36 CIO Digest April 2009 EMEA Security Standardization Goes to Press Technology, Processes, and People Are the Keys to Success W hen Heidelberg Druckmaschinen AG appointed a new CIO, Michael Neff, nine years ago, he recruited Howard Hutchings from the company’s Web Division in the United States. Hutchings, the vice president of IT infrastruc- ture at Heidelberg, had successfully consoli- dated the division’s IT envi- ronment, reducing costs and driving operational efficien- cies, and Neff wanted Hutchings to replicate the results achieved in the division across all of Heidelberg’s 180-plus global operations. The “un”-juxtaposition of standardization and decentralization Standardization and decentralization are typically seen as juxtaposed. This paradigm, however, has been deconstructed with the evolution in IT environments over the past decade. “The days of a highly centralized mainframe environment gave way to fragmented, decentralized environments based on Microsoft and Novell technologies,” Hutchings recounts. But compliance, cost containment, and other issues prompted a return toward standardization about a decade ago—centralized administration and management while maintaining highly decentralized hardware environments. Hutchings and his new team began a methodical approach that spanned a num- ber of years to consolidate and standardize Heidelberg’s different IT environments. The Heidelberg team approached its global stan- dardization initiative in sequential phases. “We started with a number of different projects,” Hutchings remembers. “We looked at the different pieces; the network, security, and desktop environments were defragmented Howard Hutchings (right), Vice President of IT Infrastructure, and Wolfgang Ruland, Global IT Security Officer Peter Vogel By Patrick E. Spencer
Transcript
36 CIO Digest April 2009
EMEA
Security Standardization Goes to PressTechnology, Processes, and People Are the Keys to Success
When Heidelberg Druckmaschinen AG appointed a new CIO, Michael Neff, nine years ago, he recruited Howard Hutchings from the
company’s Web Division in the United States. Hutchings, the vice president of IT infrastruc-ture at Heidelberg, had successfully consoli-
dated the division’s IT envi-ronment, reducing costs and driving operational efficien-
cies, and Neff wanted Hutchings to replicate the results achieved in the division across all of Heidelberg’s 180-plus global operations.
The “un”-juxtaposition of standardization and decentralizationStandardization and decentralization are typically seen as juxtaposed. This paradigm, however, has been deconstructed with the evolution in IT environments over the past decade. “The days of a highly centralized mainframe environment gave way to fragmented, decentralized environments based on Microsoft and Novell technologies,” Hutchings recounts. But compliance, cost containment, and other issues prompted a return toward standardization about a decade ago—centralized administration and management while maintaining highly decentralized hardware environments.
Hutchings and his new team began a methodical approach that spanned a num-ber of years to consolidate and standardize Heidelberg’s different IT environments. The Heidelberg team approached its global stan-dardization initiative in sequential phases. “We started with a number of different projects,” Hutchings remembers. “We looked at the different pieces; the network, security, and desktop environments were defragmented
Howard Hutchings (right), Vice President of IT Infrastructure, and Wolfgang Ruland, Global IT Security Officer
Pet
er V
og
el
By Patrick E. Spencer
symantec.com/ciodigest 37
around the world. We established one project to bring them into a standard infrastructure and set of processes. Over the course of three or four years, we standard-ized and deployed the infrastruc-ture for each of these technology areas throughout the world.” For Heidelberg this meant a shift from scattered services spread across its various locations around the world to a centralized set of security, desktop, and network services.
The overarching results are impressive and include highlights such as slashing the IT budget by nearly half; eliminating more than 80 percent of the Microsoft Exchange servers; and virtualizing more than 80 percent of all servers operated in the global data center, 50 percent of the desktop applica-tions, and as much as 75 percent of storage systems.
Getting the right security “type set” in placeHutchings and his team turned their attention toward security
about three and a half years ago. “We were in the middle of our standardization and globalization efforts,” Hutchings recalls, “and we had a highly distributed security environment consisting of seven or eight different solutions provid-ers and more than 15 different products.” The security compo-nents included Trend Micro for the data center, McAfee for clients, and Symantec for mail security. In addition, the various security stakeholders didn’t have a broader view of security beyond their own systems. “When a problem oc-curred,” Hutchings relates, “the security team from that locale didn’t understand the broader ramifications.”
This all amounted to a sig-nificant impact to the business. Hutchings cites the following scenario to describe the situation. “While a small 15-person site went home at the end of the day because they had remediated the problem, security intrusions at various sites around the globe—transferred
from the 15-person site—might rage for several days and shut down operations for hours or even days.”
Consolidation and standardiza-tion of the security environment would provide Hutchings and his team with a unified view of all endpoints across all locations and all environments—from the data center to the client. Hutchings commissioned 27-year Heidelberg veteran Wolfgang Ruland to lead this effort. Beyond conducting an
Receiving over 70,000 visitors annually, Heidelberg’s Print Media Academy is the hub of a global network that covers 18 locations in 15 countries and offers courses on products, technological innovations, business management, sales, international management, as well as an advanced course on print media management.
Founded: 1850 (when Andreas Hamm set up a bell foundry and mechanical flatbed cylinder press) Headquarters: Heidelberg, GermanyWorkforce: Approximately 19,000IT Staff: Approximately 500Operations: Six continents, 250 sales offices, over 200,000 customers, and more than 400,000 printing units soldRevenue (FY2008): Over €3.6 billion Publicly Listed: HDD (MDAX) Website: www.heidelberg.com
Heidelberg Druckmaschinen AG
s
Pet
er V
og
el
Pet
er V
og
el
EM
EA
38 CIO Digest April 2009
inventory of the existing security infrastructure, Ruland, the global IT security officer at Heidelberg, mapped out the company’s busi-ness and technology requirements.
“We ultimately determined that we needed a one-vendor approach,” Ruland explains. “We sought a technology solution that could protect all of our endpoints and [Microsoft] Exchange servers and selected Symantec.”
As a result of working with Symantec Consulting Services, Ruland and his team standardized Heidelberg’s security infrastruc-ture onto Symantec AntiVirus and Symantec Brightmail Gateway appliances. “Standardization drove cost reduction, head-count reduc-tion, and operational efficiencies throughout the business,” Hutch-ings says.
The reasons for selecting Symantec were not short term but rather long term. “We didn’t
purchase the Symantec solutions three years ago simply because Symantec had products that met our technology requirements,” Hutchings notes. “We selected Symantec because its roadmap clearly mapped to our long-term objectives—securing of the mail gateways, securing of the desktop, and bringing everything together under one management console.”
Upgrading endpoint securityWith the release of Symantec Endpoint Protection, Ruland and his team opted to upgrade from Symantec AntiVirus. “Our prior environment lacked functionality in the console and management areas,” Ruland says. With initial help from Symantec Partner niwis consulting e.K. during the planning phase of the project, Ruland and his team completed the rollout to nearly 20,000 clients
and expect full deployment across data center endpoints in several months.
“As our clients are highly standardized, which includes lifecycle management, it was very easy to configure the deployment,” Ruland comments. The Heidelberg team elected to initially extend just antivirus technology with the upgrade and will add antispyware and possibly firewall, device control, and application control technologies once the data center implementation is complete.
Heidelberg is already seeing results from the upgrade to Symantec Endpoint Protection. The most significant result involves labor productivity. To manage the security for more than nearly 20,000 clients and hundreds of data center servers scattered around the globe, Ruland has only three and a half IT staff. The exact reduction in labor costs over the prior environment is difficult to calculate, though significant. “To be honest, we aren’t certain how many staff previously worked on security,” Hutchings says. “This was more or less hidden in the different areas and it is impossible to ascertain the total number of staff and hours spent working on security. With the reorganization of our security environment, we were able to consolidate security management function to a handful of staff.”
Benefits extend to the help-desk as well, which now spends less time on security-related calls. End users are also realizing productivity gains. “Security is seamless to them,” Hutchings comments. The next-generation solution provides endpoint protection, identifying, quaran-tining, and remediating intru-sions without any productivity impact to end users. The reduced footprint of Enterprise Protection increases system performance and thus end-user productivity.
Be
rn
ar
d H
off
ma
n/S
trin
ge
r
Around 1040 CE, the first moveable type system—or letterpress—was created in
China by Bi Sheng. Made out of clay, the porcelain easily broke, and in 1298 CE Wang Zhen made a more durable system from wood. He also leveraged revolving tables and number association that made typesetting and printing more efficient.
The printing press was intro-duced to the western world in 1450 CE when Johannes Gutenberg printed a German poem. His most famous print-ing project, the Gutenberg Bible, a Latin Vulgate transla-tion of the bible, was first released in 1455.
Offset printing, where the inked image is transferred from a plate to a rubber blanket and then to a printing surface, was invented by Ira Wash-ington Rubel in 1903. When used in combination with the lithographic process, which is based on the repul-
sion of oil and water, the offset print-ing technique employs a flat image carrier on which the image is printed, obtaining ink from ink rollers, while the non-printing area attracts a water-based film that keeps it ink free.
Heidelberg Druckmaschinen made the transition from letterpress to offset printing in 1962 and never turned back. The company garners greater than 40 percent of the sheetfed offset press market today and is the world’s leading provider for the print media industry.
Nearly 10 Centuries of Printing
s
The Gutenberg Bible
symantec.com/ciodigest 39
Be
rn
ar
d H
off
ma
n/S
trin
ge
r
“The stability of our clients and servers has improved,” Hutch-ings adds.
And most importantly, Heidel-berg reduced its IT risks. Hutch-ings explains: “The IT risks for Heidelberg has decreased with the improved quality of virus and malware protection. Addition-ally, the standardization of our environment reduces the amount of time for system updates and patches.”
Spam loses its type setThe Heidelberg team opted to migrate from Symantec Brightmail Gateway software to appliances at about the same time as they elected to upgrade to Symantec Endpoint Protection. Beyond reducing the amount of spam that reaches end users, to less than a tenth of a percent, Hutchings sees the ability to block phishing emails as an im-portant benefit.
“We typically receive 1 million spam messages each day,” he re-ports. “Previously, end users would get 50 or 100 phishing emails a day and would need to spend valuable time looking at each one and then deleting them—or even contact-ing the IT helpdesk for assistance, which expended even more time.”
Three ingredients of successAsked to assess what’s made his team’s standardization efforts successful, Hutchings explains that “you always need a mixture of good technologies, processes, and people.” He also spells out three overriding principles. “The first is that it simply takes time,” he says. “Everything may look good on paper and all of the different constituents may concur on the project plan, but it requires consistent focus and direction.”
The second piece is the need for a knowledgeable staff. “It is important to identify five or six different individuals who really want to dig into the various issues and empower them to become subject-matter
experts,” Hutchings notes. Training is a critical component here, and Hutchings and Ruland leveraged Symantec Education Services to help ensure their security staff are subject-matter experts on the Symantec technologies for which they are responsible. This includes Symantec Endpoint Protection Certification for each member of the security staff. “We just moved a new staff member into a security role,” Hutchings reports, “and one of his first action items was to complete training from Symantec Education Services.”
Hutchings specifically calls out Ruland for his outstanding leader-ship over the past three and a half years. “Without an excellent leader who understands security like Wolf-gang Ruland, a project of this scope will simply not succeed. Any ‘tool’ is just a tool, one that can be used effectively or ineffectively. A good IT leader brings real facts to the table and then controls how to put all of the pieces together.”
Ruland also credits Hutchings for his leadership. “It takes a tough leader who will support and back you,” Ruland notes. “Changing systems and processes is not an easy feat.”
Hutchings sums up the col-laborative relationship: “We’ve brought the best of both Ameri-can and German ingenuity together. Sometimes, from an American point of view, it is a matter of get out there and do it quick. And from a German point of view, it is a matter of analy-sis and bringing the different pieces together right.”
“The third item is a balancing act,” Hutchings concludes. “It is a matter of determining the probability of something happening and then assessing this against the risk associ-ated with its actual occurrence.”
Enabling ongoing (r)evolutionMany place the genesis of the Indus-trial Revolution with the invention of the printing press. Mass production of the written word transformed society and made knowledge previ-ously accessible to a privileged few to the broader masses. Having produced and sold more than 400,000 printing ma-chines, Heidelberg has left an indel-ible imprint on the evolution of the written word over the past century and a half. And with its recent stan-dardization initiatives, the IT team is proving that information technology can be a key enabler in the company’s ongoing quest to do so. n
Patrick E. Spencer (Ph.D.) is the editor in chief for CIO Digest and the author of a book and various articles and reviews published by Continuum Books and Sage Publications, among others.
