Syngenta - January 2023

Syngenta's journey building out modern capabilities in cyber and cloud space

Syngenta's building capabilities and

Syngenta's journey building out modern capabilities in cyber and cloud space

Widely known as a leading science-based innovator in agritech, Syngenta needs very little introduction.

In addition to its multi-billion-dollar turnover and 30,000-strong workforce, the global company is known for its significant investment in the scientific side of the business, driving advances in agritech that help farmers meet global demands surrounding sustainability and growth. As such, Syngenta dedicates a whopping $1.3bn a year to R&D, regularly bringing new products to market; this dedication to identifying cutting-edge tech and practices has helped it maintain its lead in a competitive market.

Despite this, though, the 22-year-old organisation faces the same problems as any other large business when keeping up with tech and security advances in a constantly fluctuating environment – with the two being interdependent in certain areas like cloud security and therefore complex to maintain.

Syngenta's Global Head of Infrastructure and Cybersecurity, Vanja Vlaski, oversees the company's networks, included within which is cloud, as well as workplace technologies, the helpdesk, and overall cybersecurity.

“Infrastructure and security are at the base of any company today. Anything that goes wrong in any sub-department impacts every single employee and the company overall. As an example, having a data breach causes parts of our operations to stop, and that has an immediate financial impact. If some part of our cloud service is unavailable, key business applications don't work. That's a simplistic explanation of how important all these interdependent technologies are.”

The world of agriculture is, according to Vlaski, surprisingly fastpaced and forward-thinking in terms of cyber and technology, so it’s important that the same attitude is applied to the security of those.

“Nowadays, as you go on investing in infrastructure, you don’t take that static view any more; falling behind in capability, getting out of touch with latest technologies, developments and frameworks can have that direct, immediate impact all the way to where your sales and go-to-market strategies interface with your customer. This is as fast-changing a technology landscape as it is anywhere else.”

Syngenta's leaders in infrastructure, cybersecurity and cloud strategy share their fast-track transformation programme

Syngenta and cybersecurity

This, in a nutshell, is how the IT landscape looks from Vlaski's standpoint. To take a closer look at the threat levels, we can turn to Paul Carugati – he's Syngenta's Global Head of Information Security, or CISO.

“When we're talking about information and cybersecurity, it's all about risk management,” he asserts. “To my team and to all of our internal and external customers, I say that, essentially, the role we play is as facilitators of risk in every corner of the global business. We help them all to understand the level of cyber risk that's being incurred, to help to find what the risk 'appetite' is, and then implement the appropriate controls to effectively manage those risks.”

A business like Syngenta is very dynamic, he points out, so this is essential. “The

organisation is continually changing shape and that makes it difficult to pinpoint where it may become vulnerable, especially in the cybersecurity realm. We face constant technical and administrative threats that hinder the operation of the business. We have to not only understand the technology that is driving those threats, but also the people component.”

In addition to needing to raise awareness among stakeholders, Carugati likes to re-emphasise the basic fact that while technology can do quite a lot to keep a business secure, it’s less effective when lacking strong human collaboration. This is particularly true in cases where much of the threat – and, conversely, defence – stems from users, as at Syngenta.

SUBU IYER

TITLE: GLOBAL HEAD OF CLOUD SERVICES AND IT INTELLIGENT AUTOMATION

LOCATION: GREATER CHICAGO AREA

Subu Iyer is a seasoned executive who brings a holistic perspective to people leadership, technology strategy, and solution integration. A strong believer in the phrase “Think beyond the here and now” he is an expert in analyzing, incubating, productionalizing and evangelizing numerous emerging technologies like RPA, Chatbots, Hyper Automation solutions, Cloud Native services and API platforms within an Enterprise. Subu is an intelligent problem solver with an innate ability to leverage diverse perspectives to create winning solutions and drive consensus. He has a track record of developing high performance teams by fostering an environment of mentorship and collaboration. With a rich history of excellence in program & service delivery, multi-million dollar budget management, business partnerships, cross functional team management and cloud implementations he has acted as a motivator to propel the productivity of onsite, virtual, global, offshore and vendor teams.

We helped Syngenta save almost half a million dollars a month and boost agility in the cloud. Here’s how we did it.

Ask Syngenta, and they’d probably say the right partner is cloud-native. One that looks after your cloud environment in a reliable way while boosting agility, increasing speed to market, and unearthing major cost savings.

Syngenta is a leading Agricultural Technology (AgTech) company. Helping farmers improve yield, increase profitability and grow more sustainably are key factors underpinning the company’s strategy.

Cloud and data play major roles in connecting farmers with their technologies. Syngenta has a strong cloud and IT team, and were used to working with traditional CSIs and hyper-scalers to manage their environments.

Syngenta started working with Nordcloud in 2020. At first, we came in to help migrate some workloads to the cloud. It was an opportunity to sow the seeds of a different, cloud-native approach.

There was a clear difference in how lean and nimble this approach was. So, when the team needed help with automations, we also got involved with those. The result: manual tasks that might’ve taken many hours previously could be completed in 10 minutes or less. Account vending processes that used to take many days were shortened to 5 hours.

Then the cost savings. Our FinOps experts took a microscope to the environment to identify potential savings. They harvested information around rightsizing, utilisation, and resource optimisation, identifying half a million euro a month in cloud savings.

It’s this added value that means some of the biggest and best companies are shifting to cloudnative MSPs to look after their environments.

Cloud natives know how to boost performance while reducing costs. They’ll deliver best practices to drive efficiencies. They make clever improvements that cut licence and capacity costs or reduce technical or security risks.

Cloud natives strengthen security without slowing enterprises down. They know how to implement bestpractice governance, take care of security operations, or conduct a Zero-Trust maturity assessment.

The impact of this approach is an agile, secure and reliable cloud team and environment that empowers the entire organisation.

How do you know if you’re working with the right cloud managed services provider?

Syngenta: Crops, Seeds and Cybersecurity

“The majority of threats we see come from our end users. End users outside and inside the business can be our most vulnerable area. But at the same time, they can be our greatest defence against those threats if they are educated and trained properly in threat awareness and protection.

“In the ever-changing technological landscape our threats are very dynamic. It's an almost continuous game of cat and mouse to stay on top of those technical issues from a threat management perspective, but ideally, with our strategic outlook and the protection and defensive measures that we put in place, we can manage those responsibly.”

The journey to cyber maturity

Becoming a fully cloud-based company (ahead of most competitors in the space) was a challenge. Once achieved, though, it became necessary to turn the attention of the teams to the questions of how to modernise the company’s application landscape and

drive the business towards a cloud-native approach. Cybersecurity moved to front and centre. “If I look back three to four years,” says Vanja Vlaski, “this was not a professionally run department; today, it is a 24/7 operation.”

That was before the arrival of Paul Carugati and the setting up of a dedicated organisation. “Prior to my time here, there were certainly areas of competency on information security within the business, but they were extremely decentralised; nothing formal was in place. As a result, the organisation started seeing more incidents that were impacting operations negatively.”

So, how did Syngenta – with the collaboration of Vlaski, Carugati and the rest of the team – link these decentralised strands?

“We centralised the function, working directly under the CEO and CIO to establish a central and global information security organisation,” explains Carugati.

“From there, we aligned standards and the best practices defined for enterprise risk management – including ISO 27001, NIST 800.53, and, more recently, the NIST CSF (cybersecurity framework), which are needed to understand the appropriate capabilities for the purpose of organising teams and building responsibility for information security in a growing enterprise.

“One of the first things we did was to implement a formal risk management and treatment framework. We had to create that from scratch, as well as a team to govern it. In the process, we established

EXECUTIVE BIO

VANJA VLASKI

TITLE: GLOBAL HEAD OF INFRASTRUCTURE AND CYBERSECURITY

LOCATION: GREATER CHICAGO AREA

Senior technology and business services leader with front-line experience ranging from engineering and development roles in technology startups to delivering complex large scale programs and achieving transformed business services/technology capabilities within large corporations.

I am acknowledged for strong communication skills and creation of high performing teams, with a proven track record of driving: global transformation and change programs, business digital/technology strategy, process simplification and outsourcing focused on savings contributions and top line growth.

“A key focus area for us in 2023 will be to drive the adoption of Infrastructure-as-code across the Enterprise for increased agility and standardised compute deployments”

HEAD OF CLOUD SERVICES AND IT INTELLIGENT AUTOMATION, SYNGENTA

PAUL CARUGATI

LOCATION:

Accomplished information security executive with a proven ability and rich expertise in the successful execution of Information Security programs in global organisations across multiple commercial industries. Paul is a specialist in collaborative technology, building high-performing teams, program management, fostering a culture of data protection through business enablement and risk management, and achieving positive, measurable behavioral change through accountability and integrity. He is an in-demand speaker who holds many accreditation and industry certifications showcasing his technical and business prowess. Paul is passionate about raising community awareness about cyber security and privacy. Paul has spoken to and coached a variety of executives and BoD members on cybersecurity.

“End users can be our most vulnerable area but at the same time they can be our greatest defence against threats if they are educated and trained properly in threat awareness and protection”

good cadence with our legal, finance and HR partners. We then introduced ourselves and established good partnerships right across the all lines of service as well as in the functional areas of the organisation, especially from an R&D perspective.

“Where we find ourselves now evolved from what I found to be a baseline maturity model: reactive, unstable, ad hoc and inconsistent into the standards-aligned, documented and risk-based programme that I think is absolutely critical to be able to maintain from a cybersecurity perspective in a global organisation.”

It's not a finished job though, given the dynamic threat landscape – ever-evolving and expansive.

“Without continuing to grow and innovate in this space we will remain static and find our maturity level reducing. We have to

grow, and we have to innovate along with the company’s risk appetite. Our goal over the next few years is to move the needle even further across our maturity curve toward a more proactive and metrics-driven organisation, with a predictive, integrated information and cybersecurity programme.

“We need not only to address the current needs of the business, but to actually predict what those are going to be, if we are to stay one step ahead of our cyber adversaries. And we must be able to build security controls and capabilities into our technological solutions across the organisation as opposed to bolt-on solutions.”

The road to the cloud

A great leap forward in capability and tech maturity was taken when the company moved all its on-prem infrastructure to the cloud. The responsibility of Subu Iyer, Global Head of Cloud Services, DevOps and IT Intelligent Automation, Syngenta's journey to the cloud started back in 2016 with the setup of Cloud 1.0 in AWS.

"Migration of applications from data centres to the cloud started then, as the cloud promised a 50% reduction in operating costs. We successfully migrated the initial batch of 500-plus applications to the cloud in 2020, but project teams soon started running into governor limit-related issues linked to a single account architecture in Cloud 1.0. Subsequent discussions with AWS led us to setting up the secure multi-account landing zones, or Cloud 2.0. This proved to be a huge milestone for us. After detailed analysis and careful considerations, we chose to migrate the entire suite of SAP platforms and workloads out to our Cloud 2.0 ecosystem that same year,” explains Iyer.

“Following in the footsteps of the AWS operation, we then set up the multi-account

landing zones in Azure in Netherlands and Chicago in 2021. That year saw us onboarding Nordcloud as the Managed Services Provider for the steady state operations of all our cloud assets. This meant that, for the first time, we had round-the-clock support coverage for this critical foundational service.

“In a massive, complex undertaking in 2022, we migrated the last set of applications and all the infrastructure services out of the data centres, making Syngenta a 100% cloud operation. This was really the proudest moment for our infrastructure and security teams. Everyone banded together to unwind the decades' worth of legacy – and often undocumented, on-prem solutions – and set up fit-for-purpose, cloud-ready alternatives".

In a cloud-first organisation, how does the wider business successfully engage, communicate and share best practices on

cloud policy and IT infrastructure?

“In the cloud organisation we have a competency called Cloud Business Partners (CBPs),” Iyer says. “Their primary goal is to engage with all our stakeholders and understand their vision and strategy, so that we in Cloud Services can organise to better support them and help them meet their goals. The CBPs also drive the cloud initiatives and priorities with teams across geographies and functions.

“Apart from that, we have the architecture, engineering and automation units that provide additional capabilities, services and competencies to support our customer base. We also empower our customers by providing a guided experience on our self-service platform for provisioning all their cloud assets, supported by guidance on cloud-native design patterns and best practices. All this helps make sure that

whatever they may build accords with Syngenta's codes and standards.”

Talking about cybersecurity, Iyer states: “Cybersecurity is particularly important in the cloud and compute space. We have to ensure that that the assets we manage are always patched for vulnerabilities, and that we stay on top of all the upgrades and new iterations. It's also important that the guardrails around our cloud infrastructure and various account types that we provide our customers are accompanied by the right security controls and policies, while providing them the required levels of flexibility and autonomy.

And, of course, MFA-based SSO with rolebased access are key to ensure that only authenticated, authorised users have access to the relevant cloud assets."

Currently, Syngenta’s priority is to optimise the assets in the cloud and modernise legacy

applications to embrace cloud-native design patterns, while making sure that all new applications and services that are onboarded to the cloud follow the latest technology trends.

"A key focus area for us in 2023 will be to drive the adoption of Infrastructureas-code, or IaC, across the enterprise for increased agility and standardised compute deployments."

But, as Vanja Vlaski is proud to document, this has been a massive and transformative operation that will make life easier for all Syngenta's employees and customers. Just as importantly, it will release funds for product development, boosting R&D to drive better and more sustainable food production in every corner of the globe.