Frasers Group is all about growth. The UK-based retailer started in 1982 as a modest one-store operation and today is a multi-brand powerhouse that operates hundreds of stores, employs more than 25,000 people, and runs brick-and-mortar and online operations in 25 countries. For its latest fiscal year, Frasers had sales topping £3.6 billion (approx. $4.7 billion).
Much of Frasers’ growth has come by acquiring other brands. Frasers’ portfolio now includes nearly a dozen brands, including Sports Direct, Game and Sofa.com. And the strategy continues. Frasers acquired online specialist Studio Retail earlier this year.
All this M&A activity requires the merging of IT systems, a complex task. Each time Frasers acquires a company, it also has to make a security decision: Should the newly acquired unit should be permitted to follow its own cybersecurity rules, or should it be required to follow those of the corporate parent?
To oversee this challenge, Frasers recently created a global group for information security and privacy, and it hired IT consultant Matthew Wilmot to be the group’s head. Wilmot now works closely with Richard Marlow, who himself joined Frasers just two years ago as part of an acquisition and is today Frasers’ manager of vulnerability testing. Working together, Wilmot and Marlow prioritized their cybersecurity must-haves. These included new capabilities for penetration testing, vulnerability scanning, and greater endpoint visibility.
“We were struggling to get a hold on our overall environment,” Wilmot recounts. “The tooling we had really didn’t tell us much about our assets.”
Improving cyber hygiene
Clearly, something new was needed, and fortunately, Wilmot was already familiar with Tanium. In his previous consulting role, Wilmot had used Tanium while helping a client respond to a cyberbreach. Now at Frasers, Wilmot suspected his new employer could use Tanium to dramatically improve its cyber hygiene, gain visibility into its vulnerabilities and keep its systems secure.
Initially, Tanium was deployed only in Frasers’ Game unit, a gaming specialist that operates over 250 stores in the UK plus an expansive website. Because Game operates as a standalone business, Wilmot reasoned, it could function as his test lab for Tanium. The first test was limited to just 10 stores, mainly because the test was conducted in December, retail’s busiest time of the year. “If we took down either the website or the stores,” Wilmot says, “that would have been massively frowned upon.”
Fortunately for all, the test went smoothly. So smoothly, in fact, that Frasers opted to roll out Tanium to another 200 Game stores. “Now we’re in a position where everyone is comfortable with Tanium,” Wilmot says. “They know it’s not going to take anything down. And that lets us accelerate the rollout.”
Even better, Wilmot, Marlow and their teams got to relax over the Christmas break, even though many other retailers were wrestling with the Log4j vulnerability threat. Working with a Tanium proof-of-concept, the Frasers team had already identified where Log4j existed and resolved its vulnerabilities.
Now Frasers is so positive about using Tanium that it’s including the requirement “use Tanium” in a due diligence one-pager the company recently prepared for officers of newly acquired units.
Already, Frasers has decided that Tanium will be fully implemented at both Studio Retail, its most recent acquisition, and Sports Direct, its largest unit by far, accounting for roughly 70% of Frasers’ total group sales.
Tanium has also helped Wilmot sharpen his reporting to the company’s board of directors. “The board is not necessarily interested in the detailed data,” he says. “They just want to know what vulnerabilities we have and what we’ve done to mitigate them. With Tanium, I can be clear and concise.”
Adds Marlow: “For the level of insight Tanium gives us, it’s invaluable.”
Read the full case study to learn more about how Frasers Group is securing growth with Tanium.
Contact Tanium to see our Converged Endpoint Management platform in action.