The Challenge

Deloitte India’s cybersecurity practice needed to keep its clients and internal leadership informed about the rapidly evolving landscape of cyber threats. The CxOs, security analysts, and threat intelligence personnel across Deloitte’s client organizations and internal teams required timely, curated, and actionable information about security vulnerabilities, emerging attack vectors, and industry-specific threat advisories.

The key challenges were:

• Information Dissemination Gap: Critical cybersecurity threat intelligence was not reaching the intended audience (CxOs, security personnel) in a timely, accessible, and personalized manner. Traditional email-based distribution was inefficient, easily overlooked, and lacked engagement tracking.
• Personalization Requirements: Different users had different roles (CxO, Security Analyst, IT Manager) and different areas of concern (industry sector, threat severity, geographic region). The platform needed to deliver personalized, role-based content feeds.
• Multi-Tier Access Control: Deloitte required a sophisticated user hierarchy — Generic Users, Standard Users, and Premium/VIP Users — each with different levels of access to threat intelligence content, including detailed analysis and end-of-life product advisories.
• Mobile-First Engagement: The target audience of senior executives and security professionals needed to consume threat intelligence on-the-go through native mobile applications, not just desktop browsers.
• Content Management and Approval Workflows: Threat advisories needed to go through a structured creation, review, and approval process before publication, with role-based permissions for contributors, reviewers, and approvers.
• Deloitte Brand Compliance: All interfaces needed to strictly adhere to Deloitte’s global branding guidelines, which have specific and stringent visual identity requirements.
• Enterprise Security Standards: Given that the application dealt with cybersecurity content and was being deployed within Deloitte’s infrastructure, it needed to pass Deloitte’s own rigorous security testing and audit processes.

Velocity’s Solution

Scope of Work

Velocity Software Solutions designed and developed a comprehensive Threat Insights platform comprising native mobile applications (Android and iOS) and a web-based content management and administration system, connected through secure RESTful APIs.

Key Features & Deliverables

Mobile Application (Android & iOS):

• Multi-Method Authentication:
• Email/Password login
• Email/OTP (One-Time Password) login for enhanced security
• QR Code-based login for frictionless access

• Sign-up with automatic Generic User role assignment

• Role-Based User Experience:

• Role selection upon registration (CxO, Security Analyst, IT Manager, etc.)
• Content feed customized based on user role and preferences

• Tiered access levels: Generic, Standard, and Premium/VIP

• Personalized News Feed:

• Detailed View: Magazine-style, swipe-up interface (Cyber Sec Tabloid format) for immersive reading
• List View: Scannable list format with sorting capabilities (by date, severity, region, category)
• 60-word article brief with “Read More” for full article access

• Real-time feed refresh capability

• Advanced Search and Filtering:

• Search by Region (geographic focus)
• Search by Severity (Critical, High, Medium, Low)
• Search by Date (date range filtering)

• Search by Category (threat type, industry sector)

• Engagement Features:

• Article bookmarking for later reading
• Article sharing via native device sharing
• Email-to-self functionality for forwarding articles

• Comment system for discussion and analysis on articles

• VIP Account Management:

• In-app VIP/Premium account request workflow
• Access to exclusive content including End-of-Life Product advisories

• Customized reports generation for VIP users

• Customization:

• Category preference management in Settings
• Push notification preferences
• Profile management

Web Application (Administration Interface):

• Advisory/Article Management:
• Create, edit, and manage threat advisory articles with rich text formatting
• Article categorization by threat type, severity, region, and industry sector
• Image and multimedia attachment support

• Article preview before submission

• Approval Workflow:

• Multi-level article approval process (Draft, Submitted, Under Review, Approved, Published)
• Reviewer comments and feedback mechanism

• Bulk approval capabilities for efficiency

• Access Management:

• User Management: Create, edit, deactivate user accounts with role assignment
• Role Management: Define and configure user roles with granular permissions

• Permission Management: Fine-grained permission controls for content access and administrative functions

• VIP Account Requests:

• Dashboard for reviewing and processing VIP/Premium account upgrade requests

• Approval/rejection workflow with communication to requestors

• Analytics and Reporting:

• Content performance metrics (views, shares, bookmarks, comments)
• User engagement analytics
• Custom report generation

Secure API Layer:
– RESTful API architecture connecting mobile and web applications
– Token-based authentication with session management
– Data encryption in transit and at rest
– Rate limiting and DDoS protection

Technology Stack

• Mobile (Android): Java/Kotlin (native Android)
• Mobile (iOS): Swift/Objective-C (native iOS)
• Web Backend: LAMP Stack (Linux, Apache, MySQL, PHP)
• Frontend: HTML5, CSS3, JavaScript, jQuery, Bootstrap
• API: Secure RESTful APIs with JWT authentication
• Database: MySQL with encrypted storage for sensitive data
• Push Notifications: Firebase Cloud Messaging (FCM) for Android, Apple Push Notification Service (APNs) for iOS
• Email Service: Integrated email service for OTP delivery and notifications
• Hosting: Deployed within Deloitte’s enterprise datacenter
• Security: Deloitte enterprise security standards compliance, penetration testing, code review

Implementation Approach

1. Requirements Discovery: Intensive sessions with Deloitte’s cybersecurity practice team to understand content types, user personas, workflow requirements, and security standards.
2. UX/UI Design: Detailed wireframes and mockups created for both mobile (Android/iOS) and web applications, strictly adhering to Deloitte’s brand guidelines. All screens were designed with user interaction annotations.
3. Architecture Design: Secure, scalable architecture designed with separate mobile applications, web administration panel, and API layer — all deployable within Deloitte’s enterprise infrastructure.
4. API Development: RESTful API layer developed first, serving as the integration backbone between mobile apps and web backend, with comprehensive authentication, authorization, and data validation.
5. Mobile Application Development: Native Android and iOS applications developed simultaneously, with platform-specific UI optimizations while maintaining feature parity.
6. Web Application Development: Administration and content management web application developed using the LAMP stack, with approval workflows, user management, and analytics.
7. Brand Compliance Review: All interfaces reviewed and refined to ensure strict compliance with Deloitte’s global visual identity guidelines.
8. Internal Testing: Comprehensive testing including functional testing, UI/UX testing, performance testing, and cross-device compatibility testing.
9. Deloitte Security Testing: The application was submitted to Deloitte’s dedicated security testing team for penetration testing, vulnerability assessment, and security audit — with all findings addressed and resolved.
10. Datacenter Deployment: Web application deployed within Deloitte’s secure enterprise datacenter infrastructure.
11. Mobile App Distribution: Mobile applications prepared for enterprise distribution within Deloitte’s organization.
12. Post-Deployment Support: 12 months of ongoing support provided for bug fixes, security patches, minor enhancements, and operational assistance.

Key Outcomes & Impact

• Real-Time Threat Intelligence Delivery: Deloitte’s CxO clients and security teams gained instant access to curated, actionable threat intelligence directly on their mobile devices, significantly reducing the lag between threat identification and awareness.
• Personalized Security Insights: Role-based content personalization ensured that each user received threat intelligence relevant to their responsibilities and areas of concern, improving information signal-to-noise ratio.
• Improved Engagement: The magazine-style mobile interface and push notifications dramatically increased engagement with threat advisory content compared to traditional email distribution.
• Streamlined Content Operations: The web-based content management system with structured approval workflows improved the efficiency, quality, and governance of threat advisory content production.
• Enterprise-Grade Security: The application successfully passed Deloitte’s own rigorous security testing standards, demonstrating enterprise-grade security implementation.
• Brand-Compliant Experience: All interfaces maintained perfect fidelity to Deloitte’s global brand guidelines, presenting a polished, professional image to clients and internal stakeholders.
• Scalable VIP Program: The tiered access model with in-app VIP request workflow enabled Deloitte to manage premium content distribution and upsell enhanced services to key clients.

Why Velocity?

• Enterprise Application Experience: Velocity had built enterprise-grade applications for organizations like Samsung (eProcurement platform), Aster DM Healthcare (IoT-based health monitoring), and GreyB (employee portal), demonstrating capability in complex enterprise environments with stringent security and compliance requirements.
• Native Mobile Development Expertise: Proven experience developing native Android and iOS applications ensured optimal performance, native UX patterns, and platform-specific capabilities critical for executive-level users.
• Full-Stack Delivery: From UX design through API development, native mobile apps, web administration, and datacenter deployment, Velocity provided end-to-end delivery capability.
• Security-First Development: ISO 27001:2013 certification and experience building security-sensitive applications (Samsung eProcurement, UNICEF systems) gave Velocity the security-conscious development culture required by Deloitte.
• LAMP Stack Proficiency: Deep expertise in the LAMP stack — specifically requested by Deloitte for the web application — ensured efficient, robust backend development.
• Flexible Engagement Model: Velocity’s willingness to undergo Deloitte’s security testing process and adapt to enterprise deployment requirements demonstrated operational flexibility.

Velocity Software Solutions — Empowering cybersecurity leaders with the intelligence they need, where and when they need it.