Babou, a leading retailer in France, was established in 1979. Babou dresses the whole family, providing a full range of clothes, shoes, lingerie, linen, and sundries. Today the specialty discount chain has nearly 100 stores in France and Portugal, totaling 240,000 square meters of retail space. The company is growing, and aims to open five new stores a year.
The expansion triggered a vast computer project to move the company into a new generation of computing. This added many projects to the agenda of David Legeay, CIO of Babou. “Before 2009, Babou business processes were not computerized, and the group operated primarily by phone, paper, and fax transmissions. We recieved feedback from the field about problems regarding random visibility into our operations. This is precisely what led us to migrate our operations to new technologies,” said Legeauy.
In 2009, the retailer initiated a multi-year project to compile needs and define a master plan. Over the following two years, software investments were made to accompany the group’s business functions: management of procurement and supply, commercial and accounting management, and office applications at the head office.
In 2011, a private data center was deployed to centralize data and virtualize servers, workstations, and capabilities to ensure high availability. By 2013, the stores saw a complete overhaul of their IT environment, resulting in the first automated inventory at each store.
Meanwhile, in 2012, several mobility projects were launched, including secure remote access to virtual desktops to keep employees connected while traveling. Finally, adding multiple management applications to mobile devices propelled Babou into the era of business intelligence. This gave directors real-time visibility into the activities of their point of sale, the restocking management of more 35,000 articles in store, and the data consolidation performance of each store—all able to be viewed at a distance, especially from abroad.
“We wanted to protect ourselves against the earliest stealth attacks that are designed to bypass traditional security tools.”
Security, is often deployed reactively in an emergency when problems arise. Babou, however, takes a proactive approach to security. “The security of our IT projects is incorporated into the early phases of our master planning and we advance the security throughout our projects,” said Legeay. As a result, Babou uses several Trend Micro solutions to secure its IT environments.
Nearly 1,000 fixed workstations, including autonomous point of sale devices at the store level, are protected by OfficeScan™ endpoint security. In the virtualized environments, the Deep Security solution provides antivirus for servers and workstations. The Deep Security platform is ideal for this type of environment because it does not hinder performance by requiring the installation of a software agent on each VM. Finally, the Trend Micro Mobile Security solution use multiple features to secure mobile devices and business applications, using mobile fleet management, antivirus, and data protection for mobile devices.
“Each of these security platforms contributed specific security features to provide end-to-end protection,” said Legeay. “In addition, Trend Micro also helps us to safely evolve our technologies. For example, Trend Micro provides security for Microsoft Lync platforms, giving us the peace of mind to adopt this technology to facilitate communication between our employees.”
“We want to point out that the audited architecture is remarkable in its design and scalability and it is rare to find a properly secured infrastructure during a first audit.”
Dr. Patrice Guichard
from a security audit report
commissioned by Babou
In 2013, Babou commissioned an external audit of its security to validate its investment. Even though the results were particularly positive, the audit also included some recommendations for improvement. In particular, the audit documented the need to guard against a major change in the world of security: intrusion related to targeted attacks.
“We had not seen intrusion of this kind, but we wanted to protect ourselves against the earliest stealth attacks that are designed to bypass traditional security tools,” said Legeay. The CIO again turned to Trend Micro to fulfill this key recommendation of the audit using the Deep Discovery Inpector solution.
The Deep Discovery platform offers detection engines and custom sandboxing to analyze and identify malware, C & C (Command & Control) communications, and future behavior that may go undetected by traditional security tools. The solution correlates this data in a granular method that promotes responsiveness. It also shares information about intrusions with the other platforms of Babou security arsenal for a personalized, real-time defense against the attackers.
“Since the solution has been in place, we have not identified any sign of a successful targeted attack, confirming the relevance and effectiveness of our security environment,” says Legeay. “The real value of Deep Discovery Inspector is to enable and automate the analysis of our logs. Otherwise, this operation is so complex and time consuming that it would require up to two full-time jobs to perform manually. Yet it remains essential to keep out targeted attacks, and this is precisely what Trend Micro has helped us to accomplish in a strong economic manner.”
Trend Micro has helped Babou ensure safety since 2010. In addition to the performance of security technologies, there is another criteria that explains the longevity of the collaboration. “I think today, the IT security leaders all offer technologies that prove ultimately fairly equivalent. But Trend Micro makes a difference on a key field: the customer relationship. For over 4 years, we have had first-rate support from Trend Micro employees. They were able to adapt their offer to fit all of our needs, while respecting our budget constraints,” says Legeay. “With this in mind, we expect that this relationship of trust to continue long term.”
“Since the solution has been in place, we have not identified any sign of a successful targeted attack, confirming the relevance and effectiveness of our security environment.”