With increased utilization of existing solutions and the implementation of new technology, Coloplast has invested heavily in its network security. The goal is more transparency and control, allowing a faster response to threats and incidents.
Mike Twigg, Senior Director of Global IT Operations & Support in Coloplast, describes it as a defining moment for Danish businesses when Maersk was the target of a comprehensive cyberattack in the summer of 2017. An attack that subsequently was estimated to have cost Maersk approximately DKK 1.5 bn. Prior to the Maersk attack, Mike Twigg recalls that it could be challenging to get your own management to relate to a security risk and, therefore, get the funding needed. But that changed overnight. If Maersk could be targeted, then anyone could.
“It was a wakeup call, and we instantly knew that we had to strengthen security,” says Mike Twigg. He explains that even though Coloplast had implemented security solutions that protected users against attacks from hackers, their security model was, overall, characterized by the use of security products from several different providers.
“Our aim was – and is – to shine a light on our infrastructure so that we can act swiftly and effectively on threats and incidents. That is why we invested further in next-generation firewalls and optimized our analysis and response capabilities, among other things. This was step one.”, Mike Twigg, Senior Director of Global IT Operations & Support in Coloplast
“The challenge was that our security solutions didn’t provide us with the combined overview of the components in our infrastructure. In addition, all our security solutions were reactive. They were able to tell us what had happened, but not what was happening right now or give us a warning if something needed our attention.”
Let there be light
Mike Twigg explains that in the months following the Maersk attack, he received plenty of phone calls from security vendors that wanted to sell him new security solutions – one more ground-breaking than the next.
“But I didn’t need AI, Big Data, or any fancy cloud technology. I simply wanted to increase the transparency in our infrastructure, so we could see what was going on,” he says and explains that he usually employs the metaphor of a long dark hallway when describing Coloplast’s previous network monitoring setup. They were left in the dark, and that is not a good feeling to have when the next threat may be hiding around the corner.
“Our aim was – and is – to shine a light on our infrastructure so that we can act swiftly and effectively on threats and incidents. That is why we invested further in next-generation firewalls and optimized our analysis and response capabilities, among other things. This was step one,” says Mike Twigg.
SOC and better system utilization
The next step was to create Coloplast’s own SOC unit – operating in Poland. Unlike previously, when security resources were not always available for incident management, Coloplast now has a fixed team ready to act when a critical situation arises. With Coloplast’s global presence in mind, it has been a priority for Mike Twigg to define a fixed incident response practice that the SOC unit has been trained in so that all business units are protected to the same standards.
As part of Coloplast’s focus on increasing the security level, they also made sure that their existing security solutions from Cisco and Microsoft, among others, were implemented and used fully. Previously, certain security features were, for instance, rolled out to some employees while other groups of employees had a different security profile. Today, the profile is, more or less, the same for all employee types around the world.
Closer collaboration in the security department
Implementing new security products has had the positive side effect of the individual teams in Coloplast’s security department now working together more closely.
“Previously, our network department could, for instance, change something in a setting without it influencing our customers. That’s no longer possible. Now all changes influence our general security setup, forcing our teams to coordinate what they do. Security has become the glue between network, server, and client departments,” says Mike Twigg.
He explains that Coloplast has gone from having a multi-vendor approach to a single-vendor one. They do have four vendors when it comes to security, but this must be compared with other companies of Coloplast’s size that can have up to 50 different security vendors.
“Our supplier strategy makes it easier to operate with a small internal team made up of a few specialists with wide knowledge within limited areas and technologies. In addition to this, we experience a closer collaboration with the security suppliers that we have chosen. In this connection, we have used Conscia as security advisors throughout. They have helped us determine which security tools were needed and have also aided in implementing them and getting the best possible utilization. Conscia has become an important part of our security work – especially when it comes to Cisco technology,” says Mike Twigg and closes:
“In my team, we have a highly knowledgeable and skilled Cisco technician. It really helps him – and us – that he has access to Concia’s experts. They are at his skill level and can help discuss, for instance, future focus areas.”
About Coloplast
Coloplast is a listed Danish company that markets and sells nursing supplies. Coloplast is a global company with more than 14,500 employees.