology Management Risk Services, Cyber, and Security groups met this client's needs.