Croma was the first one-of-its-kind large format specialist retail store that catered to all multi-brand digital gadgets and home electronics needs in India. Over a decade since its inception, today Croma caters to over 10 million customers and has almost become synonymous for all electronics needs, with its tech-savvy staff, product range, online presence, and the will to help customers.

With over 200 brands and 150+ stores across 40+ major cities of India. Croma ensures there is something for everyone with over 6000 products – Digital Gadgets like Mobile Phones, Laptops, Tablets or Entertainment Solutions like Televisions, Sound Bars & Home Theatres or Cameras & Accessories for photography enthusiasts or Home Appliances like Air Conditioners, Refrigerators, Washing Machines or Cooking & Kitchen Appliances like Air Fryers, Soup Makers, Cooktops, Dishwashers.

Challenges Faced by Client

Croma as an enterprise business has a large IT infrastructure, so, the client has a requirement to do an in-depth check on their security situation and assess their vulnerability to hackers and other threats. In addition, they also have a requirement to do periodic penetration testing, to ensure that the infrastructure continues to be highly secure.

NTPL Solution to Client

NTPL experts completely analyzed the IT infrastructure of the client including security infrastructure, network infrastructure, servers, operating systems (including Windows, AIX, and Linux), and wireless infrastructure for vulnerabilities. We also reviewed policies and procedures. NTPL used the Vulnerability assessment tool in CROMA, collected information reviewed the finding with the client, and finalized the client’s security posture.

Our team looked for trends and recurring issues that needed attention. We found issues of varying severity in multiple areas. As issues were uncovered our team notified the CROMA core IT team and proposed remedial actions.

NTPL team reviewed the configuration of the core IT components to find the loopholes that posed a threat to the overall confidentiality, integrity, and availability of network data and resources. We made recommendations on how to tighten security controls and harden the devices and servers.

After the remedial measures are put in place penetration test was performed and the reports were reviewed with the client team. After the above initial exercise, on an ongoing basis, once every three months, NTPL performs vulnerability assessment and penetrating testing for Croma and shares the findings, reviews them with the client, and recommends remedial measures if any. This ensures that the client’s infrastructure remains highly secure on a continuous basis.


Overall risk reduction has been achieved, with faster incident response times and greater levels of productivity from the security team and another benefit is a greater awareness among the entire IT staff about how any vulnerability or weakness in any functional area affects the overall security posture at large.