Case Study
How AppLovin built a strategic risk program to keep pace with company growth
Frameworks
NIST CSF
//
ISO 27001
AppLovin makes technologies that help businesses of every size connect to their ideal customers. The company provides end-to-end software and AI solutions for businesses to reach, monetize and grow their global audiences.
Product Used: Compliance Operations Module, Risk Register Module, Vendor Risk Management Module
Quick Facts: Software service provider, Palo Alto, California
Established a foundation for their risk management program that scales with the business
Automated assessments and questionnaires for third-party vendor management that used to take hours
Organized their controls to create a single source of truth, mapped across multiple frameworks like NIST CSF and ISO 27001
Provided their leadership and board complete visibility into risk health and mitigation work
The Challenge
Finding the right software to help a team of experts scale
AppLovin saw exponential growth after they went public and needed to scale quickly. Their Head of Information Security, Jeremiah Kung, brought in a team of compliance experts to build their program from the ground up: Narendra Dunna, Director of the Cybersecurity Assurance Program; and Randy Powell, Head of Governance, Risk, and Compliance. This new team wanted to address risk and compliance the right way from the start of their growth. This meant that instead of trying to manage risks and track controls in spreadsheets or through manual processes, they immediately started searching for a platform that could help. “We had a team of incredibly talented and smart people who knew how to do the work,” says Kung. “We just needed a tool that could help them actually get it done.”
The need for visibility and transparency
One challenge that became especially apparent during AppLovin’s search was the need for more transparency into their risk and compliance posture, both for leadership and for the risk and compliance team to better understand which risks to prioritize and mitigate first. AppLovin was in a unique position: because the company has a security-first culture by nature, their leadership team understood why risk mitigation was a priority. Additionally, Kung, Dunna, and Powell needed a better view into their risk posture and which risks were the highest priority so they could take action immediately.
Automating third-party vendor management
AppLovin also wanted a platform that could alleviate the manual and tedious tasks they dealt with when handling third-party vendor management. They needed a way to organize their vendors and automate vendor questionnaires and assessments. Before Hyperproof, the team would track vendor risk via spreadsheets, manually send out security assessments, create tasks to remind themselves to follow up with vendors, and manage all the vendor files and documentation themselves. This took up hours of time and prevented them from truly understanding their risk posture in real-time. “When I first came on board, one of the things we were lacking was a vendor risk program. That was one of the primary reasons we brought in Hyperproof,” says Powell.
Hyperproof was the right platform for us. It’s easy to use, powerful, and will scale with us as we grow.
Jeremiah Kung
Head of Information Security // AppLovin
The Solution
The right solution for growth
After evaluating several platforms, AppLovin chose Hyperproof to handle its risk and compliance management because the platform provided the robust features they needed to scale compliance effectively and efficiently. Hyperproof also solved their immediate need to automate their third-party risk management program. Since adopting Hyperproof, AppLovin has been able to create a single source of truth for its risk management and provide leadership with the visibility they need to make strategic decisions. They have also seen increased efficiency across their workflows leveraging automation and the Asana integration to ensure critical work is getting done right. “Hyperproof had the experience needed to build a platform that actually addresses our needs,” says Kung.
I see Hyperproof as a key component to our growth.
Jeremiah Kung
Head of Information Security // AppLovin
Hyperproof doesn’t have complex workflows. It’s a very clean UI and it’s easy to use.
Narendra Dunna
Director of the Cybersecurity Assurance Program // AppLovin
Ease-of-use and easy implementation
Hyperproof was quick to implement, and AppLovin was able to stand up several programs in weeks, not months. Best of all, the platform was easy to learn. Their team members adapted quickly to its UI and features, which accelerated their compliance growth as quickly as they needed while they scaled while keeping the team small. “Hyperproof was so easy to implement. It doesn’t have complex workflows and it has a simple UI, which helped us start fresh,” says Dunna. “Best of all, we can configure the tool to meet our business needs.”
Seamless vendor risk management
“Hyperproof created a lot of efficiencies for us, especially around third-party risk,” says Kung. Hyperproof has enabled AppLovin to easily manage all of their vendors in a single place and kicks off automated questionnaires and assessments to ensure their status is always up to date. This means they no longer have to track vendor risk via spreadsheets, nor do they have to manually create tasks to remind themselves to follow up tracking vendor progress. These tasks are now automated through Hyperproof, enabling team members like Powell to focus his time on more strategic tasks. AppLovin also leverages Hyperproof when they bring on new vendors to educate internal teams of the importance of risk. Hyperproof has become a pre-source that AppLovin uses to reinforce their security-first culture across the entire organization.
We track everything in Hyperproof now, like progress with our vendors, and we use the program module to provide insight into other regulatory programs, which is so useful for us.
Randy Powell
Head of Governance, Risk, and Compliance // AppLovin
AppLovin gets visibility into their risk posture with Hyperproof
AppLovin’s risk and compliance team meets quarterly with leadership to present initiatives, completion metrics, and immediate risks to address. With Hyperproof’s in-depth reporting and real-time analytics, the AppLovin team has everything they need at their fingertips to truly communicate the impact of their work to stakeholders. “I can actually prove to them the value of our work with a record of documentation — and meaningful visuals — in a legitimate way,” says Kung. With Hyperproof, AppLovin has a single source of truth to document exactly what their team does to mitigate risks to provide transparency across the organization.
Transparency is a core tenant for me working in information security. Hyperproof is our record of proof to maintain transparency – our risks, our vendors, our processes — all of it.
Jeremiah Kung
Head of Information Security // AppLovin
Risk mitigation made easy
AppLovin tracks all of their risk mitigation processes in Hyperproof and monitors the health of their controls with automated control testing. By centralizing their risk management, the team can measure, track, and evaluate risk so they understand exactly where they stand and how to adjust their business to be more compliant. They can also provide complete transparency to leadership by giving executives and the board access to dashboards that show how the GRC team is progressing toward mitigating and managing risks.
AppLovin saves hours of time with integrations
With Hyperproof, AppLovin can leverage the power of automation where it counts. Hyperproof has dozens of integrations that help AppLovin streamline evidence collection and communication between teams. Hyperproof’s Asana integration proved particularly useful for AppLovin’s team: “The Asana integration makes our life easier,” says Kung. “Rather than re-typing requests for evidence over and over again, we can automate the process.” As a result, AppLovin’s team has saved hours of time on evidence collection and was able to scale their platform quickly.
Automation is the key for us. Without Hyperproof’s automation, there’s no way we’d be able to scale as quickly as we have.
Narendra Dunna
Director of the Cybersecurity Assurance Program // AppLovin
Conclusion
With Hyperproof, AppLovin was able to create a single source of truth for compliance and automated routine, repetitive work, steamlining workflows and reducing work for teams across the organization.
To see the Hyperproof platform in action, schedule a demo with our team today.
