We recently spoke to Mun Valiji, Sainsbury’s CISO, about the leading UK retailer’s Netskope implementation. This is just a summary of what Mun told us. If you want to get straight into the detail, you can read the full case study here.
To successfully fulfil its objectives, Sainsbury’s Tech Security needs visibility into the distributed nature of projects and activity across the company. The 2,000-strong tech team has to work across an extremely heterogeneous and complex environment, often embedded into other teams to check that controls and measures are not a casualty to innovation.
“It is a complex role, as each business area has its own CTO, focused on driving their own products and processes. My team works in collaboration with each of them to enable innovation while ensuring compliance with industry and government regulation, as well our own policies.
“It is imperative for me that we have a complete line of sight, an end-to-end view of cloud implementation and services, including all egress and ingress points. Given our vision to be the most trusted retailer, knowing what is going on is the basic foundation to ensuring appropriate data governance. I want us to be the first line of detection, response, and management of our data, and if there is an issue we need to be able to quickly get to a position where we can take steps and measures.
“…the obvious PoC [for Netskope] was OneDrive. I wanted to really focus on achieving in depth line-of-site, finding out what our data consists of, where it is stored, and how it is protected. As a 150 year old business you can imagine we have hundreds of millions of folders!
“The implementation was clean and stable, including a lot of support from Netskope. We are now operating across a range of use cases with a line-of-sight that we didn’t have before, with access to more data points and telemetry than we have ever had. For us, the data points are a bit like crime statistics for the police. They give us a snapshot of what has gone on, but more importantly they tell us the effectiveness of our tactics. Our strategy is constantly learning from those numbers. In the world of information security, the world is changing daily, bringing new threats and risks. The data is telling us that we are doing the right things.
“We are ratcheting our implementation all the time because data protection is a clear and present challenge. If you get it wrong, GDPR fines can cost you up to 4% of your revenue, which for a business that does £28.5 billion in retail sales is considerable.”
Check out the full case study here for more commentary from Mun, and full detail on the implementation.