(ID999) INCIDENT RESPONSE - Tel: UK 0044 1732 897 601

Hamley's appoints BII as Cyber Security Partner

The company

Hamley's is an internationally recognized toy retailer with on-going plans to grow the brand. Its ­flagship London store is considered one of the city’s major tourist attractions and receives in excess of five million visitors a year. With seven floors covering 54,000 square feet (5,000 m2), all devoted to playthings, the store is everything a child could dream of and more. In addition to the London store, Hamley's has stores in eight other countries including outlets in Dubai, India, and Russia.

The challenge

The Payment Card Industry Data Security Standard (PCI DSS) mandate requires organizations handling credit card data to implement a logging solution that provides visibility into security events on the systems that access, handle, process, and store credit card information. As such, Hamley's needed to implement a solution that could assist them to become PCI DSS compliant quickly and efficiently, with no interruption to its users and retail customers. Hamley's had to ‑ find a solution that allowed operations to continue unabated, but as long as they were improving their infrastructure, they also sought to improve operations through an IT investment.

To identify the best way to meet these new mandate requirements, Hamley's consulted its partners who recommended they install a compliance tool which would not just ‘tick the PCI box’ to meet the mandate, but could provide them with a secure but transparent infrastructure to operate in for the future.

After carrying out exhaustive industry research and receiving feedback from distributor Wick Hill and cyber security partner, BII Compliance, it was clear that LogLogic was the best fit for Hamley's. They did however carry out due diligence and reviewed other solutions as well, but other solutions could not compete in terms of the functionality and service model provided by LogLogic. Service models were of huge importance to the business and they required 100 percent uptime for all systems. LogLogic met all of the requirements – a secure PCI DSS enterprise solution offering great scalability.

The solution

After the decision to move forward with LogLogic was made, the MX3020 appliance along with the complimentary PCI DSS compliance package were subsequently implemented by Hamley's with no interruption to existing users. This was essential as sales, customer service, and operations were not impeded at all while implementing the new solution.

The appliance and PCI DSS package were set up to capture, process, and store all logs generated by Hamley's retail related servers, transactions, customer data, EPOS systems, and more. Bespoke reports were also created to present data in a standardized Hamley's format which made it simpler for the team to create, read, and understand the analysis.

With the addition of LogLogic to their IT environment, Hamley's has been able to integrate all of their infrastructure logging for increased cyber security. They are now able to prevent any improper use of confidential data much more comprehensively. The whole estate is now being proactively monitored 24/7 with real-time alerts set up to ­ flag any unusual activity taking place in the moment. Rather than providing analysis after the fact of a security breach, the solution proactively monitors and takes action on any unusual, suspicious, or malicious activity. The solution also includes data forensics for deep tracking and understanding of how any security compromises may have occurred and how to secure the system in the future.

Not only does the solution provide the immediate benefit of meeting the mandate, it has made the entire Hamley's infrastructure more secure and has increased their operational efficiency through integration of disparate systems. The LogLogic solution has been specifically designed to meet PCI requirements and with ready-made, yet customizable, pre-configured reports it provides all of the alerts and searches that Hamley's could ever need – even on archived data as well. 
Above all, it will allow them to stay on top of new regulatory requirements as they come out and scale as the business expands.

The benefits

Aside from simply meeting the requirements of the PCI DSS mandate, the LogLogic solution has given Hamley's a lot more clarity across its infrastructure. Information is now being proactively fed to the team rather than them having to go off in search of data. It has saved them considerable time and energy since data is immediately accessible and they can perform search through archived information as well. The open API adds extensibility to the solution for both backward and forward improvement of their infrastructure. The LogLogic implementation has increased the ease-of-use of Hamley's logging needs with fully customizable reporting throughout their entire information database. This has allowed for reduced time-to-resolution for any issues as well as improved IT efficiency.

The company is particularly pleased with the support they’ve received from LogLogic, Wick Hill and BII Compliance which they describe as “exceptional” - from the outset right through to go-live, becoming PCI DSS compliant and beyond.

The future

With PCI compliance now established, Hamley's will look at other cases for using LogLogic across the business as well as keeping informed of any new requirements. The solution has exceeded expectations and helped them to achieve the important goal of further protecting customer cardholder data.

BII Compliance continues to support Hamley's as a Cyber Security Partner.

Sunny Sandhu, IT Infrastructure and Support Manager at Hamley's participated and approved the creation of this case study.

Download the full case study in PDF format here