Customer Stories | Renner
Discover how Renner strengthened the security of its applications with a continuous and innovative approach
About Renner
Renner stands out as a pioneer in the Brazilian retail sector, distinguished by its commitment to excellence and innovation. This results from a strategic collaboration between Renner and other renowned brands, such as Camicado and Youcom, solidifying the company's position as a reference in engaging millions of customers.
In 2022, Renner achieved a notable revenue of R$350 million, driven by a significant 35% increase in the average purchase value and a 25% growth in store visit frequency. Additionally, the company recorded an impressive 180% increase in return on investment (ROI) for its partner brands, reinforcing its influence in the retail landscape.
Renner continues to excel not only as a renowned brand but also as a benchmark for innovation and effectiveness in the industry. Setting high standards of excellence, the company not only delivers significant benefits to its customers but also strengthens strategic partnerships, consolidating its prominent position in the market.
Highlights:
- +130 million lines of code reviewed
- 8 threat modeling
- 144 Security Requirements for development
- 69 professionals trained in secure development
Enhancing the continuous security of applications with each new deployment
As a powerhouse in the fashion retail scene, Renner faces significant challenges related to the security of its applications and secure development. The company manages a substantial volume of transactions involving sales, online interactions, and customer data management within its extensive network of stores, products, and services. The complexity of e-commerce operations puts it in a potentially susceptible position to cyber attacks and fraud, highlighting the urgent need to maintain an exceptional standard of security in its applications.
Given the critical importance of security and the constantly evolving cyber threat landscape, the company feels obligated to regularly subject its applications to rigorous assessments to ensure the robustness and integrity of the systems. Furthermore, Renner faces the challenge of ensuring continuous monitoring with each new deployment. Implementing updates and new features requires active vigilance to ensure that each change is secure without compromising the security of sensitive customer information.
Another strategic challenge involves increasing the maturity of Application Security processes. Recognizing the importance of integrating security from the early stages of development, Renner seeks to enhance its AppSec processes, aiming to reduce the costs associated with the late identification and correction of security flaws. These challenges outline a complex scenario where Renner, as a leader in the fashion retail sector, needs to adopt innovative and efficient approaches to ensure the continuous security of its applications and maintain the trust of millions of customers in its operations.
Developing a continuous security process
To overcome the mentioned challenges, Renner is implementing innovative solutions and strategies focused on the secure development of its applications.
In an initial approach, the company adopted a time bank contract for conducting point-in-time security tests. This measure provided Renner with crucial flexibility in vulnerability identification, ensuring regular analyses and immediate corrections. This agile approach aims to avoid prolonged exposure to threats.
.png)
However, at Conviso, we believe in a continuous approach to application security. We initiated the Shift-Left OffSec managed service, which combines a specialized platform with human expertise. This solution enables constant monitoring of the entire development pipeline, integrating with the development pipeline to ensure that security processes are effectively incorporated into all software development life cycle phases. This provides a proactive approach to security from the beginning of development.
Furthermore, recognizing the importance of a cultural shift, Renner invests in training and periodic lectures for its development team. These initiatives aim to raise awareness and educate groups about security best practices, fostering collective understanding throughout the organization. The integration of AppSec Squads, which embeds Conviso security analysts in the daily operation of development and security teams, provides ongoing support in application security.
These solutions demonstrate Renner's commitment to addressing security challenges comprehensively. The company adopts a holistic approach covering technology, processes, education, and team collaboration to ensure secure development and continuous protection of its digital assets and customer data.
Continuous and Proactive Monitoring
With the implementation of the proposed solutions to Renner's security and secure development challenges, the company achieved significant and positive results.
Increased Development Process Efficiency: The integration of security from the early stages of the development process led to a decrease in time spent on rework and ad-hoc testing. This reduced costs associated with late-stage corrections and optimized operational efficiency, enabling faster and more consistent deliveries.
Consolidated Security Culture: Renner achieved an effective cultural shift, which is evident in security becoming an integrated priority in all stages of the development cycle. Regular training sessions and lectures showed a notable increase in awareness among professionals, creating an organizational culture committed to security best practices.
Reduction in Vulnerabilities: Renner recorded a significant reduction in the number of new vulnerabilities in its applications. The continuous security approach, combined with rigorous assessments and periodic penetration tests, strengthened the systems' resilience against potential threats.
Enhanced Vulnerability Management: Implementing the Conviso Platform and constant communication with Conviso analysts allowed for more effective and comprehensive vulnerability management. The risk-based approach enabled more informed decision-making, resulting in agile corrections and a proactive security posture.
These outcomes demonstrate Renner's commitment to comprehensively addressing security challenges, yielding tangible gains in risk reduction, operational efficiency, and a consolidated security culture.
Cultura de Segurança:
Através da capacitação dos profissionais envolvidos no desenvolvimento, a segurança se tornou uma prioridade essencial em todas as etapas do ciclo de desenvolvimento.
Redução de custos:
A inserção da segurança nas fases iniciais do processo de desenvolvimento de software resultou em uma significativa redução dos custos associados ao retrabalho e aos testes pontuais.
Pentests mais abrangentes:
A colaboração entre a equipe da Stix e os recursos da Conviso enriqueceu os pentests, proporcionando uma compreensão mais profunda das vulnerabilidades e dos possíveis cenários de ataques e fraudes.
Melhor gestão de vulnerabilidades:
A Conviso Platform, juntamente com a comunicação com os analistas da Conviso, possibilitou uma gestão completa das vulnerabilidades, pautada no gerenciamento de riscos e de maneira contextualizada. Isso resultou em maior agilidade e precisão nas correções implementadas.
