By introducing automation of control and governance throughout the SDLC, fewer manual checks and interventions in their three-line defence approach were needed, helping to remove existing bottlenecks and speed up the frequency of deployments and allowing people to move to higher value work.
Introducing a Community of Practice improved continuous learning and encouraged collaboration. This also helped improve employee satisfaction and increased interactions with security practitioners, resulting in more robust ways in fixing issues due to crowdsourced problem solving and innovative thinking. In the first three months, £200k of savings were identified through automation of only four security controls.
Standardisation on a single set of policies and procedures allowed the client to easily demonstrate regulatory compliance, such as implementing a single password policy, creating an additional benefit of reducing password reset overheads.
By designing and implementing a new operating model, teams developed agile ways of working and made decisions quicker through clear accountability. For example, a new IOS app took only months to implement, which previously would have taken years.
The new operating model facilitated the creation, support and the maintenance of a set of security services (IDAM, monitoring and pen testing) that could be utilised by the global business units. .