Client story Revionics completes security assessment to give retailers a big picture view of their cloud posture

Business challenge

With Revionics’ customer list of retailers ranging from large to small and medium-sized, it spans various categories, including grocery, home improvement, pharmacy, convenience, and more. All these retailers share the need to keep their customers’ data secure. After recently completing a migration to the cloud from on-prem, Revionics wanted to get a baseline of their security posture to provide that information to their retailer clients for a big picture view and peace of mind.

“Companies are more or less comfortable with the concept of the cloud and cloud security,” says Lea. “We have to make sure we’re always focused on providing good security and best practices around the cloud to properly deliver our services. We need to educate our clients and prospects about what steps we take to ensure that our services and their data are secure.” 

Revionics determined that a security assessment of their cloud infrastructure would be the best way to baseline their security and obtain documentation to educate their customers. They wanted an outsider with expertise in assessing cloud security to offer an independent perspective across their entire cloud footprint, thoroughly evaluate their security, and help guide them on their cloud security journey.

Solution

Because Revionics had recently collaborated with SADA, an Insight company, to complete the full migration of all their production assets to Google Cloud, they naturally considered SADA’s Cloud Security Confidence Assessment. As a multiple-time Google Cloud Partner of the Year, SADA has the resources and experience to help the company gain clarity about their cloud security and define the next steps on their cloud security journey.

Over five weeks, SADA executed the cloud security assessment to determine the security status of Revionics’ Google Cloud infrastructure. SADA conducted the security assessment by evaluating Revionics’ cloud infrastructure across the ten domains of: 

• Identity and Authentication/Authorization 
• Secrets and Key Management 
• Resource Governance & Organization Policy 
• Secure Software Supply Chain 
• Network Segmentation and Security 
• Logging & Monitoring 
• Asset and Data Management 
• Virtual Machine Security 
• Google Kubernetes Engine and Container Security
• Incident Response and Recovery

SADA also performed threat hunting in three Revionics projects. This exercise led to the generation of detailed findings. 

“Based on SADA’s outside, independent review, we were able to assess the results and determine actions that make sense to ensure we’re pursuing the best practices around security,” says Lea. “Security is a journey, not a destination. It’s always changing, and we have to make sure that we continually evaluate what we do well and where we can do better. That’s why we brought in SADA to look at our security and see how that’s progressing.”

Impact

As a result of working with SADA on their Cloud Security Confidence Assessment, Revionics was provided:

• Information about areas of security strength
• Pinpointed opportunities for quick-win improvements
• Observations about longer-term security policy changes
• Aggregated results distilled into a single numerical score
• Detailed findings and recommendations in a sixty-page report
• Documented action items in a checklist format

The impact of these results enabled Revionics to analyze their security by comparing what they intended versus reality. “We were pleasantly surprised at the results for parts of the security assessment,” says Rob Gallo, Director of Information Security at Revionics. “In others, the SADA Cloud Security Confidence Assessment really highlighted areas where we already knew we could make improvements.”

With the Cloud Security Confidence Assessment in hand, the Revionics IT team now has what they need to persuade decision-makers within the organization to prioritize security over competing objectives.