The Schwarz Group, one of the world's largest retailers and a leader in cybersecurity, is strengthening its position through advanced technologies and strategic partnerships. At GoTech World 2024, its security leaders discussed new ways to manage cyber risks and exposures. With innovations such as XM Cyber platform and STACKIT cloud solutions, Schwarz Group is redefining standards for data protection and operational efficiency and serves as an example for companies in highly regulated industries.
The Schwarz Group stands out in the global marketplace not only as one of the world's largest retailers, but with its IT and digital division Schwarz Digits, also as a leader in technology innovation and cybersecurity.
Strategic partnerships for enhanced security
Schwarz Digits, through its cyber defense centers (CDCs) in Germany and Barcelona, is committed to continuously expanding its teams and services, with a strong focus on cybersecurity across every aspect of its value chain.
One key element of this effort is Continuous Threat Exposure Management (CTEM), a proactive, five-stage framework offered by XM Cyber, one of the companies of Schwarz Digits. CTEM helps organizations identify and prioritize vulnerabilities, reduce exposure to cyber-attacks, and continuously improve their security posture by monitoring and remediating weaknesses before they can be exploited.
The STACKIT Cloud, launched in 2018 to drive the digital transformation of the companies of Schwarz Group with high-performance cloud services, is protected by XM Cyber, ensuring secure and sovereign solutions.
To further strengthen its cybersecurity and digital transformation efforts, the companies of the Schwarz Group have formed with Schwarz Digits strategic partnerships with Google, SAP, and ServiceNow. In collaboration with SAP, XM Cyber helps deliver RISE with SAP on the STACKIT Cloud, providing secure and sovereign cloud solutions for businesses moving their ERP applications. Through its partnership with Google, XM Cyber integrates its CTEM solution with Google Cloud’s security portfolio, offering enhanced protection for the companies of the Schwarz Group and other clients using Google Workspace. Additionally, STACKIT and ServiceNow collaborate to host ServiceNow’s solutions on the STACKIT Cloud, ensuring GDPR compliance while combining ServiceNow’s innovations in GenAI with STACKIT’s cloud expertise.
" In today's cybersecurity landscape, a proactive approach is essential, and one of the most effective ways to do this is to take the attacker's perspective, as we do with XM Cyber's solution. To also guarantee digital sovereignty, we deliver data-sovereign services with our STACKIT Cloud, whereby the data and data processing do not leave the European area. This also applies to the future solutions that we are offering with our new partner Google. For example, STACKIT will offer its customers the ability to enable client-side encryption of their Google Workspace data - including sensitive and confidential data in regulated industries - via its own cloud platform, preventing access by third parties, including Google itself." - Walter Wolf, member of the Executive Board of Schwarz Digits
XM Cyber at GoTech World 2024
In a recent presentation at GoTech World 2024, Frank Herold, Head of Exposure Management, and Borislav Roussanov, Senior Professional Exposure Management, addressed the challenges and solutions related to cybersecurity and vulnerability exposure management, providing a detailed insight into the group's complex security strategy.
Frank Herold explained the concept of proactive exposure management, a modern and comprehensive approach to cyber risk management. Unlike traditional vulnerability management, which focuses exclusively on identifying and remediation of technical vulnerabilities (CVE - Common Vulnerabilities and Exposures), exposure management covers a broader spectrum of risks, including non-CVE vulnerabilities such as cached credentials or misconfigurations. This methodology provides a holistic view of all security risks, essential in an increasingly complex cyber environment.
Borislav Roussanov emphasized the differences between traditional vulnerability management, which involves scanning, assessment, prioritization, and remediation, and Schwarz Digits advanced approach. "Organizations are faced with a vast volume of assets and vulnerabilities, and remediation of all of them is not always possible," Roussanov explained, pointing to the importance of identifying "choke points," those critical points in the path of a potential attack that enable effective exposure management.
To deal with growing cyber threats, Schwarz Digits uses the XM Cyber platform to simulate attacks and analyze pathways to critical assets. This tool not only identifies existing vulnerabilities but also simulates how they could be exploited. "Our platform enables focused remediation on critical vulnerabilities, reducing risk by up to 75%," Herold emphasized. This type of automation and continuous monitoring facilitates collaboration between security and IT teams, focusing on managing relevant exposures.
The importance of speed and flexibility
In addition to its cybersecurity efforts, Schwarz Digits has also made a name for itself by providing a robust and secure cloud IT infrastructure for companies in highly regulated industries through STACKIT. This cloud platform, dedicated to European industry, combines data sovereignty (with data centers in the EU and headquarters in Germany) including open-source technology, providing a highly secure, scalable, and cost-effective IT solution. Coming from the retail sector, STACKIT takes a hands-on approach, with each project implemented quickly and efficiently.
Schwarz Digits ensures reliable support and uninterrupted business operations, even in times of uncertainty. This stability enables the organization to navigate challenges effectively while maintaining a consistent focus on operational excellence and dependability.
The platform is characterized by speed and flexibility, and the services are virtualized and permanently available without restrictions. STACKIT also offers a flexible pay-as-you-go pricing model, eliminating maintenance costs and unnecessary capacity, while providing unrivaled scalability - services can be activated or deactivated as needed.
" When we talk about data security at Schwarz IT, within Schwarz Digits, to be more precise, we integrate data security into the broader concept of digital sovereignty. This means using and protecting data in compliance with European values and norms - be it NIS2, EU Cybersecurity Act, DORA, GDPR, or other European standards. We have our own cloud solution, STACKIT, and also a cybersecurity solution, XM Cyber. The XM Cyber approach is modern, proactive, and highly automated within a CTEM (Continuous Threat Exposure Management) framework. Both solutions support the companies of Schwarz Group, which generated €167 billion in business in 2023. As we have complete confidence in these products and the competencies of our colleagues, we also have full confidence in offering them to our customers through our new technology division, Schwarz Digits." - Octavian Ichim, CEO Schwarz Global Services Hub Romania
This positions the companies of the Schwarz Group and Schwarz Digits as innovators not only in retail but also in technology, demonstrating how a global organization can seamlessly combine operational excellence with a forward-thinking digital strategy in the field of digital transformation. The adoption of advanced exposure and vulnerability management solutions, integrated with AI and other cutting-edge methods, reflects the companies of the Schwarz Group's commitment to security and innovation, setting a benchmark for the global industry.