Leroy Merlin secures business data with IBM

2021: Securing Business Data

Leroy Merlin provided reasonable business data protection with IBM, as the latter reported on July 26, 2021.

The network of the international retailer Leroy Merlin for July 2021 has more than 100 hypermarkets in 65 cities of Russia and specializes in the sale of goods for the construction, decoration and arrangement of a house, cottage and garden.

Information security is one of Leroy Merlin's priorities. Auditing and controlling digital data flows in the business processes of a large retail company with a distributed network, in addition, allows you to improve operational efficiency and maintain customer confidence.

retail Traditionally, many payments are made bank cards using other financial operations, so this area has long become attractive to fraudsters. According to to data the IBM X-Force Threat Intelligence Index 2021 report, retail accounts for just over 10% of all analyzed, but at attacks the same time more than a third (36%) of attacks across all industries aimed at identity theft.

To maintain the confidence of buyers and suppliers in the brand, three years ago Leroy Merlin decided to qualitatively improve control over operations information with internal servers database management (:, DBMS ERP payment data, master databases). Manual monitoring is far from always effective, so we decided to automate the process of detecting violations of policies information security and deviations from when business processes working with the media.

To solve this problem, we turned to an IT partner - Softline, which has experience in implementing complex projects on information security.

Among the key requirements in choosing a data protection solution were the ability to work in a geographically distributed infrastructure, the flexibility to configure database monitoring and protection rules, maintaining a database request log independent of the DBMS functionality, and the convenience and informativity of reporting.

Softline specialists, based on the formulated criteria, selected several solutions of various vendors and tested them. After analyzing the technical capabilities of the company's solutions and business tasks together, we found that IBM Guardium best meets our needs. Next, IT provider engineers, together with IBM specialists, carried out a pilot project. During the piloting of the solution, the main tasks of data security were put into practice and the possibility of achieving all future goals of the project was demonstrated.

IBM Guardium is a specialized IBM product for detecting and classifying data in heterogeneous environments, monitoring requests and blocking illegitimate access to protected information, auditing and building operational data reporting.

Leroy Merlin launched the first phase of the project to protect operating and logistics information databases on IBM Guardium technologies in 2018. To do this, the Softline team, which is an IBM business partner, designed a data access monitoring system, implemented Guardium components and installed agents to analyze database requests. It took about three months to design and implement the solution.

Automation of control over business system data activities has contributed to improving the operational efficiency of the company, since information is handled in accordance with business expectations, and the cost of finding and correcting information in databases has decreased.

IBM Guardium is supported by IBM and Softline for continuous industrial operation. Convinced of the good efficiency of the product, it was decided to scale it to a number of other databases and information systems of the company. Some of the work on scaling the solution was carried out by Softline experts, connecting the databases to IBM Guardium. In the future, we consider the possibility of expanding protection to data located in the hybrid cloud.