Case studies

Protecting a major retailer’s digital future

key fact

The Chief Information Security Officer role has responsibility for over 60 full-time security staff within the retailer.

Providing board-level advice to address the business’s number one corporate risk: data security

Challenge

Like many large businesses, our client – a major UK retailer – is fundamentally changing its business model, focusing on digital services. This involves managing large amounts of customer data, and given that reputation and public trust are crucial to the retailer, it needed to create a new security model to support its changing business.

Mason Advisory was asked to provide a Chief Information Security Officer (CISO) to keep the organisation safe during its transformation.

Solution

Our consultant was instrumental in the redesign and restructuring of the security organisation, including developing the entirely new global CISO role. He reported into the board, and was accountable for group security, with responsibility for a multi-million-pound budget. He also led the wider restructuring of the security team in order to build the right platform to deliver the new security model.

As CISO, he led the development of a security strategy in line with the digital business objectives, which was built around a more proactive detect-and-respond model (with a view to moving to a fully predictive approach in future). This moved away from traditional ‘bunker’ approaches to protecting systems and, in an extension of the successful use of customer data to provide retail insights, the security strategy depends on analysing machine data to provide security information and event management (SIEM) insights.

Outcome

The strategy continues to be implemented using an Agile approach in order to iteratively improve it as the programme of works progresses. The strategy will deliver a more flexible security model to support the business’s digital ambitions.

Our CISO has also prepared the retailer for industry-leading information security certification, and ensured compliance with the Payment Card Industry (PCI) standards for payment processing and encryption.

Other key projects included:

  • delivering risk reduction initiatives, such as designing a network segmentation project to split the PCI segment from the rest of the network
  • encouraging secure software development
  • managing access to services, including cloud services
  • wrap around third parties which need to access customer data
  • implementing advanced malware detection and data loss prevention initiatives.

We also supported the retailer in making the transition to a full-time in-house CISO.

Our services

View all

Sourcing

Helping clients to source IT solutions from the marketplace, in order to transform their organisations and drive value and improve performance.

Read more

Service Management

Enabling clients to deliver business value through optimising and transforming their service operations

Read more

Operating Model & Organisational Design

Helping technology organisations optimise how they operate and organise themselves – internally and in their external interactions – to deliver maximum value to customers.

Read more

Digital

Empowering your Digital business through customer-focused strategies, product innovation, data-driven decision making, and seamless and safe integration with traditional IT to create business growth and positive impact.

Read more

Cyber

Protecting businesses, their services, and critical data assets through design, implementation, and assurance of secure and resilient services

Read more

Architecture

Developing IT strategies, designs and technical roadmaps to drive innovation and align IT with the business.

Read more