Comprehensive and convenient cloud-based application security testing
Purslow used IBM Application Security on Cloud to perform the comprehensive testing he sought. The service not only identifies security vulnerabilities but also provides Individual Restaurants with detailed reports that summarize security vulnerabilities, assess potential risk and offer best practices to remediate vulnerabilities.
“Our mobile app developers upload the latest version of the app each day to the IBM Cloud for testing and I can easily see any vulnerabilities across the whole process, including how the app integrates with our databases,” Purslow says. “I’ve been absolutely blown away with the level of detail and the recommendations the solution provides. We’re constantly re-uploading our app as we make changes and finding new things from the changes. It’s definitely a brilliant product.”
While much of the development work is performed in India, the databases supporting the new mobile app are hosted in the company’s UK data center. By performing application testing in the IBM Cloud, Purslow was able to streamline testing across borders.
“Our developers in India can speak to the Cloud and we can speak to the Cloud, and I know that when I migrate the app from India to our data center in the UK there won’t be any issues,” says Purslow.
Individual Restaurants evaluated a number of solutions before selecting IBM Application Security on Cloud.
“We liked IBM’s approach because it’s checking every line of code as you build the app,” Purslow explains. “You can upload as many times as you want to make sure that you’ve got perfect code. If you had a third party looking at the app and going through the code in the same way, it would take probably a year. IBM Application Security on Cloud is doing what it needs to do and giving us a 60-page report within a day.”
Delivering new mobile apps with confidence and success
Individual Restaurants expects to see at least a 10 percent increase in loyalty customer transactions as a result of its new mobile app, which will translate into approximately GBP10 million in increased revenue.
Through rigorous application security testing, Purslow gained the peace of mind he needed to launch this important mobile app.
“My main aim was to go to our Board and say that we’ve now got a product ready for market, and it’s not just ready because it has all of the functionality, but also because we’ve done our due diligence to make sure that we’ve got everything covered at a security level,” says Purslow. “There’s an awful lot of data that’s very important to us and to our guests and we obviously want to protect it.”
Many developers frequently express concern over the time and cost that application security testing might add to their development projects. But Purslow found that integrating application testing from the outset likely saved Individual Restaurant thousands of hours in development time. In fact, the application was completed on schedule in less than four months.
“The product has paid for itself already because we were able to do both development and testing at the same time,” says Purslow. “It would definitely have taken much longer had we gotten to the end of project and then tried to work through all of the vulnerabilities that we found. It also saves us money in the long term because once the product is released we can be confident that we don’t have to fix vulnerabilities after we’ve deployed.”
The insight developers gained during the process will also help them build more secure applications from the start.
“We started with our iOS app, and are now going to work on the Android app and the rebuild of our Club Individual website,” says Purslow. “When the developers build these apps, it’ll be a lot quicker because of the knowledge they gained.”
The experience has been so positive for Purslow that he is now looking to implement other IBM Security solutions.
“The whole process behind IBM Application Security on Cloud and the support we’ve received has been exceptional,” says Purslow. “It’s not that IBM is just selling us a product and leaving us with it. They want to know how we’re getting along and are quick to help, which is why I’m looking at changing some of our other security products to IBM. It’s going to be a long standing partnership.”