Context

VONA supported a Canadian financial organization in implementing an agile development approach while integrating security from the start of its projects (security by design). The aim was to minimize IT security risks by design, by ensuring that each development stage takes into account security best practices in a seamless manner within agile cycles.

Methodology

To achieve this objective, VONA structured its intervention around the following steps:

• Diagnosis of the existing process : conducting 10 targeted interviews, analyzing reference documents and evaluating the tools in place to better identify points of friction and opportunities for improvement.
• Proposal of a target process adapted to Agile : design of an integrated agile process, making it possible to incorporate security aspects while respecting the flexibility and speed of iteration specific to the agile methodology.
• Design of an evolving tool : development of support for security in projects, built in close collaboration with the Information Systems Security (SSI) team to guarantee its relevance and its ability to evolve with needs.
• Change Management : implementation of the new process through two pilot projects, in order to assess the relevance of adjustments, to gather feedback from the teams and to refine the model before it is deployed across the organization.

Benefits

VONA's support has enabled the financial organization to make several significant advances:

• Optimizing the security integration process : the new process makes it possible to manage security from the start of projects, which considerably reduces the risks of security breaches at the end of the cycle.
• Improvement of steering : the implementation of KPIs (Key Performance Indicators) made it possible to ensure accurate monitoring of the evolution of security practices within projects, facilitating the overall management of security.
• SSI team satisfaction : according to a survey conducted six months after implementation, the entire SSI team expressed significant satisfaction with the ease of adoption of the new process and the reduction of friction with project teams.

In short, this mission allowed the organization to strengthen its security practices, while respecting the requirements of speed and adaptability of agile methodology, thus creating an environment conducive to the success of its projects while minimizing risks.