E-Commerce Furniture Retailer Securely Transitions to Public Cloud

Over a period of 50 years, a Scottish furniture business has established itself as a brand leader in home furnishings. The family-owned firm boasts a significant turnover and employs hundreds of staff across ten concept stores.

The key to the brand’s success has been knowing when to change and evolve. When the company celebrated its 50th anniversary with the appointment of a ‘digitally minded’ new CEO, it entered a new era, undertaking a major rebrand to reflect a new curated offering of furniture, accessories, flooring and interior finishes. And, whilst bricks and mortar stores remain crucial to the brand, it wanted a bigger slice of the available online sales.

With new premium stores rebranding across the country, the business wanted to ensure its online presence was as forward thinking as its new stores and engaged a digital agency to design and build a new ecommerce site, migrating from a hosted private cloud to Microsoft Azure.

Whilst the move to Azure would allow the furniture business to capitalise on Microsoft’s many inbuilt cloud services, such as Azure Blob, SQL as a service and Azure Active Directory, it left the company feeling exposed. With a small IT team with no experience of Microsoft cloud or the expertise or time to manage threats, the company was apprehensive about the risk of business interruption.

At the same time the business was onboarding Microsoft 365 and was particularly concerned about lateral movement attacks.

These worries were further exacerbated by a high profile, week-long cyber-attack on competitor brand, Furniture Village, which saw trading cease for a week and customer orders interrupted for almost six months. More recently, the industry was also rocked when IT services company, Swan Retail – a supplier to the furniture business- was subject to a cyber-attack which left 300 retailers unable to fulfil orders.

The IT Director said: “The threat landscape in the retail sector is fast moving and constantly shifting. For example, you now have ransomware as a service, which has created out-of-the box software packages to launch a software attack. We fall into that small to medium enterprise bracket that is particularly vulnerable, a perfect target. Also, because of the nature of what we sell – bespoke furniture - it’s a 13-week lead time for our products. If we are hit with a ransomware attack that timescale becomes significantly longer, and the likelihood is that the customer will simply cancel and go elsewhere. We have a responsibility to ourselves and our customers to make sure that doesn’t happen.”

The company needed a partner capable of offering an Extended Detection and Response (XDR) function backed by a 24/7 Security Operation Centre (SOC).

IT Director: “We needed somebody who not only understood the threat landscape, but who had the expertise we lacked in Microsoft Azure and could help us unlock the benefits of Microsoft Sentinel. The team at Armor immediately impressed us with the depth and breadth of their knowledge.”

Armor is a Microsoft Security Solutions Partner with advanced specialisation in Cloud Security and Threat Detection and a member of the Microsoft Intelligent Security Association (MISA).

Armor’s first step was to deploy and manage Microsoft Sentinel, Azure’s SIEM solution, as part of its Extended Detection and Response service. As part of the deployment, Armor configured each of the following native log sources:

• Azure AD – which provides insights into Audit and Sign-in logs.
• Azure Activity – which provides an overview of subscription level events.
• Azure SQL Database – which provides audit and diagnostic logs.
• Azure Storage Account – Which provides audited and diagnostic logs.
• Azure WAF – which provides Web Application Firewall logs.

Armor’s team of Solution and Security Engineers configured the data connectors to collect all the logs and telemetry from these sources, then overlayed Armor’s propriety rule set. Since then the role of Armor's Security Operations Center has been to fine tune those rules, adapting and changing them as the threat landscape evolves, giving the furniture business a continuous and complete picture of its security and risk posture.

Armor’s SOC monitor the furniture company’s environment for potential threat vectors and support the in-house team to navigate and deploy appropriate security controls and processes, ultimately supporting them in building a more effective and resilient IT infrastructure.

IT Director: “Armor implemented all the automation rules according to best practice and really helped educate the IT team on the basic elements of Sentinel, what the automation rules do and, crucially, how to remediate any alerts which do come through. They held our hands through the entire onboarding process, their approach could not have been more comprehensive.”