Lorna Jane 'steps up' to a Zero Trust approach with Sekuro.
HIGHLIGHTS
Challenge
- Cyber security and compliance were not a priority for the Lorna Jane workforce which is predominately made up of young people working casual hours, often in their first ever job.
- Lorna Jane’s IT team needed to focus on securing against breaches while online selling and operations boomed during the COVID-19 pandemic.
Solutions
- Lorna Jane partnered with Sekuro to ensure their whole-of-business cyber security policies and compliance aligned to a Zero Trust strategy.
- Sekuro engaged with Lorna Jane’s existing technology providers to create an integrated ‘Alliance’ as a core cyber security stack.
- Annual penetration tests ensure best practises are maintained.
Results
- Lorna Jane now has a whole-of-business approach to cyber security and digital technology that leverages Sekuro’s Zero Trust Strategy approach.
- Sekuro’s technology roadmap has led to positive cultural change across the company, and provides maturity to Lorna Jane’s cyber security posture.
“Sekuro is a team of technical experts. Their knowledge in the cyber security space is second to none. Not only do they come up with technical solutions, but they put it into words that non-technical leaders can understand,” – Darryl Roberts, Group IT Manager, Lorna Jane.
The Story
As a small IT department of just six people servicing just over 1200 employees across physical stores, online, headquarters, warehouses and more, the team at Lorna Jane lacked visibility into what was happening in the cyber security landscape around them.
Darryl Roberts, Group IT Manager at Lorna Jane, was keen to correct the organisation’s positioning on cyber security via a Zero Trust approach — which would ultimately prove crucial to managing and educating the many hundreds of young, casual staff across Lorna Jane.
“Compliance is just not a consideration for our young workforce, many of whom are in their first ever jobs. The average age of the head office staff is just 26, as we tend to hire people directly from the stores,” said Roberts. “We needed to get to a place where cyber security was not just an ‘IT’ thing, but rather, part of the organisational culture of Lorna Jane.”
COVID-19 also changed the way the senior leadership at Lorna Jane viewed its cyber posture. The online arm of the business “went through the roof”, Roberts said, and technology suddenly needed to play an even bigger role in the business to compensate for the lockdowns of physical stores. Some high profile data breaches experienced by other businesses in early 2020 was a further prompt for Lorna Jane to look holistically at its cyber security maturity.
Lorna Jane
Lorna Jane is an Australian founded and owned retail chain selling high-quality, affordable women’s workout clothes, with 120 stores worldwide and a large online presence.
Lorna Jane was looking for a trusted security partner to take it on a journey to becoming a highly secure retail organisation. Harbouring fears of data breaches and dealing with a very young, casual workforce with little understanding of compliance or cyber security, Darryl Roberts, Group IT Manager at Lorna Jane, engaged Sekuro to provide a Zero Trust security framework.
Our Solution for Lorna Jane
Roberts believes it doesn’t matter how big or small an organisation is — a Zero Trust approach is the only way to secure your business. And he wanted a security partner who took Zero Trust as seriously as he did.
Zero Trust is based on the concept that nothing should be trusted until proven that it should be. This approach to cyber security requires organisations to continuously assess and reassess users and systems to determine if they have permission to carry out an action
Lorna Jane partnered with Sekuro to ensure whole-of-business cyber security Zero Trust policies and compliance. Sekuro then engaged with Lorna Jane’s existing technology platforms to create an integrated ‘Alliance’ as Lorna Jane’s core cyber security stack for shared intelligence and optimisation of each platform:
- Okta for identity access management, including all staff identity verification on dashboards, Intranets, and ordering systems.
- Netskope for Data Loss Prevention, visibility and risk insights, and ability to view and manage traffic loads and pay loads.
- CrowdStrike for a complete managed offering including managed endpoint detection and response across all devices — giving Lorna Jane a background eye on each device on vulnerabilities.
Sekuro also conducts annual penetration tests to ensure best practices are maintained.
Outcomes
- Lorna Jane now has single sign-on across 300 external applications.
- The ‘Alliance’ technology stack works in harmony to block around 50,000 emails per day as phishing attacks.
- Cyber security roles and responsibilities for staff have been worked into the cultural fabric of the organisation via staff training.
“Once we train someone up, they suddenly become attractive to another company,” Roberts explains. “Having Sekuro on board means its team is there to not only implement the technology roadmap but also as a recruitment tool to help us out.”
Sekuro #clientforlife
- CREST Registered Penetration Tester
- CREST Certified Web Application Tester
- CREST Practitioner Security Analyst
