BUSINESS: Business supplies and services provider.
SIZE: 5,000 employees
BUSINESS CHALLENGE: Having been recently divested, Office Depot Europe took control of its IT security for the first time. How could they monitor thousands of IP-connected devices for potential vulnerabilities?
WHY THEY CHOSE QUALYS:
Office Depot has maintained a presence in Europe for over 25 years, growing to become the region’s number one reseller of workplace supplies and services. Over time, the business has evolved significantly—and one of the biggest steps in that evolution occurred in early 2017, when Office Depot Inc. sold its European business and Office Depot Europe became a separate operating company.
This divestment gave Office Depot Europe unprecedented control over its operations—however, greater autonomy brought new responsibilities, particularly when it came to managing the company’s extensive IT operations.
Raymond Goossens, Security Operations Manager at Office Depot Europe, elaborates: "When Office Depot Europe became independent, we had to decouple our IT systems from the former parent company, and establish new functions to manage activities that were previously handled globally. As part of this effort, we had the opportunity to create a new security function from the ground up—which meant putting together a team, creating a strategy, and, crucially, acquiring new tools to keep our operations secure and compliant."
For Office Depot Europe, putting security systems in place would be no small feat. The company’s growth by acquisition had left it with a large, distributed estate of IT systems to monitor and manage.
"We have thousands of devices connected to our network, and protecting them all is vital," explains Raymond Goossens. "Cyber-attacks are becoming more severe—and patching vulnerabilities have been an important factor in many high-profile incidents, such as the WannaCry ransomware attack, which crippled the operations of hundreds of companies all over the world.
"To mitigate against these kinds of threats, we knew we had to establish a strong security culture and solid lines of defence right from the start. Our first priority was to gain an accurate view of all of our network assets. Once we had that insight, the next step was to achieve and maintain a robust security posture through regular scanning and patching."
We knew that the Qualys Cloud Platform could deliver the visibility and control we needed to keep our systems protected.
To help achieve its security goals, Office Depot Europe selected the Qualys Cloud Platform.
Raymond Goossens notes: "We were familiar with Qualys, and we knew that the Qualys Cloud Platform could deliver the visibility and control we needed to keep our systems protected."
For a smooth implementation, Office Depot Europe teamed up with Qualys partner Kahuna. Raymond Goossens says: "A team from Kahuna worked alongside us to configure the Qualys solution, and provided training to help our team make the most of the new platform. Kahuna did a great job getting us up and running—it took just one week to deploy the cloud platform."
Currently, Office Depot Europe uses Qualys Vulnerability Manager (VM) to monitor and manage approximately 1,300 IP-connected devices on its network. The company’s IT estate encompasses a diverse mix of physical and virtual servers, running everything from SAP ERP applications and Oracle databases to Microsoft Office applications and SharePoint systems. Qualys VM also provides a continuous view of other network-connected devices including desktops, VOIP systems, and multi-function printers.
"We started by running an initial discovery scan to gain a clear view of all the devices on our network," recalls Raymond Goossens. "We now run continuous discovery scans to maintain continuous visibility of our assets, along with recurring vulnerability scans, which allow us to detect potential security issues and prioritize remediation efforts. Ultimately, we will align our patch management activities with these vulnerability scans and shape a methodical approach to patching."
Additionally, Office Depot Europe harnesses Qualys PCI Compliance to meet Payment Card Industry Data Security Standard (PCI DSS) requirements for protecting the collection, storage, processing, and transmission of cardholder data. The company uses Qualys PCI Compliance to scan internal systems and web applications, including e-commerce platforms, and generate reports to demonstrate its compliance with PCI DSS.
With the Qualys Cloud Platform at the heart of its security function, Office Depot Europe is gaining the visibility and control it needs to protect the business from a fast-changing threat landscape.
Raymond Goossens states: "Qualys software gives us the insight we need to stay on top of network security. By understanding exactly what assets we have, and the potential vulnerabilities of our network, we can take highly targeted action to address threats.
"Without a doubt, using a cloud solution makes life easier for my team and I. We don’t have to worry about maintaining the Qualys software or the underlying infrastructure, which frees us to focus on identifying and resolving threats. It also gives us a great deal of confidence knowing that Qualys is constantly enhancing the solution, as this will help us keep our assets protected as security threats continue to evolve."
He concludes: "The Qualys Cloud Platform will be a real advantage as we work to keep our systems secure and compliant. We’re just starting on our journey with Qualys, but we have much greater peace of mind knowing what assets we have out there, and how we can keep them protected against threats."