Rimini Street strengthens security posture for Middle East conglomerate

Rimini Street strengthens security posture for Middle East conglomerate

With the Khimji Ramdas Group partnering with Rimini Street for third party support, Prashant Kumar, CTO, Khimji Ramdas Group, discusses how Rimini Street’s support model contributes to strengthening the company’s security posture across its ERP and IT systems.

Prashant Kumar, CTO, Khimji Ramdas Group

What were the key factors that led to your decision to partner with Rimini Street for third party support?

The biggest advantage was their expertise. Rimini Street has a strong focus on SAP, and the consultants we work with bring a wide range of experience across all the SAP modules we use, from SD (Sales and Distribution) to MM (Materials Management). That was one of the key factors that influenced our decision.

The second factor was pricing. After consulting internally and thoughtfully evaluating several partners, Rimini Street stood out as the most cost-effective option, aligning well with our budget. These were the two biggest advantages that led us to partner with them.

How has the transition to Rimini Street impacted your overall IT strategy, particularly in terms of innovation and product development?

When we were with SAP, they strongly encouraged us to transition to S/4HANA. However, we didn’t want to make that move just yet. We preferred not to allocate our budget to this transition right now. Instead, we wanted to maintain our current ECC platform and choose our own strategy rather than follow a vendor-driven approach.

Rimini Street has allowed us this flexibility. They support our decision to continue with the ECC platform, letting us set our own IT strategy. This has been a significant advantage, as they’re helping us maintain our current system while allowing us to determine our own path forward. Instead of making a direct investment to move S4 Hana we can continue with ECC for a couple more years and use the funds for other developments that need to be prioritised.

With your company operating across multiple business verticals, how do you ensure that your IT infrastructure remains agile and adaptable to the diverse needs of your operations?

Our company represents multiple international brands in luxury and the FMCG segment, including high-profile names like Chanel and Rolex. Given this, data privacy is of utmost importance. To ensure our IT infrastructure remains agile and adaptable to the diverse needs of our operations, we’ve adopted a hybrid approach.

We use a combination of private cloud, public cloud and on-premise servers. The private cloud is crucial for ensuring data privacy, especially as the industry increasingly moves in that direction. However, we also maintain on-premise servers to meet consumer-centric needs, particularly for our multiple ERP platforms and e-commerce operations. These platforms require agility and must be located close to the users, so we ensure our e-commerce systems are positioned accordingly.

Currently, most of our solutions are managed in-house, with some public cloud solutions, like Salesforce CRM. However, due to the data protection law enacted in Oman last year, we’ve had to ensure that all consumer-related data stays within the country, requiring our service providers to move their data centres locally.

Overall, our complex operating environment necessitates a hybrid model, blending private cloud, public cloud, and our own managed data centres to meet the varying demands of our business verticals.

Given the critical importance of cybersecurity, how does Rimini Street’s support model contribute to strengthening your security posture across your ERP and IT systems?

Since we’ve moved away from SAP’s direct support, we no longer receive the latest updates from them. While this could be seen as a drawback, Rimini Street has played a crucial role in mitigating this by working closely with our infrastructure team to ensure our systems remain well-protected.

Although we don’t receive SAP’s updates, Rimini Street continuously reviews our IT infrastructure and provides guidance on building necessary protective layers on top of our SAP system.

Rimini Street regularly reviews our SAP infrastructure and advises us on building resilience. We at our end conduct regular checks and reviews to ensure that we are compliant and updated.

What are some of the cybersecurity challenges you’ve faced since partnering with Rimini Street?

The biggest trend we’re noticing is the lack of updates from SAP since we’re no longer partnered with them. This absence of patches, updates and upgrades poses the most significant security risk for us. Without these updates, our systems could be vulnerable.

In this scenario, Rimini Street has been instrumental in advising and guiding us on how to build a network resilience layer.

They help us protect our environment even without the regular updates from SAP. Last year, we worked with Rimini Street on this exercise, and also collaborated with an external partner to conduct a comprehensive security review.

We shared the findings with Rimini Street to help ensure our architecture is compliant and that there are no external breaches to the servers we host on our premises.

How do you ensure that your custom code, which Rimini Street continues to support, remains secure and compliant with evolving cybersecurity standards?

We have around 700 custom Z codes in our SAP system, which has been in place for over 10 years with significant customisation. When we started evaluating partners, none were willing to support us on these custom codes. 

However, since partnering with Rimini Street, they’ve been providing comprehensive support for all our custom codes, including the new ones we’re developing. Rimini Street quickly integrated with our team, took the time to understand our customisations, and now they assist us at every step, providing protection for our custom code in compliance with evolving cybersecurity standards. Whenever an issue arises with these codes, they are there to guide us and help resolve it.

How do you see the current landscape of cybersecurity evolving in the next few years?

In the recent past, especially in the retail sector, we’ve seen a significant rise in cyberattacks targeting consumer data, which is critical given the data privacy laws we operate under. In mid-August, one of the largest retailers in the GCC was under attack, leading to their e-commerce site being compromised.

This highlights the importance of securing our e-commerce platforms and ensures that our DevOps teams rigorously test any new code they develop. It’s crucial that we continuously conduct vulnerability assessments and penetration testing (VAPT) not only on our software but also across our network infrastructure.

As we adopt DevOps and Agile methodologies, we must maintain a continuous evaluation of our environment to prevent data breaches and ensure that access to data is tightly controlled and monitored. This on-going vigilance is key to protecting our systems and the sensitive information we handle.

What role does employee training play in your overall cybersecurity strategy?

Employee training is a crucial component of our cybersecurity strategy. We conduct monthly cybersecurity training for all users, including new hires, and regularly send out updates via flyers and emails. This training is tailored to various roles within the organisation, whether it’s office staff, store managers, or associates working in our stores.

Given that we handle sensitive customer data, such as credit card and personal information, it is vital that employees understand how to protect consumer and personal data and adhere to best practices. For instance, in our stores where tabs are used for transactions, it’s essential that these devices are secure and used exclusively for their intended purpose.

We focus on educating employees about what actions to take and what to avoid, ensuring that our endpoints are safeguarded against potential breaches. Regular training and internal assessments help us maintain a high level of security awareness and resilience, preventing both intentional and unintentional breaches of our systems.

Browse our latest issue

Intelligent CISO

View Magazine Archive