UBS

In an average month, employees of the multinational financial services provider, UBS, receive more than 130 million emails in total. A good 70 percent of these, i.e. more than 90 million emails, are spam and thus undesired. Along with his team, Markus Lickert, the Managing Director and Head of End User Services at UBS, is globally responsible for ensuring that the wheat is well and truly separated from the chaff.

Mr. Lickert, you and your team at UBS are responsible for end user services worldwide. What exactly does that entail?
Markus Lickert: We make sure that the roughly 90,000 users of the UBS Group's IT infrastructure in over 55 countries around the world are able to work productively while also complying with the technological parameters defined by the Group.

Our team has a broad portfolio that includes delivering the strategy, implementation and support for all technologies needed by users within the bank in their day-to-day work. These range from the end user devices with their various operating systems, to applications in the area of unified communications and collaboration, right through to printers and the necessary infrastructure, such as video conferencing in meeting rooms.

How many end user devices are we talking about at UBS globally?
There are more than 100,000 desktop PCs and laptops currently in use. On top of which there are more than 30,000 mobile devices — at present mainly company BlackBerrys, but increasingly also «bring your own» iOS end user devices.

How has the use of IT within the bank developed in recent years?
It's fair to say that the users are much more savvy in handling technology today than they were a few years ago. They know what the technology enables them to do, appreciate the possibilities and make active use of them. That naturally makes our job a lot easier, as users are already used to working with the tools that we offer them. But at the same time it also makes our job that bit harder.

What do you mean?
Users have massive expectations of IT within the company because they compare the infrastructure available to them at the office with their setup at home. That's entirely understandable, but not quite fair when you consider the additional challenges we need to face in a business environment.

Are you referring to the regulatory framework?
Partly, but not just that. First and foremost it's a case of being true to our own principles. For example, UBS demands the highest standards of reliability and confidentiality. Satisfying these in the global day-to-day business environment is a demanding task for IT.

Let us take a closer look at reliability and confidentiality...
Reliability and confidentiality are key factors that underpin our business model. The workplace culture within a financial group is highly intellectual in nature and based on information which nowadays is practically only available digitally. If it is not possible to access some or all of this information, or if there are delays in accessing it, our ability to act is massively restricted.

When it comes to information security, UBS follows the highest professional standards to guarantee client confidentiality and to protect client data. That's why we invest a lot of time and energy in defining, implementing and controlling data security standards and processes that are supposed to prevent unauthorized persons from seeing, using, changing or destroying this information.

And the requirements of the supervisory authorities?
The regulatory requirements are highly complex and vary from country to country. However, in simple terms, we can say that the role of the regulators in the individual countries is to monitor that our activities are documented over several years and can be audited. This is another requirement that we naturally have to be sure to comply with IT-wise at all times.

To satisfy both our own requirements and the regulatory ones, within our technology environment the data systems on which client data is stored are strictly segregated physically and geographically. Only the employees with the corresponding authorization actually have access to them.

And how do you raise awareness of this topic among users?
We communicate the reasons for our setup and the defined processes transparently and comprehensibly, thus increasing understanding among users. We define our goal in relation to the users not in terms of «global happiness», but rather as «fit for purpose». In other words, we regularly ask users whether the technology available to them supports them in performing their tasks and achieving their performance objectives.

Your group is also globally responsible for email. What position does email occupy within the company?
Email is the most important form of communication in our firm — worldwide. The fact that we are distributed geographically across a number of different time zones makes the efficient exchange of information by email a matter of great significance for all users.

Email communication certainly has great advantages and is very simple for people to use. Nevertheless, we are naturally aware that this form of communication also entails risks. As we see it, for example, email has no absolutely formal status as a legal medium. In other words, we assume that an email may not even reach the recipient or — if it has been sent unencrypted — that it is not absolutely confidential.

Our Code of Conduct sets out how we communicate internally and externally by email. For example, we are not permitted to exchange client data through the email system without encrypting it and we should not disclose any client-related issues in our emails. But it's not just a matter of content: We sensitize employees to the fact that someone could be looking over their shoulder at the screen when they are writing an email or that they should not leave printouts of emails lying around on the printer.

In an average month, UBS employees receive more than 130 million emails in total. How do you ensure that you comply with all the requirements in this respect?
Here too, it's a question of strictly separating the data both geographically and physically and of having clear, country-specific rules governing user access.

How does that work exactly?
The architecture of our global model is organized so that there are physically segregated zones. For example, we make a distinction between a red zone and a green zone. These are the zones in which we have established the highest possible security standards.

Where are incoming emails filtered?
Emails are filtered before they are delivered to the user mailbox. This is a central function through which all unwanted emails, and also those infected with virus signatures, are eliminated and filtered out accordingly. We are talking about more than 70 percent spam. In an average month that equals just over 90 million emails.

How do you ensure that the distribution list is up to date?
Management of email user data is performed directly via our central Identity Management System, which is linked to our HR system. It also records who is based where geographically within the company, which functions individual users have, and what authorizations they need to do their job. This additionally serves to regulate the access rights to IT systems, data and information.

You have been using the email filtering services of Open Systems for over 18 months now. The verdict?
The services are highly reliable and stable and are ideally integrated into our email operations from a process point of view. We still have full control over the activities, enabling us to react really quickly if need be. From an operations viewpoint, I know from my colleagues that our 24x7 operational organization enjoys a lively exchange with the Open Systems Mission Control Center. I consider that a good sign.

In conceptual terms, we now have a strong foundation thanks to the Mission Control Email Shield. But it's in the nature of things that a service of this kind will continually go on developing. It's a «never ending story». That's why we join forces with the Security Engineers at Open Systems in constantly seeking to refine our filter methods and to introduce new processes and mechanisms so that we can improve our success rate — along with the user experience — even further. During this collaboration, we find the Security Engineers at Open Systems to be genuine partners, who are both highly competent and open to continuously optimizing the existing service.

The evaluation of the deployment of Mission Control Security Services took just under two years. What ultimately led to you using Open Systems?
It's important to understand that we had managed over several years to raise the workflows with the previous filter system, Postini, to a very high maturity level. When it became clear to us that we would need to replace it with a new solution, it was important to maintain or even improve the quality for the users. What's more, for the reasons previously mentioned regarding reliability and confidentiality and from a regulatory point of view, it was crucial that we find a Swiss-based solution.

Mission Control Security Services occupied a very good position in the quantitative evaluation catalogue right from the start. The second step was to get to know the company and its management better. We then spent several months monitoring how Open Systems is organized and how it moves in the market. In addition, we spoke with existing clients to find out how they use the services and what they think of them.

These deliberations and references convinced us: Open Systems is a sound partner, with a profound understanding and mastery of the business, and which — as a Swiss company — is naturally also conscientious and has the culture required to do a top quality job.


Swiss Re

When it comes to company global networking, the Switzerland-based reinsurer Swiss Re relies on security and availability. That's why Risto Wieland, Director IT, and his Infrastructure Team only implement solutions that make sense from both the operational and security points of view.

Mr. Wieland, IT security is no doubt right at the top of the priority list for a global reinsurer.
Risto Wieland: That's certainly the case. Swiss Re has very high expectations in this regard. Our company stands for stability and quality throughout the world. So we need to prioritize security and availability.

Which helps explain why IT security is anchored not only in our processes but also in our corporate culture. Swiss Re creates an awareness of IT security among new employees, followed up with special training, and the topic is also firmly established in our continuing professional development program.

How do you believe this topic changed over the years?
The internet has completely changed everything — both in terms of the way we work and the nature of the threats to the company.

These days, no company can afford not to be permanently connected to the internet. Companies need to be globally connected over the internet like we, people, need air to breathe. Not only as a means of communication, but increasingly also because business- critical applications and data are used on the internet.

You mentioned the change in the nature of the threats. Can you go into more detail?
Security remains a really big issue. In general, it is reasonable to assume that at least one third of the attacks on an organization or company are carried out through the browser.

But a threat can also arise if the existing network infrastructure is not designed to cope with heavy internet usage. This results in the fast-expanding data traffic clogging up the proxy infrastructure and, in the worst case, the performance of the business-critical applications is then massively reduced. A further critical point is the user experience when accessing data on the internet, be it on a website or an application used from the browser. If full performance is not provided here, productivity declines while employee dissatisfaction increases.

So the challenge is to bring the internet closer to the users again without having to compromise on security or monitoring.

You and your colleagues from Operations have spent the last few months addressing these challenges together with the Information Security Team, and optimized the Swiss Re network for internet usage. What can you tell us about the project?
Data traffic in our network increased massively, of course, due to the use of social media and multimedia channels like YouTube. Our users employ these tools at the workplace for both private and work reasons — it's hard to draw a clear line between the two these days. But usage became so intense and traffic so heavy that the performance of business-critical applications was affected.

With the rollout of video-conferencing and document sharing, coupled with the shift of applications to the cloud, the user dissatisfaction was further intensified due to the slow internet access. The users became impatient when they had to access applications or tried to surf the web. They compared the performance at the workplace with their private connection at home. Someone in Sydney wanting to view a local weather page and having to wait 10 seconds before it appeared was quite rightly annoyed.

So the pressure came straight from the business?
Yes, and the criticism was completely justified, because our network was quite simply no longer fit for its purpose, given the heavy internet usage. Out of security and cost considerations over the years, we had reduced access points to the internet for our 60 or so worldwide locations, first to seven, and then to just two: Zurich for Europe and Asia, and Armonk (NY/USA) for North and South America. We wanted to fundamentally rethink this concept, but could not afford to compromise security in any way.

In the meantime, our proxy infrastructure was becoming increasingly troublesome. The old platform had definitely reached the end of its life cycle. There were interruptions and we had to keep rebooting the system overnight in order to release storage capacity. It became ever clearer that we were heading towards an operational risk. Nonetheless, it was difficult for us to find a solution that made sense from both the operational and security points of view.

That sounds like a lively debate between operations and security. Who is responsible for implementing these things in the company?
In organizational terms, the setup at Swiss Re is so that the Infrastructure Team is responsible for designing and ensuring the smooth running of the networks, telephony and video platforms. The task of ensuring and overseeing security is, of course, also integrated in this operational responsibility. A central function in this regard is performed by our internal Product Delivery Team, which coordinates and oversees the cooperation with external partners.

Our colleagues from the Information Security Team define the security guidelines. The team is attached organizationally to the risk management function, which ensures its independence from IT in terms of reporting lines. The Information Security Team is also responsible for sampling compliance — meaning that they monitor our checks on compliance with the security guidelines.

That sounds like a clean separation of execution and supervision.
Yes, in our case it's even twofold supervision. I think that this has to be practiced in the global setting of today, even though certain conflicts of interest between operations and security do sometimes hinder the internal discussion somewhat and delay solutions.

But we deliberately have this discussion because it ensures that we do not make decisions solely from the operational point of view. Although that would partly be easier, it would not always be safe. So we're pretty happy that we have tough but competent partners in the Information Security Team for whom security has top priority.

What happened then?
From the operational point of view, we wanted to set about the life-cycle management of the proxy infrastructure as quickly as possible. Together with the existing network provider, we took a look at various options — including in the cloud — but these options were out of the question as far as the Information Security Team was concerned. In addition, we were certain that we did not want to set up a separate new proxy infrastructure for either operational or security reasons, either at the head office or at the individual locations.

The Information Security Team wanted to be certain that all of their requirements were met. They would have preferred to test all the options before a decision was taken, but there wasn't enough time to do so from the operational perspective.

And how did you decide on Mission Control Security Services?
We already had a cooperation arrangement in place with Open Systems and used the Mission Control Security Services to protect our central applications. When chatting with a member of the management team at Open Systems, I mentioned our problems and our expectations in terms of operations and security. After that, things started happening very quickly...

And was everyone happy with the solution?
Yes, partly because the pressure from the business kept on growing. Shortly before Christmas 2012, we had a workshop at Open Systems with the whole project team. The solution they presented featuring the proxy service managed by Mission Control impressed all of us. It already became evident during the meeting that we could stand firmly behind this solution.

The design for the Zurich location was then completed in two days. After a further eight days, everything was installed, commissioned and tested. I have never experienced anything like it in my 20 years in the industry. This gave me great confidence that we would get to grips with our proxy problem quickly and efficiently.

How did you set about migration?
The first step involved migrating the locations in and around Zurich. Out of business contingency considerations, we opted for a flexible migration path instead of a big bang. So we carried out migration to the new Mission Control security solution building by building, step by step. This had the big advantage that we could reverse changes at any time and without any major impact on operations. Unfortunately, this made migration somewhat more long-winded, mainly due to the countless special applications we deploy. Most of these applications and services are located on the internet and are protected by static IP filters. So we first had to deactivate these before updating them with the IP addresses of the new Mission Control security solution.

In a second step, we migrated the location at Armonk, USA. Thanks to the lessons learned from our Zurich location, this naturally went much faster. And we started work on the regional internet breakouts at the same time.

How are these spread geographically?
We now have regional internet breakouts in Australia, China, India, Switzerland, Brazil and South Africa, as well as on the east and west coasts of the United States. The users can surf the web through these locations. In terms of access to applications, we will end up with traffic engineering in the medium to long term, because access is more efficient or more reliable for certain applications via a different breakout. Even though we have no intention of allowing dozens of exceptions, it is worth taking a close look at the critical applications to see from where and to where access occurs.

How satisfied are you with the Mission Control Services?
From the operational point of view, the Mission Control Security Services are very good. The Information Security Team was also fully won over by the operating organization, the technology employed and the Mission Control Portal with the clear division of roles and competencies, and the complete transparency and auditability.

Interestingly, we had quite different expectations with regard to the internal workload. We continue to rely upon internal specialists who carry out a pre-qualification of the incident tickets and change requests before passing them on to Mission Control Operations. We would actually have liked this to be taken over completely by the Mission Control engineers.

Do you think that you are now ready for further development?
I'm certain we are, because we now have a platform that is highly resilient as well as flexible and scalable. This means that in the future we'll also be able to meet growing demands in areas like unified communication and collaboration. We are increasingly employing cloud solutions (SaaS, PaaS, IaaS), video-conferencing and tools like MS Lync. This will likewise mean an increase in the necessary bandwidth.

I am personally convinced that the managed services model will become even more important for companies like Swiss Re: where the internal specialists can concentrate on the core processes and interaction with the business side. We need to identify the business requirements at an early stage in order to draw up and implement solutions promptly. We should simply not waste any time bothering ourselves with hardware or software.


Marquardt

The German company Marquardt GmbH, a manufacturer of electro-mechanical and electronic switches and switching systems, is boosting its flexibility and efficiency with a combination of MPLS network and broadband internet. That its costs are decreasing at the same time is a very welcome side effect.

Mr. Scholl, Marquardt GmbH has grown fast around the world, which also had an impact on your IT. Can you describe the starting point?
Florian Scholl: For several years now, our company has maintained branches abroad that are connected to the head office in Rietheim via an MPLS network. Alongside a second location in Germany, we had branches in the United States, China, France, Tunisia, Romania and Switzerland.

Then as we added locations that were less developed, we quickly realized that our concept was not suitable for our global expansion plans.

Can you give us some details?
It all began in the summer of 2012 when we wanted to connect our new location in Mexico to the network. Instead of the customary 6 Mbit/s or higher, we had to make do with a 2 Mbit/s line. This was also considerably more expensive than what we were used to, compared with the other locations. What made things worse was that we had to wait a long time for those lines. We felt that the room for maneuver was rather limited.

And how did things continue?
The location in India was connected at the end of 2012. Once again we faced the same problem. The delivery period for one line out there was six to nine months. And as far as we were concerned, the costs were horrendously high. So we realized that we needed to find a way of connecting locations faster, more flexibly and more cost-effectively.

What happened next?
We looked at alternatives to our MPLS network, which brought us into discussion with Open Systems. The concept of the hybrid WAN appeared really interesting to us and the services were worth considering. Based on the talks with Open Systems, we then decided to go in this direction and evaluate various possible partners.

Open Systems evidently won you over?
Yes, the decision to go with Open Systems was pretty clear in the end. But the final choice was preceded by a very intensive phase during which we put the various companies «under the microscope», as far as was possible. Our electro-mechanical and electronic switches and switching systems are the key components in our customers' products. The automotive industry in particular, for which we develop and produce driver authorization systems, attaches great importance to reliability and discretion. This means that matters such as security and availability are extremely important to us and critical when it comes to collaborating with our external partners. So besides technical and operating competence, we had to look into one thing above all else: do we have confidence in the employees of Open Systems?

And how did you do that?
In addition to the references from existing customers, face-to-face meetings with the team from Open Systems were very important for us. In the reference sessions, we found it extremely helpful to be in a position to ask companies from Germany that are similar to us in terms of size, global footprint and quality requirements about their experience in working with Mission Control.

What were the most important factors in your decision?
Apart from the confidence in the team, certainly the professionalism of the services, the promised speed of implementation and the reduction of complexity.

What complexity do you mean?
Both the technical and operating complexity. Technically, numerous mechanisms were in place between our users and the internet - firewalls, proxy servers and WAN optimization solutions — different devices from various manufacturers. Which makes troubleshooting extremely time-consuming. With Open Systems, we have the same functionality from a single source. On the operational side, we were able to delegate operations and 24x7 monitoring to Mission Control, allowing us to gradually free up capacity for the projects that came up short in the past.

Turning now to the cost: Does the whole thing pay off?
Absolutely. The hybrid WAN helps us reduce costs by a good 20 percent compared with a pure MPLS network. As a Swabian company in the automotive industry, we are very cost sensitive and are always trying to optimize. Every last penny is important to us in development and production. So the IT department also has to set standards here and make sensible use of its budgets. Even though cost cutting was not the main point of this project for us, the savings are, of course, a really positive factor.

From the financial viewpoint, the clear cost transparency of the services is just as valuable. This makes budgeting simple and binding. The annual fee for the selected services is fixed. There are no expensive surprises. I've even completely eliminated the technology risk by collaborating with Open Systems.

How did you actually calculate the potential savings?
We used conventional full cost accounting, which meant adding all expenses for operating, expanding and replacing the individual systems to the cost of hardware and software, and their maintenance at our locations. That yielded a tidy sum. Added to this were the savings that we achieved by reducing the MPLS lines.

So you decided against an MPLS network?
No, we opted for a hybrid WAN under which we combine MPLS with highly efficient yet cost-effective internet lines. The best of both worlds, you might say.

What advantages does this bring, in your opinion?
The internet lines give us more bandwidth at lower cost. What's more, we are very flexible in the choice of provider and much faster at connecting locations. The advantages of the MPLS lines remain the same: clearly defined bandwidths with clearly defined availability. For instance, we'll certainly use SAP worldwide via MPLS in the future.

In the first phase we plan to define the internet line as the primary line and the MPLS network as a backup. But with the help of policy-based routing, for the next few years we will have complete freedom to decide over which medium we will route our traffic. This will enable us to deploy our hybrid network exactly in line with our needs.

How did you evaluate the internet providers at the various locations?
This know-how came from our local system administrators. They were involved in the project right from the start. They were tasked with selecting what they thought was the best partner with the right offering at the best price. By applying their experience, they helped make the project a success.

How has the cooperation with Open Systems evolved?
Right now, we're in the middle of implementing the new concept and are very satisfied with the cooperation. We've connected seven locations in nine months. There is absolutely no comparison with the time that would have been required if we had tried to do it with a different partner. The services are running very reliably and the ticket times are excellent. I really don't know what I could complain about...


Tecan

If you're standing still, you're falling behind, says Marc Ehinger, Head Global Infrastructure at Tecan. This conviction led him and his team to set about optimizing the existing IT infrastructure at the laboratory technology manufacturer. The result: higher availability, greater flexibility and improved business continuity.

Mr. Ehinger, what was the prime motivation in your decision to change the existing IT setup?
Marc Ehinger: As the IT department, we have to be flexible so that we can respond swiftly and yet sustainably to the constantly changing needs of the business. Standing still is not an option, because with the dynamic market conditions we face, standing still means falling behind. That is why I am convinced that it's necessary to adapt the existing infrastructure continually. But we also had several components that we wanted to eliminate in view of the potential risk they posed.

Could you first tell us something about the business needs you referred to?
In business, the main focus is on availability, speed, flexibility and performance. Are our applications globally available? How quickly can we make new services available to the users? How flexible are we in connecting new locations? How can we integrate external parties into our network for specific projects? How do we deal with services such as VOIP, videoconferencing and collaboration software, which demand ever-greater bandwidths? And how do we ensure that the user experience is good at all locations?

And where did you identify the potential risk?
Many of our IT services were provided directly from our headquarters in Männedorf. Although the site had redundant network access, it was a setup that, of course, concealed certain risks. In addition, there were unresolved issues with regard to data storage and backups, as well as in the recovery of data and applications after a system failure.

What concrete measures did you take?
Our primary aim was to decouple the central WAN services and other critical services from our infrastructure in Männedorf and migrate them to two external data centers. At the same time, we took advantage of this opportunity to analyze which services were needed where, how they could be operated across the time zones, and who was responsible for support. After that, all we had to do was to convince management of the suitability of our concept.

Which you obviously succeeded in doing...
Yes, because our conceptual work was based on a detailed analysis of the existing situation with a precise risk profile. I think there were two arguments in particular that won over the management: firstly, the reduced risk and improved business continuity promised by the proposed changes to the Männedorf location. And secondly, the future-oriented configuration of two independently operating and geographically separate data centers, that enabled us to cater better to the requirements of the business and press ahead with standardizations.

Standardization seems to be an important factor. Why?
Our concept is based on working with a modular «toolbox» of standard solutions. This allows us to respond to the needs of the business without having to implement a proprietary solution every time. If you don't use standard tools, you're always stressed out.

Does it make you more flexible too?
Definitely. Having standard modules in our toolbox gives us more flexibility. One benefit is that we can respond to concrete business queries by making something available to users quickly and cost-effectively. Put simply, standard solutions only need downloading — there's no longer any building to do first. Another aspect is that this kind of toolbox also helps us over a longer term in the strategic development of our IT, because we are flexible on all sides to respond to future developments.

How did you proceed with the implementation?
Within just three months we reduced our dependency on the Männedorf location and rebuilt our main infrastructure in the two mirrored data centers, each of which is connected to the network via two redundant ISPs. Thanks to the BGP service (Border Gateway Protocol) we retain our public IP address and DNS even if we switch providers. For quality reasons, locations in the Asian region are connected through an MPLS; all other locations are linked by VPN. Locations with high availability requirements have redundant connections.

You mention networks. Were the networks also part of the project?
Of course: a step of this nature cannot be considered in isolation. Fortunately our cooperation with Mission Control gives us great flexibility in how we structure our network. The new data centers were linked up very quickly. And none of the other changes that we had to make to the network cost us any great effort either.

You've had a multiprovider network with a single point of contact for quite some time. How has your experience of this been?
The multiprovider approach is an important instrument for us in terms of flexibility. It allows us to work with competitively priced local ISPs. Locally, we don't aspire to having the ISP with the highest availability. If we need higher availability at any one site, we set up a redundant connection via a second ISP. Our experience has shown very definitely that we can get better prices by working with individual local ISPs than if we do everything through a single global provider. We also anticipate that this will give us a time advantage, because with projects we can start off by conducting the relevant talks with the local ISPs and we know that they can provide a local connection right away.

All locations have local breakouts to the internet...
Yes, that's important to us. We are currently in the process of ensuring that we are compliant with the local requirements in all markets. Here secure internet access plays an important role. Take China, for example, where a local gateway ensures that the Chinese staff comply with the guidelines of the authorities. The possibility of surfing locally has other positive aspects too. It lets us shorten the distance to certain services, optimizes our capacity utilization and enhances the user experience.

Tecan has been relying on Mission Control Security Services since 2005. How has the collaboration been for you?
In addition to the Mission Control Security Services with 24x7 support, we also use Open Systems as an independent single point of contact for our multiprovider network. We depend on partners like Open Systems because they offer us the necessary flexibility and scalability. Open Systems reduces the complexity of a technically very sophisticated task to a minimum.

For me personally, our collaboration with the Security Engineers from Open Systems is ideal at all levels. For conceptual and strategic questions, I can tap into their sound expertise and long years of experience. When it comes to operating the services, I have found Mission Control to be a dependable and solution-oriented unit. And with them as a single point of contact, I benefit from their organizational skills and in-depth knowledge of the ISP landscape in each country. Doubtless another crucial factor for me is that I have great confidence in the skills of the people at Open Systems and the «chemistry» is right between us. At the end of the day, it also simply needs to be fun to work together.


Swiss Post

Swiss Post is famous for transporting information and goods quickly, reliably, and safely — and not just in Switzerland. Swiss Post now has commercial operations in over 20 countries worldwide. Erich Joss, Head of Network Services, and his team deliver the requisite global network infrastructure, which fully lives up to the company's reputation.

Swiss Post is also very active abroad. How have you organized your networks in this regard?
Erich Joss: We connect the international facilities to our network in line with the needs and mandates of the various corporate divisions. The planning of new facilities is often tricky and very time consuming due to the things that have to be clarified locally. What's more, the connections often have to be up and running very quickly and with high quality. To meet these requirements, we've established a standardized process that makes it possible for us to integrate international facilities into our network efficiently and flexibly pretty much at the push of a button.

The demands placed on Swiss Post's infrastructure seem very high...
They certainly are, and understandably so. Swiss Post enjoys an excellent reputation. It is fast, reliable, and secure, protecting the confidentiality of the information and goods that it transports. It is no longer possible to separate the physical mail from the digital mail. Automation is so far advanced that we face the same requirements on the digital side as with physical mail. To deliver the best possible quality, we have to ensure that we are always at the cutting edge in terms of technology. Of course this also holds true for our processes, which we review constantly to ensure they remain efficient and flexible.

Flexible, fast and high quality... that sounds like a major challenge.
It certainly is. As we had already seen what can happen when connecting facilities abroad, we pretty soon came to the conclusion that we could best meet these requirements by collaborating with specialist external service providers.

What happened when you tried to set up the connections internally?
Even though we have a lot of in-house expertise in the field of networks, the time and effort required to secure the targeted quality for the process around the clock was simply too much. In particular, it proved difficult for us to select the local providers because we had to gain the local know-how afresh every single time. This was also one of the main reasons why we practically had to reinvent the wheel whenever we wanted to hook up a facility.

When you were looking for a suitable partner, you issued a public request for bids. What evaluation criteria did you use?
We evaluated globally active service providers who offered high implementation speed, cost-effective facility connections, and a process-oriented 24x7 operation in addition to the required network security expertise. Furthermore, we needed to absolutely ensure that we had end-to-end control over the network connection at all times.

In the end, you decided in favor of Mission Control Security Services. How satisfied are you?
With Mission Control Security Services, we get everything we need: a high level of expertise, clearly defined processes, an efficient 24x7 organization, and provider-management support at the facilities. And all this at transparent, globally applicable prices.

And how does this work in everyday operations?
To be honest, I'm really surprised how professionally Open Systems performs the service. The pilot project in Vietnam already impressed me mightily. What I most appreciate are the 24x7 monitoring and the flexibility with which monitoring is linked with our control processes based on the ITIL standard. Mission Control is integrated smoothly in our processes in everyday operations.

You like to emphasize the importance of the service level agreement (SLA) which governs in detail the scope of the Mission Control Security Services provided. Can you briefly explain why?
The SLA makes services measurable and enables us to apply very precise quality controls when working with our partners. As a service center within the Swiss Post Group, our internal customers measure us by SLAs. The transparency in terms of performance enables the divisions to not only track the quality but also to see whether we are offering our services at competitive market prices. For this reason, I believe a good SLA forms the right foundation for a long-term partnership: you always know exactly what you can expect from your partner.


SPIEGEL Group

The Hamburg-based SPIEGEL Group has been working with Open Systems for 19 years. For Karsten Hoffmann, Network Manager, there is a simple reason for this.

DER SPIEGEL is famous for reliability. The magazine has been published every week without interruption since 1947. To what extent does IT deserve some of the credit?
Karsten Hoffmann: The reliability of DER SPIEGEL can be attributed primarily to the work of the editorial team, who put in a top journalistic performance every single week. Then again, we believe that simply publishing is not enough — reliability goes further than that. We consider it a priority for the content of DER SPIEGEL to be based on facts that are correct and well researched. All of that would be a tad harder today without IT...

That's putting it mildly...
As a media organization, we certainly have very high expectations when it comes to IT, and especially our networks. We are a 24x7 operation with offices in 24 countries. Without networked infrastructure that guarantees access to critical systems around the clock, that wouldn't work so well, would it? What's more, the quality standards that we aspire to in our journalistic and commercial work are just as applicable to IT. In other words, we have the ambition to have a thoroughly reliable and secure network.

Over the years, DER SPIEGEL has evolved into the SPIEGEL Group, which is now a multimedia conglomerate with some 1,500 employees. How has your work changed?
In terms of the network, it certainly matters that we've expanded the content that we produce. Today we work in a multimedia environment. Text and photos are supplemented by moving images, videos, and online content. The volume of data involved — and hence also the bandwidths required — is huge. What's more, the entire organization works on this content in a very dynamic manner, which means that temporary access to the network must be facilitated for individuals or partner companies working on specific tasks or projects. This already needs to be taken into account when designing the networks these days.
There has also been a change in terms of the risks a company faces if it uses the Internet to communicate and exchange data. Furthermore, we are heavily exposed with our online offerings and need the certainty that we can maintain our offering around the clock in this context as well. All of this is a genuine challenge for us, as one important point has not changed in the slightest since our organization was established...

And that is?
We are, and will remain, a midsized company. In other words, both our human and our financial resources are clearly limited, which means that we have to rely all the more on efficient and economically viable structures and workflows.

What does that actually mean for your IT organization?
Our in-house team consists for the most part of generalists who are responsible for several areas. We manage processes and monitor quality. Alongside our day-to-day operations, this represents our main strategic task. We supplement our in-house team with external specialists to implement specific fields. For the past 19 years, for instance, we have been working with Open Systems in the field of network availability and IT security — we have relied upon Mission Control Security Services from the very start.

That is an unusually long time for the IT industry. How did the relationship come about?
The SPIEGEL Group recognized the possibilities of using the Internet for its data network at an early stage. At that time — back at the beginning of the nineties — there were only a few players in Germany with the relevant know-how. While working with the University of Dortmund back then, we found a suitable ISP who recommended Open Systems to us. And we've been working together successfully since 1992.

What do you feel makes Open Systems stand out?
For me, Mission Control, as Open Systems' operating and monitoring organization, is the decisive factor. Anyone who has experience with organizations like that knows how competence and speed are crucial. With Mission Control, I get both in a form that I consider unique. Competence is delivered by the security engineers and their focus on the subjects of security and availability. Speed — especially in terms of response times — is ensured by clear processes, direct communications, and — this is where the human factor again plays a key role — the commitment of the individual people. Mission Control understands our business and knows our needs. I find it really hard to imagine working with a different organization.


Sika

To reduce complexity and risk and simultaneously boost the quality of network integration — those are the goals of Sika's new network and security concept. Kurt Scherer, CIO of the Sika Group, shares some background insights.

You and your team are in charge of the strategic upgrading of the global IT network of the Sika Group. What are the reasons for the upgrade?
Kurt Scherer: The new WAN (Wide Area Network) is a major factor in assuring the future success of the Sika Group. It links up 10,000 employees at more than 300 locations in over 70 countries.

What are you aiming to achieve with the new design?
With the new WAN we will reduce complexity and risk while simultaneously boosting the quality of global network integration. We will achieve that practically above all through two specific points: first, we have a new single point of contact for the operation, security and management of the global WAN. And second, we have defined performance levels for the bandwidth and availability of the networks, which will be guaranteed in future to all Sika Group companies.

What concrete benefit will the new WAN bring for the companies?
Sika is a global group of companies that are firmly anchored in their local markets and take a very entrepreneurial business approach. With the new WAN, the companies will be in a position to work together even more efficiently as the situation demands or in the context of specific projects, and respond flexibly to market opportunities. In the area of logistics, for instance, many Group companies make use of regional synergies, which gives them advantages over other market players. The new WAN will also put us in a position to provide all Group companies with new technologies and application solutions such as unified communications.

That is the key issue and motivation behind the strategic upgrading of the WAN: the business — our Group companies, that is — will draw tangible benefit from it.

What is new is that Open Systems is to assume the role of single point of contact and with it the responsibility for the running, security and management of the global WAN. What made you decide to go with Open Systems?
Open Systems won us over with both their concept and offer. Open Systems has the necessary technological expertise and the necessary quality of service, as well as a sound understanding of our global business; plus, being independent, they are in a position to act as a single point of contact to monitor and manage our providers globally on our behalf.

How exactly will the implementation be carried out?
As already mentioned, Open Systems is to act as the hub for all activities on the new WAN. For the running of the network infrastructure in this project, Open Systems will work in close cooperation with the Japanese telecommunications company NTT Communications. NTT Communications operates an excellent global network infrastructure, especially in our key growth markets IMEA (India, Middle East and Africa) and Asia/Pacific. Network security is assured by the Mission Control Security Services, and the monitoring of security and availability is performed via the Mission Control Operations Centers in Zurich and Sydney, Australia.

Having relied on the Mission Control Security Services since 2003, we know the organization and the quality of the services very well. With the upgrading of our WAN, the partnership with Open Systems is also set to increase in significance for Sika.

Over the past few years Sika has been developing very positively and is also aiming for massive growth in the future. How does the network and security design provide for the requirements of these future prospects?
As I see it, our network is the technological foundation of the future growth of Sika. We have set ourselves the goal of radically increasing our sales in the next few years. That we will achieve through internal and external growth. The scalability of the Mission Control Services plays a decisive role here: on the one hand, both the security services and the WAN management will grow in step with our needs. And on the other hand, thanks to the support of Mission Control, we will be in a position to act very quickly and incorporate new units in our network.

You mentioned WAN management. Can you comment briefly on how exactly Sika plans to use this service?
WAN management plays an important role in our endeavor to reduce complexity. We now have a single point of contact, both during the upgrade and subsequently in daily operations. During the upgrading phase, WAN management assumes the responsibility for the migration of the old topology into the new structures. Because Mission Control is provider-independent, that makes it very much easier to integrate existing connections of all kinds in the new network. Later on in normal operations that will also enhance our flexibility substantially, as we will be in a position to optimize or, in the case of partnerships or acquisitions, to add to our provider mix in any situation and on the spur of the moment.

Thanks to WAN management we already have an independent organization that manages the global providers and monitors their performance on our behalf. Interactions and escalations with the providers are managed centrally by a single unit, which boosts efficiency considerably.


Partners Group

Moritz Elmiger, Head of Technology and Infrastructure at Partners Group, the global private markets asset management specialist, is convinced that secure, reliable IT networks reinforce a company's reputation and can help to strengthen its brand.

Mr. Elmiger, your team is responsible for the global IT networks at Partners Group. What is your opinion on developments in the field of IT security in recent years?
Moritz Elmiger: IT security has long been a key issue for the financial industry. But more recently I have been getting the distinct impression that the securing of networks is gaining much more relevance in other sectors too. The reasons for that are changes in the underlying conditions in which global companies operate today: with the expansion of internal and external networks, companies have become increasingly infrastructure-dependent; also the technologies deployed have become more complex and the outside threat scenario is different from what it was. In the early days, an attacker was motivated primarily by the technical challenge. Nowadays attacks are mostly financially motivated. It's clear: no professional company today can afford not to treat IT security as a priority.

Can you explain in a little more detail why IT security is such a key issue for the Partners Group? After all, you are neither a bank in the classical sense, nor are you directly involved in the stock market.
IT security means for us not only that our data and mission-critical applications are protected from unauthorized access. It is just as important that our data and applications are accessible by authorized users via reliable and trustworthy connections at all times and from anywhere. Only then can it be guaranteed that our staff, customers and partners are able to work with the information they need — around the globe, around the clock. If you ask me, this should be goal of every international company, regardless of the sector. But running a secure and reliable network also includes making provisions in the areas of disaster recovery and business continuity. In the present day and age, a trustworthy partner is expected to be prepared for emergency scenarios, so as to keep potential downtimes to a minimum.

Are you saying that IT security is critical to a company's credibility as a dependable partner?
No doubt about it. A secure, reliable IT infrastructure has a positive influence on a company's reputation and definitely helps strengthen the brand in the competitive environment. In fact, I observe that professionalism in IT is having an ever greater influence on the overall image of the company.

What do you mean by that?
Not only our employees but also our customers, partners and the regulatory authorities expect us to work in an absolutely professional and reliable manner with regard to our IT and communications infrastructure. Experience has shown that there is little tolerance for mistakes in this area: it can take years to build up a good brand and reputation, only for it to be severely damaged or even completely ruined by a single security failure. And if a glitch does occur, the way the company deals with it is absolutely crucial. In the early days, most efforts in the area of IT security were undertaken merely to comply with regulatory requirements. Today many companies are doing more than just meeting the standards set by the regulators. They have recognized the necessity of protecting their reputation — and with it their brand.

You say that people are not very tolerant of errors with regard to IT security. How does this manifest itself among your customers?
In our case it begins even before the actual start of any collaboration. Before a customer invests in our products and services, he goes over our company with a fine-toothed comb, as it were. This is called «due diligence», and is carried out by major independent auditors. The process appraises not only the range of products and services, but also whether a company is professionally managed in every respect. IT is a very important component of this audit. The Mission Control Security Services from Open Systems are known to the auditors and qualify absolutely as professional protection.

The Partners Group did not opt for Mission Control Security Services to start with. What was your situation like before you decided to collaborate with Open Systems?
We were pursuing the same concept, that is, we had been working with a partner in the area of security for quite some time. Then they underwent some restructuring, and certain products were not being developed further. We got the feeling that the service was stagnating, so we took another look around the market.

What was your first impression of Mission Control Security Services?
The switch to Mission Control Security Services was a real eye-opener for us! The quality of the services and of the flawless operation was everything we could have asked for. The changeover went without a hitch, and thanks to the transparent monitoring data that Mission Control supplies, we were also able to identify a few holes in our setup and close them very quickly.

That sounds interesting. Can you be a bit more specific?
The monitoring of ISPs, for example. The monitoring by Mission Control revealed that we were not getting the bandwidth specified in the Service Level Agreement. This meant we could confront the ISP with concrete numbers and insist on the performance we had agreed on — and paid for.

Which security services are you currently using?
We've implemented all services but one. That is the IDS Service, the Intrusion Detection System. We've now launched a pilot project and can't wait to see what insights we will gain through the service.


International Federation of Red Cross

The International Federation of Red Cross and Red Crescent Societies (IFRC) is the world's largest humanitarian organization, providing assistance without discrimination as to nationality, race, religious beliefs, class or political opinions.

Global communication required
The IFRC has its headquarters in Geneva and seven key regional centres, located in Senegal, Malaysia, Panama, South Africa, Kenya and Hungary. A regional hub in the Middle East is in the process of being finalized. The regional centres support both the National Societies, and the IFRC offices located where the humanitarian need is greatest. The IFRC pays particular attention to ensure that the donor funds it receives contribute to a consistently high service quality. The regional centres must be able to rely on secure communication to Geneva, but must also have cost effective access to National Societies and IFRC offices in their region.

The comprehensive network of National Societies, covering almost every country in the world, is the Federation's unique strength. The IFRC facilitates cooperation between the National Societies in order to increase their capacity for helping those in need. Consequently, for the IFRC, information exchange and effective communication is of paramount importance. A key requirement on the IFRC is to react and mobilize resources that can assist in any disaster. These resources can be local volunteers in the affected communities or international specialists mobilized from distant countries. The IFRC is able to coordinate communication at the community and international levels, and thus perform its vital work, only thanks to the use of new, innovative technologies. Hugh Peterken, Head of the Information Systems Department at the IFRC, expresses it briefly and precisely: «Communication is the key to coping with disasters. And in our case of course, communication must be possible worldwide.»

Complicated requirements
The IFRC operates under difficult conditions. The nature of its work frequently involves adverse physical environments. There are often challenges in securing the necessary technical experts. And yet the IFRC communications systems have to meet the requirements of today's applications and processes. Working under such circumstances means that IFRC's employees rely heavily on the security and accessibility of the global communication infrastructure. Systems failures mean more than merely lost revenues; they are often life and death situations for the affected populations. To meet these requirements, the systems are constantly tested and modernized. That also means that the infrastructure must be continually monitored and that rapid responses are possible round the clock. This is precisely what Mission Control Security Services from Open Systems offer.

Optimum cooperation
«We must introduce new technologies so that we can offer systems that are cost efficient, but at the same time that also take our special requirements into consideration in the particular areas where we are active», says Hugh Peterken, referring to the use of Mission Control Security Services. In collaboration with Open systems, the IFRC succeeds in meeting the operational and security requirements with limited personnel and constrained financial resources. The IFRC's IT team has placed its trust in Mission Control Operation Center's experts, who guarantee the necessary reactions and support round the clock, throughout the year. A centralized infrastructure in Geneva allows the IFRC to deliver services securely to its international centres, whenever necessary. Team members throughout the world are informed in real time about relevant events with regard to the security and accessibility of the entire infrastructure. The cooperation with Open Systems permits the IFRC to manage communications costs and, at the same time, guarantees that the quality and accessibility requirements of the communication network are fulfilled.

Security through diverse connections
Each of the regional locations is linked to the network via two connections, namely a local Internet access and an MPLS connection (Multiprotocol Label Switching). Redundant Mission Control Security Gateways guarantee permanent protection of the locations and direct the traffic to the appropriate link. Voice over IP and traffic to IFRC's Geneva data centre is routed directly via the MPLS connection. Internet browsing and access to non-IFRC applications is all directed over the local internet connection. If the MPLS connection fails, Open Systems' security gateways seamlessly redirect the data traffic via VPN to the Internet. According to Peterken, amongst other things, the system brings three major advantages to the IFRC. «Our IT specialists can concentrate on fulfilling employees' requirements and do not have to grapple with highly complex security and connection problems. In addition, the equipment in the seven centres is standardized, which reduces costs and effort. And what is probably the most important: In the end, we are in a position to offer our employees and volunteers those services they really need».

Go to top