Villeroy & Boch

Cloudflare helps to safeguard Villeroy & Boch’s global ecommerce infrastructure

Villeroy & Boch is one of the world's leading premium brands for ceramic products. Founded in 1748 and headquartered in Mettlach, Germany, the family-owned company stands for innovation, tradition and style. As a renowned lifestyle brand, Villeroy & Boch is represented in 125 countries with products in the Bathroom & Wellness and Dining & Lifestyle segments. The company continues to expand and innovate by growing their global direct-to-consumer ecommerce infrastructure. Villeroy and Boch report annual revenues totaling €945 million.

Challenge: Securing international websites in a rapidly expanding ecommerce infrastructure

To better meet the demands of an expanding marketplace, Villeroy & Boch recently moved a large portion of their infrastructure and internal applications — including content management systems for regional marketing websites, and Commerce Cloud, their sales platform — to the cloud.

With over 70% of its internal applications offsite, however, the company recognized the urgency of securing them against mounting threats like bot attacks, DDoS, and inventory hoarding.

“The risk of malicious activity on the web has only increased over the years,” explains Erik Heinen, Villeroy & Boch’s Lead CIT for CRM & ECM. “Shifting our business to the cloud required a much stronger focus on security.”

Using Cloudflare layer 7 services to rapidly secure complex web applications

Looking for a solution, Villeroy & Boch conducted extensive research and compiled a list of potential security partners. Based on their findings, the team selected Cloudflare layer 7 services — Web Application Firewall (WAF), DDoS Protection, and Bot Management — to secure their growing cloud infrastructure.

“Cloudflare was one of the only vendors that met all of our technical and budgetary requirements,” says Heinen. “The dedication and flexibility of the Cloudflare team during the discovery process made them our first choice.”

Working closely with the Villeroy & Boch team to ensure smooth onboarding, Cloudflare lived up to the company’s expectations.

“Support during the implementation was excellent. Cloudflare worked with us day and night to get everything running,” says Schneider. “The few times we had an issue, the Cloudflare team was on hand to solve it almost immediately.”

Cloudflare customer support engineers (CSEs) also collaborated with the engineering team to complete the integration of Villeroy & Boch’s Commerce Cloud e-commerce portals.

“Our Commerce Cloud was a complex application to set up,” says Schneider. “I don't think it would have been nearly as efficient, or even possible, to manage its configuration without the support of Cloudflare CSEs.”

Improving performance and mitigating sophisticated attacks with the Cloudflare WAF, Bot Management, and DDoS Protection

With the implementation complete, Cloudflare security improvements have led to significant performance gains. The Cloudflare WAF has substantially reduced the company’s server loads by automatically mitigating malicious server traffic.

“We immediately saw a huge difference in reduced bot traffic and SQL injection attempts with the WAF stopping a variety of attacks at the Cloudflare level,” says Schneider. “Because our servers are no longer overloaded, we have also reduced our hardware requirements even though we are constantly extending and improving our web application infrastructure.”

Since its implementation, Cloudflare Bot Management and DDoS mitigation have also been a critical part of the Villeroy & Boch security arsenal. The service has already protected their UK, Ukrainian, Swedish, and Norwegian websites against several out-of-country attacks.

“The best thing about Cloudflare security is its complete automation. We saw immediate results with only basic configuration,” says Schneider. “During recent attacks, we used Cloudflare to get our stores back up and running. We could never have done that with our previous vendor setup.”

Additionally, Villeroy & Boch’s Swedish and Norwegian operations experienced inventory hoarding bots on their ecommerce platforms. A sophisticated attacker was using scripts to generate a high volume of online orders that limited the amount of inventory available to genuine customers.

“Using Cloudflare, we were able to isolate the origin of the attack,” says Schneider. “We reacted quickly to set up new rules that stopped the bot attack before it could do actual damage to our business or reputation.”

Now that Cloudflare has secured the Villeroy and Boch infrastructure, and the company has completed the majority of their cloud migration, they have widened their ambitions. Villeroy & Boch are focusing on both security and performance by migrating websites from their current provider to Cloudflare DNS Management.

“Cloudflare has been extremely professional,” says Heinen. “They have helped us more efficiently manage and secure our infrastructure. It gives peace of mind to know that we have an excellent product in front of our applications to protect us.”