DIGITAL REPORT 2021
360° SECURITY IN ASSOCIATION WITH
02
03
360° SECURITY www.ordina.nl
ORDINA
04
Vincent Meijer, CISO at Ordina, explains why security should be built in, not bolted on
“W
e are a local player,” says Vincent Meijer, CISO and Head of Information Security at Ordina. The Netherlands-based IT
solutions company is heavily focused on the Benelux market, perhaps surprisingly in a world of globalised solutions. But for Meijer it is key to 05
delivering value. “We talk about areas of expertise, but we get even more value because we are a local player. We understand Dutch, Belgian and Luxembourgisch culture and how things work out there and we focus on building expertise and knowledge of certain branches – sectors – in these countries. “We have a deep understanding of those kinds of businesses which, added to our expertise, can really move them forward and put them a step ahead. You can have just the expertise and fold it into a context you don’t understand, but you will only bring the company forward in a technical way. We look at it a little bit more holistically and see how we can deliver a total concept or solution by combining expertise from all our company.”
www.ordina.nl
ORDINA
“ We deliver a total solution by combining expertise” — Vincent Meijer, CISO | Head of Information Security, Ordina
it in a more holistic way – and look at where you can adjust it or apply it in your value stream process. If you do that, you
HOLISTIC SECURITY
can move and anticipate change really
Meijer talks about holistic security enthu-
quickly because it’s just the way you
siastically, and calls his work ‘security
work. But if you keep on addressing it
transformation’. “I don’t think security is
as an add-on or an afterthought, that’s
a goal in itself,” he says. “It’s just a piece
going to be really, really difficult.”
which needs to be there as a standard 06
in, and to build it in you need to look at
way of working. So it needs to be built
Why? “It was already difficult, but it’s going to be impossible to grow in this digital transformation everybody’s into. And the risks are growing.” Meijer explains that new legislation passed in the Netherlands puts the duty of care on suppliers for security matters. It’s “a big topic at the moment” because although many suppliers wanted to put security at the heart of
Data Migration CLICK TO WATCH
|
0:51
07 their solutions, it adds costs and clients
change and an increasing number of
were reticent about paying the per-
employees engage with their work via
ceived mark-up.
personal devices. “A lot of companies
“That was always a difficult discus-
designed their programs on the office
sion, because if the supplier thinks their
network, not just their IP networks
competitor is going to propose a solu-
but also the people networking in the
tion without [security] and I’m going to
office and in the office space. So, for
propose one with it, I’m going to lose
example, the awareness programmes –
the offer. So it’s a big step from both
there are posters all over the company,
sides to increase security, and that’s
in the toilets, in the coffee bar, but
a good thing, I think.”
no one’s going there so the question arises: how do I reach my people?”
HYBRID WORKING AND SECURITY
At a more technical level, Meijer also
Covid-19 has also accelerated secu-
points to home networks that lack
rity concerns as working patterns
the enhanced security of corporate www.ordina.nl
ORDINA
08
“ It’s important to realise you can’t do all the security on your own” — Vincent Meijer, CISO | Head of Information Security, Ordina
network monitoring solutions. “A lot of
we create value for our customers
companies I speak with have a huge
hasn’t changed, only the context of the
blind spot there, so they need to antici-
environment where, when and how we
pate it to increase visibility again. And
create that value did change.”
again, we are continuously looking at
The problem for companies who
what value we can create. So the way
haven’t previously consolidated their
security arrangements are strug-
security arrangements more effec-
gling in managing and maintaining all
tive and better to manage in order to
their security controls and it almost
become more resilient.
becomes a goal on itself. “Hopefully a lot of people are going to take a little
ZERO TRUST: NO HERO?
step back instead of rushing forward,”
“I keep hearing about a ‘zero trust’
says Meijer. “A better goal should be to
philosophy during Covid conditions,
make it simpler instead of adding more
and this is where you don’t trust any-
complexity to it. So we help companies
thing and therefore might think you
to remove complexity and make their
have to check everything. Using this
E X E C U T I V E P R O FILE :
Vincent Meijer
09
Title: CISO | Head of Information Security Industry: Information Technology & Services With more than 20 years of experience in IT, Business and Security, Vincent has worked on many challenging cyber security projects for appealing organisations both national and internationally. The last decade he has been focusing more on understanding and learning about organisational business models and their processes in order to integrate security within the value stream instead of using the traditional afterwards compliance-driven approach. In addition to his assignment to integrate cyber security within the business strategy as Group CISO for Ordina Benelux, Vincent also fulfills the role of business director for Ordina’s Cybersecurity & Compliance services. www.ordina.nl
ACCELERATE DETECTION, CONTAINMENT AND REMEDIATION OF CYBERSECURITY INCIDENTS WITH ESET EXPERTISE
At ESET we believe that the highest level of security can only be achieved by a combination of robust technology and human expertise. As a global company with local expertise we are the cybersecurity experts on your side.
LEARN MORE
#1 ENDPOINT SECURITY VENDOR FROM THE EUROPEAN UNION
“ A lot of companies I speak with have a huge blind spot on hybrid working security” — Vincent Meijer, CISO | Head of Information Security, Ordina
hierarchies play a role in whether the customer can be sold on the argument. Difficulties arise when security officers are still traditional some-
approach might end you up in a never
where in IT and not positioned within
ending and unmanageable situation,
the business itself. It’s an easier sell
I think, because that’s going to be too
when, as at Ordina, the CISO is also
much and really complex. Yet if I look
an executive position. This important
at this change, I can actually remove
transition to really integrate into the
complexity because I can look at the
business could take up to five years,
office environment at the same level
he says.
as the home environment. I don’t trust them, but I only have one scenario to
FINDING A PARTNER
manage. We’re not ever going back, I
Internally, Ordina wants to create value
think, to the old situation. We’re going
but the same is true of its partnerships.
to a hybrid kind of model, and then the
“You have to seek for partners to be able
office becomes a more public environment with a different function – to connect, to socialise, to find each other in person – and that’s why my office network is going to look more like my home network.” Meijer’s mantra of building security in, rather than bolting it on, is part of this simplified approach to holistic security. But organisational www.ordina.nl
11
ORDINA
O R D I N A: 3 CO RE VALU ES
• We discover
12
From craftsmanship towards staying ahead in your profession. We are curious and open to new things. This helps us to identify opportunities and threats and to figure out what that means. Every day we discover how our talent can be optimally used. How we can further develop our craftsmanship. To be at the forefront of our profession and to proactively help customers to remain ‘Ahead of change’. • We connect From collaboration towards taking responsibility for the result. We are open-minded, inclusive and entrepreneurial. That helps us to make connections and to build relationships. Ordina takes
responsibility for the result by collaboration through High Performance Teams. Proactively connecting the inner with the outer side and vice versa, to achieve an optimum result. Win-win situations with the best results for every stakeholder. • We accelerate From customer knowledge towards digital lead. We are customer focused and we strive for quality. That helps us to look forward and helps our customers to accelerate. Through our business propositions we proactively develop the best solutions for customers. Ambitious solutions that make the difference. They positively surprise and help customers to take a digital lead.
“ Security is a shared responsibility” — Vincent Meijer, CISO | Head of Information Security, Ordina
with their product but didn’t have the expertise to follow up on alerts within the customers context. “They realised that that wasn’t actually their cup of tea, so they needed to find a partner who was good at that, and can bring customer and business context
to offer a total solution for the problem
to the product. So that’s why we joined
in the market. You have to find a partner
forces, because we design it within the
who is really excellent at what they do,
context of the organisation and we
so we can join forces and increase the
can follow up in case of an incident.
value of something we deliver together to the customer. ESET, an antivirus company, is one such partner. They are happy
“It’s important to realise that as a good security services provider you need to work with partners in order to deliver end-to-end solutions.
www.ordina.nl
13
ORDINA
1973
Year founded
€372mn Revenue in euros (2019)
14
2,650 Number of employees
“You can’t do everything by your-
customers which can only be solved
self, especially all the security. It’s
with these combined services then
just too broad. It’s too much, it’s too
you’re in really good condition.”
intense. And a partnership has to be a two-way street, otherwise it’s
RISK OWNERSHIP & ACCOUNTABILITY
more like a supplier-client relation-
Finally, Meijer wants to impress
ship. It needs to be from both of you,
about the importance of risk own-
and if you can solve something for
ership. “A big job is to help the
15
organisation understand, and organ-
“Otherwise we’re going to end up
ise that accountability in the right
being at a loss, or running behind
places in your organisation. We
it forever.�
need to see security as more of a shared responsibility for everybody in the company and organise it so everyone can take their piece of accountability. www.ordina.nl
RINGWADE 1 3439 LM T +31 30 663 7000 www.ordina.nl
P0WERED BY