How JATO Dynamics is embracing secure development

Specialist in automotive data and market insights is upgrading and rethinking its benchmarking and analysis tools to embed end-to-end security for today’s digital world

Background

JATO Dynamics provides business intelligence about global car markets. Its analysis examines market trends, vehicle specifications, car pricing and more. It provides essential, quantifiable information in a complex, fast-changing and highly regulated industry that’s awash with data that’s not always easy to navigate and compare.

The business is headquartered in Uxbridge in London, but has a global network of offices covering Europe and the Middle East, Asia, Australasia and the Americas.

What’s changed for JATO in recent years is the context within which its tools and services are applied. Cars and the car market are generating more data than ever before, and more and more customers want to view and compare this data through integrations using web APIs and cloud services. It all adds up to a context where JATO’s tools and platforms need embedded security in a way that’s distinctly different to when the company started in the 1980s.

aerial overhead view of parked cars of many different types and varieties

The Challenge

Part of the work for JATO Dynamics’ chief security officer, Nick Truman, has been to instil just the right culture and commitment to security at every level of the business.

“The company has offices around the world and development teams working with a mixture of programming languages on very different projects,” says Truman.

“The challenge I identified back in 2016 was to create a standardised way of embedding best-practice security protocols into every team. You have to take a first-principles approach to this, so that every team can adopt it in the same way and know their working practices are in synch with the rest of the business.”

The Solution

Every vibrant technology marketplace needs an unbiased source of information on best practices as well as an active body advocating open standards. In the application security space, one of those groups is the Open Web Application Security Project (or OWASP for short), which was used to underpin JATO’s multifaceted training programme.

“The programme started at the top, with overview training for JATO’s London boardroom to ensure buy-in and a deep understanding of the change being embarked on,” says Truman. “With the board, Stuart was brilliant at drawing out the association between data security, information security and its relevance to success in the day-to-day of the business.”

These sessions were followed up with further overview and hands-on training sessions – usually of two days in duration – in the UK (London), the US (Detroit) and Mexico (Mexico City) . To take it further, training practices in security are now being developed in-house to carry the adoption of new practices to every corner of the business.

“Beyond those boardroom sessions, the participants have typically been software developers, testers, database developers and database analysts,” adds Truman.

The training courses mean the development lifecycle for all of JATO’s projects is radically different now, and the new practices are an everyday reality that every team is implementing and validating step by step, with sharing sessions to swap the best learnings.

“Most of our products and services are well-developed, so retrofitting security requires a bottom-up approach that’s dedicated to doing things right at every step. Once you understand the issues, it gets easier and easier to find and adopt and then repurpose the solutions in other contexts, so the work is gathering pace all the time,” says Truman.

“We knew we needed to talk about security and risk across the business, and bringing in Framework Training was an excellent place to start. There is still work to be done, but progress is fast now and the culture in bang on course.”

The other benefit JATO Dynamics has felt is in the sense of community and mutual support that has been fostered.

“Our developers really appreciate that we are doing things in the right way, and they appreciate the investment we are making in their own development and future. It’s helped with our staff retention, as everyone enjoys working in a business that they can see is investing for the long term in a strategic way.”

What Participants Said

  • “An eye-opener regarding web security”
  • “Very engaging and informative”
  • “Validation samples will be helpful”
  • “Good course, lots of things to explore when I am back at my desk”

"I just want to drop you a note to say a huge thank you for such an amazing training course last week. The course exceeded all our expectations and was extremely timely for our team and has provided us with a way to move forward in terms of process & tool set. The level of discussion on process & its applicability was invaluable, so thanks. The full process from course tailoring to agreement and course delivery was professional and I can’t offer any suggested improvements!"

FD, Business Systems Manager
Frazer-Nash Consultancy

"I would like to thank you for all your help and assistance in organising the BizTalk & Azure training course for our team. We have enjoyed the course and found it well organised. Your company’s ability to work with our constraints and flexibility in being able to accommodate our requirements was very impressive. Our trainer was very knowledgeable and made all efforts to accommodate our needs. We appreciate that very much."

Windows Azure Development Training Course
RS, Principal Architect
Parliamentary ICT (Central Government)

"Very good explanations, approachable instructor. Well thought out content."

iOS App Development Training Course with Swift
AV, Mobile Developer
Leica Geosystems

"I, along with three colleagues, came on the Agile course. The training was fantastic. I have limited Agile knowledge and this helped answer all the questions I had, in an impartial and helpful way. I learned more about Scrum than I have done in the past and heard of different frameworks that I didn’t know existed and much of this was down to the instructor: his approach, style and knowledge. Please pass on my thanks and I cannot recommend Framework highly enough based on this session."

Agile Project Management Training Course
DS, Programme Manager
Technophobia

"The instructor was very knowledgeable and his explanations were very clear. "

Advanced C# Programming Training Course
BM, Senior Analyst
Carl Zeiss

"This Agile methodology can be applied to every day life!"

Professional Scrum Product Owner™ (PSPO) Training Course
M-CD, Product Owner
Amadeus

"The examples and labs were easy to follow. Many thanks!"

ASP.NET Core 3.0 MVC Training Course
SW, Software Engineer
DHL

"I have recently engaged with Framework Training to deliver some jQuery Training in-house. From the initial contact to the design discussions with the trainer…to the delivery of the course I have been extremely impressed. Framework have listened to our requirements and delivered accordingly! All the personnel involved have been engaging and professional and ensured a positive experience all round."

jQuery Training Course
GB, HR Manager
CHP Consulting

"I found the course incredibly interesting. There was a lot to fit in but I felt it went at a good pace."

Advanced C# Programming Training Course
JS, Senior Analyst
Talk Talk plc

"Useful discussions helped clarify and demonstrate the Product Owner role."

Professional Scrum Product Owner™ (PSPO) Training Course
SI, Product Owner
TFL

Fortify your perimeter

Talk to us about how to limit your business risk on 020 3137 3920

We would love to hear from you

Get in touch

or call us on 020 3137 3920