Boohoo Group - Bringing Brands into One Ecosystem

BRINGING BRANDS INTO

We talk to Dorian Skeete, Head of IT Security at Boohoo Group, about his forthcoming plans for the company from a cybersecurity perspective.

IT HAS BEEN THREE MONTHS SINCE DORIAN SKEETE WAS BROUGHT IN TO HEAD UP INFORMATION SECURITY AT BOOHOO GROUP.

xcited to be taking on this new role, Dorian has been enthused by the security culture at the company. He explains, “From what I’ve seen, there are two parts to the security culture at Boohoo Group. You’ve got the culture within the IT team, and then the view of security by the board and the average employee. The culture within my team is brilliant. Most of the people have not yet reached a year of service,

so it is a fledging team and they are hungry to improve. Outside of my team, the culture at Boohoo is very good. We have low phishing rates when we send out our phishing campaigns, and we have people regularly interacting with the team, asking questions about how quickly we can get involved in their projects etc.”

Dorian has the full backing of the board to work on improvements over the

next three years by way of his cybersecurity strategy. Dorian says, “The strategy is split into two halves – what we are going to focus on in the next year to 18 months, and then the plan for the next three years or so. In the immediate future, the biggest piece will be consolidation of tooling and capabilities across the group. We have 13 brands in the group, and two of them sit on different tech stacks to the other 11. I want to consolidate the security tools that we use across Boohoo Group, integrating all the brands, to make it much easier

“I WANT TO CONSOLIDATE THE SECURITY TOOLS THAT WE USE ACROSS BOOHOO GROUP, INTEGRATING ALL THE BRANDS, TO MAKE IT MUCH EASIER TO MANAGE”

Dorian Skeete

to manage, whilst also enabling us to leverage savings at scale.”

So, how do you start the process of streamlining security processes across the group? Dorian answers, “Because 11 of the brands are on the same tech stack, it makes it a lot easier. From an IT perspective, we certainly don’t see ourselves as 13 disparate companies, as we all sit on the same OT and IT architecture. We have four distribution centres across the UK dealing with all the brands, so we are already very integrated, which makes my life much easier!”

Dorian and his team are currently working on ensuring collaboration between development and operations teams in order to integrate security in the software delivery cycle. Dorian continues,

“We recently hired a DecSecOps engineer, who will be taking the lead on this workstream, bridging the gap between DevOps and security. They are two separate departments that already have a good working relationship, and the DevOps team is very securityminded. I am hoping that the new DevSecOps role will help

to stitch it all together. One of his first tasks will be to look at our secure lifecycle development policy and see where improvements can be made.”

Dorian believes the key to building a strong team is diversity, which is something he is extremely passionate about. He explains, “Our teams are diverse in terms of age, background, ethnicity etc. It is a really good

“SECUREWORKS PROVIDE OUR XDR PLATFORM AND SOC MANNING SERVICE. THEY ESSENTIALLY PROTECT OUR END POINTS. THEY HAVE BEEN KEY TO THE WAY THE TEAM OPERATES, CERTAINLY ON THE MANAGED SOC SIDE, WHERE WE RELY ON THEM HEAVILY”

mix of people. I have pushed diversity in other organisations I have worked in because I do believe it brings something extra to the business, whether it’s different ideas or different ways of doing things. It helps to keep it fresh!”

Horizon scanning is a discipline where you constantly look towards the future and gather as much information as possible about future trends, so you can stay ahead of the game. Dorian says it is extremely difficult to do in the field of cybersecurity because there has always been the view that malicious attackers are one step ahead. He adds, “Everything we do in defence is reactionary, so horizon

“EVERYTHING WE DO IN DEFENCE IS REACTIONARY, SO HORIZON SCANNING IS IMPORTANT BECAUSE IT BRIDGES THE GAP TO MAKE US BE MORE PROACTIVE”

scanning is important because it bridges the gap to make us be more proactive.”

In terms of future threats and challenges, Dorian believes we can expect to see different techniques around phishing. He elaborates, “The majority of phishing is the type we know, but they are starting to

get more complex and cleverer in their delivery. It is not just about a malicious URL or email anymore, but more of a slow-burn i.e. trying to start conversations with people and sending emails that move into the social engineering side of things. This makes them a lot more difficult to detect using traditional secure email gateway capabilities.”

With quantum computing on the horizon, Dorian says it has the potential to do both good and bad things. He is keen to meet with his peers in the fashion industry to discuss the issues of the day and exchange ideas, as Dorian believes companies are stronger when they work together. He continues, “I think it

is important where possible to share information and threat pictures. What are your pain points and what have you been struggling with from a threat point of view? There might be some common ground we can find where we can help each other. It is a fledgling idea to host an industry meet-up at the moment, but something I would like to do in the future.”

Boohoo Group is able to leverage its ecosystem of trusted partners, especially on the tech side, as Dorian explains, “We have good relationships with many of our partners. We have a partners’ day every year, where we invite our major suppliers to sit down with us to discuss how they are supporting our business and how they might be able to

Cloudflare for Ecommerce

We’re helping millions of ecommerce clients increase their profitability with Cloudflare

Retailers and brands are leveraging their ecommerce channels to drive revenues and increase store profitability. Cloudflare provides a host of solutions to improve the security and performance of any self-hosted ecommerce site.

Increase buyer engagement Prevent fraudulent activity

Ensure uptime and reliability

Lower operational cost

“Once we enabled Cloudflare, we immediately saw a 1.7 second decrease in page load times across all of our sites.” - DevOps Engineer, AO.com

www.cloudflare.com

“IN THE LEAD UP TO OUR PEAK PERIOD, CLOUDFLARE IS VITAL IN ENSURING THE AVAILABILITY OF OUR WEBSITES AND MOBILE APPS”

better support us in the future. Collaboration is something that Boohoo is very good at.”

Three partners with which Boohoo Group collaborates are Secureworks, Mimecast and Cloudflare. Dorian says, “Secureworks provide our XDR platform and SOC manning service. They essentially protect our end points. We also have a security operations centre that sits over all

threats for just one brand, but it has been such a successful technology for us that we decided to increase coverage of it to all of our brands across group. In the lead up to our peak period, it is vital in ensuring the availability of our websites and mobile apps.”

Dorian’s future plans are heavily stitched into his cybersecurity strategy, but he says he will be focusing on business continuity

of that. If they see any critical alerts, they act as our first line of defence to take care of those and escalate where necessary. They have been key to the way the team operates, certainly on the managed SOC side, where we rely on them heavily.

“Mimecast provide our secure email gateway and email protection services. They have been involved with Boohoo for a number of years, protecting us from phishing threats and business email compromises.

“Cloudflare used to be our protection against internet-borne

over the next few months, leading up to the company’s peak periods of Black Friday and Christmas. He concludes, “Over the next year or so, the consolidation piece will be key. It is going to shake up some of our suppliers, spurring them on to make improvements. I am really excited to work with our partners to bring all our brands into one ecosystem, which is superimportant for what we want to do moving forwards.”

For further information on Boohoo Group, visit www.boohooplc.com

“MIMECAST PROVIDE OUR SECURE EMAIL GATEWAY AND EMAIL PROTECTION SERVICES. THEY HAVE BEEN INVOLVED WITH BOOHOO FOR A NUMBER OF YEARS, PROTECTING US FROM PHISHING THREATS AND BUSINESS EMAIL COMPROMISES”

www.boohooplc.com