THANK YOU FOR SUBSCRIBING
The Quintessential Technology Source for Corporate Financial Professionals
CFO Tech Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from CFO Tech Outlook
Olegario Prieto, Chief Information Security Officer and Head of IT Operations, Bupa Global Latin AmericaDuring the course of more than 25 years of my professional career I have been able to learn about and live the process of corporate globalization, by participating in the evolution of Colombian companies during acquisitions by multinationals, in one of the “Big-Four” (1997-2007), then for 9 years in one of the three largest breweries in the world in the Latin American region (2007-2016) and currently with Bupa , an international healthcare company serving over 38 million customers worldwide.
The common theme throughout these years is the challenge of consolidating, unifying and/or modernizing the technological platforms as a result of these mergers in order to enable and support multinational operations, providing competitive advantage by evolving and adopting new technologies as well as leveraging information by optimizing the use of data as a fundamental component of any strategy focused on offering technology services to satisfy the needs of internal and external corporate customers.
In the world of information security and the proper technological control environment, these legacy systems have been and continue to be one of the great challenges to successfully carry out an efficient information security strategy. This is the experience that we want to share after successfully implementing and maintaining it in our business units BupaGlobal Latin America and Bupa Mexico.
The first big challenge was to break the barrier between IT areas (infrastructure, helpdesk, development, information security, innovation, digital, etc.) in order to define a joint transformation to facilitate the objective of all areas and allow us to evolve in the same direction. For those of us who have been working in the technological world for a long time, we know that these areas have goals that in several cases compete or get in the way of each other. With this in mind, we defined the priorities that would allow us to fulfill them as we’d evolve to achieve the best possible joint results. The journey began with the modernization of our main infrastructure, migrating from traditional servers to technology that would facilitate virtualization, so we decided to move all our main servers to “Hyperconverged Infrastructure”. The decision was to start a journey towards the adoption of new technologies to facilitate the implementation of the security strategy and lead us towards cloud adoption and, with that, artificial intelligence tools, SaaS, IaaS, and PaaS solutions. The journey continued with the migration from Microsoft on-premises solutions to O365 cloud.
"Experience has confirmed to me that the adoption of frameworks is the best way to measure evolution"
Experience has confirmed to me that the adoption of frameworks is the best way to measure evolution and that is why we adopted the NIST Cybersecurity framework as a guide for IT security. After the implementation of these two major changes, we managed to move from a maturity level of 1.5 to 3.2 on a scale of 1 to 5. To ensure an independent view, we assigned this assessment to one of the Big-Four.
This strong result was achieved in the first 12 months of implementing the strategy during which, in parallel, we implemented the IT governance elements that allowed us to guarantee the sustainability of the changes to make sure the business would maintain this process of continuous improvement. After the initial 12 months, we started implementing another lesson learned during these years of my career: maximizing the use of IT solutions. In my experience the use rarely exceeds 60% of the capacity brought by the solutions, so we decided to focus the information security strategy to get the most out of our Microsoft licenses by migrating the different solutions to the capabilities offered in the field of security and protection such as: EPP , DLP , WAF , SIEM and other capabilities that allow us to take advantage of the integration in the use of MS solutions of more than 80% of the licensing capabilities.
The journey continues and we are still overcoming one of the big challenges which is the evolution and transformation of our applications layer. This component in the healthcare industry has many solutions developed internally and with it comes the challenge to find the right balance between SaaS type applications or software houses or develop new features internally.
This last stage of the strategy would not be possible if the previous ones had not been completed allowing us to reach our goal to implement the transition to the cloud of over 80% and thus minimize the probability of becoming obsolete and, therefore,to enable the company to adopt and use new technologies with expanded use of data as a multinational company with presence in multiple countries.
Finally, I’d like to share the indicators that have allowed us to measure the evolution in this process and with which we ensure sustainability: a. % virtualization, b. NIST Maturity Level, c. % Cloud Adoption, d. % Use of applications, these are the most important at a high level.
Read Also
