Building an enterprise security assessment process into the software release cycle
Snapshot
The research and innovation team within our client’s global software and technology company was on the path to transforming innovative ideas into marketable products. While our client led the industry in creative technology innovation, they recognized an opportunity to improve management and development within their security assessment processes. As products ramped toward release, complications threatened to push schedules past release dates. Without strict adherence to established standards and clearly developed and consistent policies, discrepancies would require complex solutions and unanticipated man-hours that caused the security assessment process to go over budget and past schedule.
Team leaders sought a disciplined way to streamline security implementation and ensure release goals were met. The client engaged the Kalles Group for seasoned expertise in the security assessment process.
Challenge
While the client requested that the Kalles Group focus on guiding teams through the required compliance steps that would ensure the company security policy was understood and applied appropriately, our team recognized an opportunity to provide the client with the capability to transform their own internal processes. The Kalles Group team would need to implement security development policy without impeding innovation and exploration core to the client’s successful products.
If the Kalles Group team could document senior-level decision-making, those answers could be shared up- and down-stream, empowering employees to take ownership and make decisions throughout the process. This would not only speed the process, but it would reduce the amount of time and volume of work required for the security assessments.
Approach
While the Kalles Group team began guiding the client in the application of appropriate company security policy, they also began documenting the decisions, processes, and procedures being established, capturing the rationale within underlying decisions about how security management was handled. The Kalles Group team compiled this information into a decision-making framework that integrated consistent policies and next-steps into the security assessment process. The discipline the framework provided made these processes sustainable, repeatable, efficient, and trackable.
Finally, with this framework consistently shared and communicated across the team, more people were empowered to make decisions, and by the time projects reached security assessment, they were much closer to release.
Results
While it would have been simpler to provide only the services the client requested, the Kalles Group proactively offered a solution that was integrated into practice, and embedded into a new and better way the organization handled security assessments.
Instead of leaving the client vulnerable and dependent on outside consultants, the client now has increased capabilities based on the knowledge that was captured and applied to improved processes. This increased efficiency and organization is now embedded in the way the client’s team does business.