In developing a new mobile app for customers, Individual Restaurants wanted to confirm that it had identified and fixed security vulnerabilities before the application was deployed in the marketplace.
Using IBM’s cloud-based application security testing solution, the company gained a comprehensive and convenient way to test its software code daily throughout the development process.
Uncoveredsecurity vulnerabilities to reduce risk exposure
Streamlinedapplication security testing to decrease time-to-market of new mobile apps
Reduceddevelopment costs by identifying vulnerabilities early in development cycle
Business challenge story
Closing security vulnerabilities before mobile apps are put in production
Providing consumers an exceptional experience is at the core of Individual Restaurants’ mission, and that exceptional experience isn’t simply focused on the amazing cuisine that each of its restaurant serves.
“At every stage of the customer experience we want to exceed their expectations,” says Adam Purslow, IT director, Individual Restaurants.
Take, for example, Individual Restaurants’ work to offer its customers a host of lifestyle services and benefits through its loyalty program, Club Individual. Club Individual currently boasts membership of more than 700,000 people, with an average of 2,500 customers joining each week. Approximately 40 percent of the company’s sales is recorded on Club Individual loyalty cards.
Through a new mobile app, Individual Restaurants is reinventing the customer experience, making it easy for guests to not only reserve and pay for their meals via their smartphones, but also to access valuable content such as recipes, podcasts and blogs.
“We’re creating what we believe is the best loyalty program in the UK by far,” says Purslow. “The app is designed to make it extremely easy for the guest to interact with us, and for us to identify ways to exceed their expectations. For example, if a guest orders the same bottle of wine on each visit, on their fifth visit, we can see they’ve made a reservation and have a complimentary bottle of their favorite wine waiting for them on the table.”
As Purslow began development of the new mobile app, a key goal was to build in security from the start, rather than to “bolt it on” at the end.
“Our mobile app integrates with many of our backend systems,” says Purslow. “We were opening ourselves up to an awful lot of risk and we needed to be confident that we had fully tested our app and found any security vulnerabilities before we went to market.”
Comprehensive and convenient cloud-based application security testing
Purslow used IBM Application Security on Cloud to perform the comprehensive testing he sought. The service not only identifies security vulnerabilities but also provides Individual Restaurants with detailed reports that summarize security vulnerabilities, assess potential risk and offer best practices to remediate vulnerabilities.
“Our mobile app developers upload the latest version of the app each day to the IBM Cloud for testing and I can easily see any vulnerabilities across the whole process, including how the app integrates with our databases,” Purslow says. “I’ve been absolutely blown away with the level of detail and the recommendations the solution provides. We’re constantly re-uploading our app as we make changes and finding new things from the changes. It’s definitely a brilliant product.”
While much of the development work is performed in India, the databases supporting the new mobile app are hosted in the company’s UK data center. By performing application testing in the IBM Cloud, Purslow was able to streamline testing across borders.
“Our developers in India can speak to the Cloud and we can speak to the Cloud, and I know that when I migrate the app from India to our data center in the UK there won’t be any issues,” says Purslow.
Individual Restaurants evaluated a number of solutions before selecting IBM Application Security on Cloud.
“We liked IBM’s approach because it’s checking every line of code as you build the app,” Purslow explains. “You can upload as many times as you want to make sure that you’ve got perfect code. If you had a third party looking at the app and going through the code in the same way, it would take probably a year. IBM Application Security on Cloud is doing what it needs to do and giving us a 60-page report within a day.”
Delivering new mobile apps with confidence and success
Individual Restaurants expects to see at least a 10 percent increase in loyalty customer transactions as a result of its new mobile app, which will translate into approximately GBP10 million in increased revenue.
Through rigorous application security testing, Purslow gained the peace of mind he needed to launch this important mobile app.
“My main aim was to go to our Board and say that we’ve now got a product ready for market, and it’s not just ready because it has all of the functionality, but also because we’ve done our due diligence to make sure that we’ve got everything covered at a security level,” says Purslow. “There’s an awful lot of data that’s very important to us and to our guests and we obviously want to protect it.”
Many developers frequently express concern over the time and cost that application security testing might add to their development projects. But Purslow found that integrating application testing from the outset likely saved Individual Restaurant thousands of hours in development time. In fact, the application was completed on schedule in less than four months.
“The product has paid for itself already because we were able to do both development and testing at the same time,” says Purslow. “It would definitely have taken much longer had we gotten to the end of project and then tried to work through all of the vulnerabilities that we found. It also saves us money in the long term because once the product is released we can be confident that we don’t have to fix vulnerabilities after we’ve deployed.”
The insight developers gained during the process will also help them build more secure applications from the start.
“We started with our iOS app, and are now going to work on the Android app and the rebuild of our Club Individual website,” says Purslow. “When the developers build these apps, it’ll be a lot quicker because of the knowledge they gained.”
The experience has been so positive for Purslow that he is now looking to implement other IBM Security solutions.
“The whole process behind IBM Application Security on Cloud and the support we’ve received has been exceptional,” says Purslow. “It’s not that IBM is just selling us a product and leaving us with it. They want to know how we’re getting along and are quick to help, which is why I’m looking at changing some of our other security products to IBM. It’s going to be a long standing partnership.”
Individual Restaurants is a leading restaurant company in the UK. Its restaurants, which include Piccolino, The Restaurant Bar & Grill, Bank Restaurant & Bar, Opera Grill and Gino D’Acampo My Restaurants, are committed to serving seasonally inspired cooking and providing great service.
Take the next step
To learn more about IBM application security solutions, please contact your IBM representative or IBM Business Partner, or visit the following website: http://www-03.ibm.com/software/products/en/category/application-security.