Securing the retail environment
Globus has implemented security solutions at its stores and
warehouses. By Kushal Shah
business was growing with the number of stores and warehouses both going up.
Facing a plethora of information threats, the company decided to do something
about it. The number of threats and computer related incidents increased
at a tremendous rate as the number of locations and the amount of data kept
increasing, says Meheriar Patel, Deputy General Manager and Head
IT, Globus Stores.
Considering the threats involved in running a critical infrastructure
with a wide variety of users using the systems thats connected to the
Internet, the need was felt for a robust and secure IT infrastructure.
Keeping in mind the companys rapid growth rate and expansion
plans, the aim of this implementation was to provide a secure and robust infrastructure
for Globus. Data security, scalability and flexibility were key aspects of the
Meheriar Patel, Deputy General Manager and Head IT, Globus Stores, headed
the project along with Afzal Sayed as the project manager for Security with
the help of a team of internal and outsourced partners.
A SonicWALL 4060 UTM box was set up at the gateway and it
takes care of firewall, content filtering device, gateway antivirus, IPSec VPN
appliance, spam filter, Intrusion prevention system and anti-spyware duties.
We took care to ensure that we chose not only the best product from a
technological perspective, but also a security partner who understood our business
concerns and would be there for us in the long term, says Patel. Areas
such as the vendors reputation and other projects completed by it were
given due consideration. Initial and operational costs were also important criteria.
This solution was implemented at the companys headquarters in Mumbai and
across most of its warehouses. All possible steps were taken to ensure a safe
environment. The implementation began with a study of the network at all the
stores. At this point loopholes were identified. Threats were listed during
this phase after which the company began to re-design the network. Next up was
to configure the firewall as per best practices. This was followed by the VPN
configuration for secure access from all locations. As part of the business
requirement exercise, firewall and VPN policies were written and logging configured
for the firewall. After this, testing and finalisation of policies took place.
Penetration testing was followed by documentation and integration with the companys
It took about two months to do all this with an additional month being required
for fine-tuning settings.
All enterprise users who access the data centre applications in the network
have to pass through the firewall. Besides that, all mobile users, vendors and
partners connect through secure IPSec tunnels. In all over 20 users are using
this facility and licenses have been taken for a thousand users.
The SonicWALL 4060 UTM box runs a hardened Linux based OS with support for IPSec
VPN with the latest encryption technologies.
|Launched in January 1998, Globus is a part of the
Rajan Raheja group. The company opened its first store in 1999 at Indore
followed by the launch of its second store in Chennai (T-Nagar). Soon to
follow was another outlet in Chennai located at Adyar. The flagship store
in Mumbai was opened on 1st November 2001 followed by an outlet in New Delhi
in South Extension Part-2. Globus recently launched its fourteenth store
in Lucknow. Soon stores will open in Varanasi, Hyderabad and Noida. Globus
Stores Pvt. Ltd. was formed with the goal of bringing about a perceptible
change in the way apparel and lifestyle retailing has been carried so far.
The company is rapidly expanding and the target is to have an additional
100 fashion stores by end 2008.
In a radical transformation theres always the chance of some problems
cropping up. Globus biggest challenge was to redesign the backbone infrastructure
on a live network without any downtime. Downtime was a no-no due
to continuous usage of the system by stores across India.
Working with multiple ISPs with different WAN or VPN technologies and the changes
required at their end also required a lot of effort. Last but not the least,
framing the IT policy for its business requirements took some doing.
Business Continuity and Disaster Recovery
The data centre is located at the Mumbai head office. It is a typical layer
3 data centre with centralised applications and servers. Some points considered
while designing the data centre were scalability, flexibility, and high availability.
Scalability was important as the data centre had to be able to support speedy
and seamless growth without major disruptions.
The data centre should support all new services without a major overhaul of
its infrastructure and thus flexibility also played an important role in the
design. The data centre could have no single point of failure and it had to
offer predictable uptime (related to hardware failure).
Once the deployment at the data centre was concluded, backups
of all application data, operating system, databases and files were taken on
a daily basis onto LTO2 or LTO3 tape drives and even on disk. All the backup
media was stored offsite on a daily basis. Weekly and monthly backup tapes are
stored at remote locations.
If the OS or application software conks off, data can be restored by reinstalling
the concerned software and retrieving the latest data backup.
For hardware failures, the same process can be done after a change of the problematic
component. Globus is in the process of implementing system state backups and
Automated System Recovery (ASR) to support single touch restoration of applications
and operating systems.
of the major concerns for data centre managers is that of power and cooling
at the site. Fluctuation in any of these aspects or both will result in performance
problems, says Patel.
To take care of such problems, system temperatures are monitored on a day to
day basis. A minimum power backup of eight hours is provided using smart UPS
systems. Cleaning of servers and air-conditioning systems is done on regular
basis. Care is taken to see there are no loose wires or cables. Appropriate
numbering and colour coding of all cables is done during installation. Humidity
is controlled in the data centre.
Benefits and ROI
Significant resources are used when any organisation goes
for a new IT implementation. The security solution deployed plays a fundamental
role in controlling information access. The solutions ability to integrate
into the existing network setup and reporting framework has allowed Globus to
gain greater control over network access and usage while minimising implementation
and management costs.
Further, the bandwidth utilisation has decreased considerably as all unwanted
content has been blocked or filtered. Due to this implementation, the time spent
by the users on non business related activities has been reduced greatly which
helps in increasing overall organisational efficiency. Security setup has reduced
the threat level of the organisation to a considerable extent.
Globus plans to further strengthen its organisational security by implementing
a similar solution at all of its stores and warehouses with a centrally controlled
and monitored firewall with content filtering. The current security Infrastructure
is scalable and can be easily upgraded.