U.K.'s Leading Direct Order Retailer Secures Customer Transactions with Palo Alto Networks
Founded in 1875 by James David Williams, JD Williams & Company Limited is the United Kingdom's leading direct home shopping company, operating over 20 successful catalogue brands. The company is the most successful direct home shopping company in the U.K., with over two million customers and 4,000 employees. JD Williams' catalogs offer a huge selection of clothing and other products for all ages and sizes. In 1882, JD Williams became the first company to use England's parcel post service to send products directly to customers. The formula of providing quality, fashionable, value-for-money clothing direct to customers proved increasingly popular towards the latter end of the 20th century. As a result, JD Williams has enjoyed significant growth. JD Williams & Company Limited is part of N Brown Group PLC.
DIRECT ORDER: PROTECTING CUSTOMERS IS PARAMOUNT
JD Williams & Company Limited is the most successful direct-to-consumer retailer in the United Kingdom, having originated the concept of direct mail order products in the late 19th century. With over two million customers, the company relies heavily on information technology to receive and fulfill orders from its customers. "In addition to print catalog orders, JD Williams hosts over 50 websites, all of which process customer orders and credit card transactions, making PCI Compliance a high priority for us," explains Geoffrey Lloyd, Computer Services Program Coordinator for JD Williams.
The company's existing IT environment, including conventional firewalls, was contributing to a costly and cumbersome network segmentation process, which was required to help it achieve PCI compliance. JD Williams also sought to introduce an IDS/IPS solution to meet PCI compliance requirements. "Stand-alone enterprise IDS/IPS solutions are very expensive to purchase and resource intensive to deploy and customize," states Lloyd.
PALO ALTO NETWORKS IS IN ORDER
While working with London-based IT security specialists Nebulas Solutions Group to explore available solutions on the market, JD Williams learned about Palo Alto Networks and the PA-4000 Series next-generation firewall for granular visibility of threats and better control of Internet applications. "The combination of next-generation firewall and class-leading IDS/IPS functionality offered by the Palo Alto Networks appliances made them a very cost-effective solution that could be quickly deployed," says Lloyd.
Network segmentation is considered to be a network security best practice because it allows the IT department to isolate critical data behind a set of security policies, which more effectively protects that data. For companies like JD Williams that are required to become PCI complaint, network segmentation can be used to isolate cardholder data. This helps to reduce the scope of the audit process.
Many networking devices, including firewalls, are capable of implementing some rudimentary network segmentation based on either IP address, logical zone or some combination thereof. The problem with all of these devices, including firewalls, is that their control mechanisms are based on ports, protocols and IP addresses.
None of the existing networking devices are able to identity and control access to segments based on application identity, nor can they tie policies directly to user and group information from Active Directory. Because of this technology limitation, they are ineffective at protecting cardholder data from innovative attackers and threats that can easily bypass these offerings. "We reviewed the capabilities of the PA-4000 Series and became convinced it could play a key part in our quest to make JD Williams PCI Compliant, especially with the unique way in which Palo Alto Networks would enable us to do network segmentation," Lloyd states.
Palo Alto Networks' next-generation firewall isolates and protects cardholder data through security policies that are based on the user or group identity from within Active Directory. The user and group identity is then tied directly to a specific application, and the application can then be inspected for threats and unauthorized data transfer. This level of granular control is unmatched by any firewall solution on the market.
A BETTER WAY TO PREVENT INTRUSIONS
"Another edge the PA-4000 Series has over other firewall technologies that we considered is its fully integrated threat prevention capabilities," explains Lloyd. "This made the purchase cost-effective over renewing separate firewall and IPS solutions."
JD Williams also recognized an opportunity to save money by reducing the number of network devices it had to manage. "We had a diverse range of security products from a variety of vendors deployed, but soon came to realize that the Palo Alto Networks devices could handle many of these tasks," Lloyd states. "The opportunity to streamline the number of products we would have to purchase, and the respective vendor management involved in the process, was very attractive to us."
A CATALOG OF DIRECT RESULTS
JD Williams purchased and deployed two Palo Alto Networks PA-4020 next-generation firewalls. Upon activating their new Palo Alto Networks firewalls, JD Williams noticed an immediate increase in the visibility of the threats that were being detected and blocked.
To reduce the scope and cost of achieving PCI compliance, JD Williams is initially using the PA-4000 Series firewalls to segregate its cardholder data environment from the rest of its network. JD Williams estimates that the Palo Alto Networks appliances have reduced its overall costs to achieve PCI compliance by approximately 10-15%. Palo Alto Networks increased the security of JD Williams' network, and PCI Compliance will be successfully achieved at a much lower cost.
"Another benefit of the PA-4000 Series is that its one gigabyte throughput is significantly greater than that offered by our legacy firewalls, which gives us much more headroom for growth," adds Lloyd. JD Williams was also able to lower costs due to device consolidation. In fact, the company believes it will reduce the amount of time it spends on managing devices on its network by up to 15% as a result of this implementation. The heightened security and efficiencies of the PA-4000 Series are allowing JD Williams to focus on launching several new initiatives.
"In the future, we'll use the boxes' capabilities far more widely to satisfy the security requirements of numerous new projects and services, and to consolidate a number of legacy firewalls onto Palo Alto Networks," relays Lloyd. "We are certainly aware of the other advanced features of the Palo Alto Networks PA-4000 Series, and we aim to take advantage of those in the near future."