With cyberattacks becoming increasingly professional, companies need to ensure optimum protection against illegal access for their critical infrastructures. This is exactly why Schmitz Cargobull opted for Microsoft’s security platform, the current market leader. In collaboration with IT partner dinext. pi-sec, the platform was rapidly integrated to ensure maximum data security and protection for customers and employees who are working from home.
Schmitz Cargobull (SCB) manufactures over 61,000 semi-trailers, trailers and truck bodies per year and, with 5,700 employees and an annual turnover of over EUR 1.8 billion, is a core company on the global transport and logistics market. SCB’s products are also used in the fight against the pandemic. They ensure the smooth transportation and uninterrupted refrigeration of raw materials and vaccines. In this key role, SCB is using state-of-the-art solutions to protect itself from cyberattacks.
It wasn’t just the internal IT infrastructure that the company addressed. Many companies were (or, indeed, still are) dependent on employees working from home (WFH) during the ongoing coronavirus crisis. For many of them, this was the only way to stay afloat. Schmitz Cargobull was already prepared for the spike in WFH arrangements: for years, it has been implementing a cloud-first strategy that allows rapid booting of virtual workstations in the cloud using Microsoft Azure and Windows Virtual Desktop.
But the use of WFH workstations won’t revert to pre-pandemic levels in future, especially as many companies are discovering that many employees can complete their tasks from home. This does, however, raise the question of security in remote working. ‘In recent months, we’ve certainly seen an increase in cyberattacks – and not just the volume,’ notes Michael Schöller, Head of IT and Infrastructure at SCB. ‘They’re also becoming increasingly professional.’ He believes that the key issue isn’t just ensuring greater security in WFH setups, but rather overall endpoint protection both inside and outside the company. This includes protection of customer data, such as sensitive telematics data exchanged between SCB and customers. ‘We need to be able to detect and eliminate malicious code as quickly as possible along the “kill chain” – what we might call an attack path,’ says Schöller.
The key challenge is retaining productivity while guaranteeing unrestricted availability of applications on the various COPE (corporate-owned, personally enabled) terminal devices such as laptops, smartphones and tablets outside perimeter protection (i.e. outside the company’s internal IT infrastructure). But with so many different external endpoints accessing SCB’s IT infrastructure, it’s impossible to monitor whether someone is uploading a Word document from the SCB cloud to their private Gmail account, for example. So how do you achieve a level of security outside the perimeter protection that’s comparable to the protection afforded inside the perimeter?
SCB introduced its perimeterless protection by adopting Microsoft’s E5. ‘The same level of protection is available to every employee, anywhere and at any time,’ explains Alexander Benoit, CEO of dinext. pi-sec GmbH. The company only works with Microsoft security solutions and has made a name for itself in the E5 environment in particular.
The E5 solution took around 70 days to integrate entirely. The challenge was not so much in the implementation process as in fine-tuning to the specifics of the organisational and procedural environment. ‘We were very impressed with how quick and agile SCB was,’ commented Benoit. The perimeterless security concept ultimately sets up a security operations (SecOps) process that breaks down existing mindset and activity silos. ‘A company has to be able to accept that, too,’ explains Benoit. ‘The reason we were able to set up E5 so quickly was dinext. pi-sec’s outstanding expertise and dynamism,’ adds Sebastian Langer, Application Management Project and Group Manager at SCB.
The E5 license will enable SCB to immediately identify when an identity is compromised, even outside the former perimeter. ‘SCB gets a very holistic picture for cyberattack protection,’ says Benoit. Threats are detected automatically according to set definitions. The process of cleaning up a compromised identity and the associated endpoints is automated too. ‘This allows us to keep up with the swift attack speeds and respond rapidly to cyberattacks,’ explains Sebastian Langer. This means that SCB doesn’t need to allocate the same kind of personnel and time to this process as less automated companies.
But ultimately, the primary benefit to the company is the increased level of security for all endpoints, regardless of their location – whether they’re in a WFH setup, on public WiFi or on the customer’s premises. By implementing this solution, Schmitz Cargobull is enabling its employees to work flexibly and is securing its position on the market as a reliable partner in the global transport and logistics industry in the long term.