Here’s is my thought provoking interview with special guest. Enric Cuixeres Saez, the CIO for Leng-d’Or, a 55-year old multinational company based in Spain and the world’s leading manufacturer of snack pellets for third parties.
In the interview Enric talks about Leng-dOr’s security journey and his approach to cybersecurity, zero trust and successfully utilizing the Cisco security portfolio.
Enric’s preference to use primarily one security portfolio to keep it simple, integrated and effective versus a hybrid security environment made up of a bunch of disparate security solutions that leave gaps and seams, which a bad actor can take advantage of is an important theme throughout this discussion as it sets the tone for a more effective security stance for Leng-d’Or.
We discussed their zero trust journey and it was interesting in how it largely aligns with the benefits shown in the ‘The Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q3 2020’ Report, where it describes the following benefits:
Cisco Zero Trust allows you to:
– Consistently enforce policy-based controls
– Gain visibility into users, devices, components and more across your entire environment
– Get detailed logs, reports, and alerts that can help you better detect and respond to threats
– Provide more secure access, protect against gaps in visibility and reduce your attack surface
These benefits are crucial elements that nearly every organization out there, whether public or private sector is in need of given the challenging and risky environment were are seeing globally. Reducing risk and aligning and supporting the business are critical success factors for today’s technology and security leaders.
Be sure and take a look at the interview transcript below, as another theme that resonated with me during our discussion was Enric’s pride and dedication to regarding the business and ensuring the leadership, employees, and customers have a safe, inclusive and productive environment that supports the organization’s growth. He was quick to point out the positive sustainability and environmental achievements and goals of Leng-d’Or. This was refreshing to hear as too often during a technology or security discussion, one does not hear about social good at the scale in which Leng-d’Or has achieved.
I truly enjoyed our discussion and it was clear, as we wrapped up the interview that Enric is highly experienced and effective technology and security leader that leverages his knowledge and leadership to ensure his organization gets the biggest return for their technology and security investments. You should expect to continue to hear great things from Enric and Leng-d’Or as the continue their zero trust journey.
Mark Lynd 00:01
Hi, Enric. Thanks for joining me today.
Enric Cuixeres 00:04
Thanks Mark. Nice to chat with you today. It’s a big pleasure for me
Mark Lynd 00:08
Absolutely same for me. Look, one of the things that obviously everybody’s aware of COVID 19, the variants and the rise of ransomware and all the crazy things that are going out there. They’re challenging technology and security leaders across the globe.
So, given your leadership position at Leng d’Or, how drastic did you see the technology and security leaders’ priorities change during ransomware and COVID19?
Enric Cuixeres 00:35
Yeah. with explosion of the pandemic, Mark and at the mark at the beginning of 2020 we just suddenly many employees start working from home and indoors.
So, in all case we really had to establish a smarter working culture right in our company. And digital security policy compliance, it was not a new challenge for us to implement all the, this kind of policy for us. We only need to adjust our infrastructure, to be able to absorb the new load of massive because a lot of employees went to work at their home. And we are able to continue operating normally. A big important thing that I remember is how from the beginning how honest Cisco support us. Support us in order to make available the necessary licenses for this new balance shift.
Mark Lynd 01:39
Oh, wow. That’s great. Yeah, having a vendor you can depend on especially security in the crazy world we live in now has to be a really positive thing. Taking that into account, what are some of the biggest cyber threats to Leng d’Or right now?
Enric Cuixeres 01:57
Yeah, Mark. without a doubt phishing or email deception is a big problem and a constant problem for us.
Every day, we are receiving those kinds of emails. All of them, asking for personal data or pretending to be our regular provider or lender in order to scam us now. Really in this sense what we are doing, being up to date with all our systems and you see modern new tools to try to avoid this kind of fishing.
For tools we are using the Cisco advanced phishing protection. Another important thing we are doing we’re doing at Leng d’Or is continually training all employees in the, because the training and it’s a key, in my opinion, a key in order to try to stop this and this kind of attack.
Mark Lynd 02:58
Yeah, updating keeping the tools and everything up to date, as well as training are so critically important. I think sometimes that gets a little bit overlooked in the equation of trying to stop ransomware and breaches, et cetera.
Enric Cuixeres 03:14
Yeah, sometimes… many times this kind of attacks are against our large corporations not to lock down the entire corporation, but its these kinds of attacks that try to distort the reputation of the brand, right? The usual method of the cybercriminals is to try and steal sensitive information and threat en blackmail to the corporation with the publication of this sensitive information in public forums like Reddit or anything like this.
So, these kinds of attacks can easily undermine a brand too. So, with the investors, the customers and undermine the trust with the supplier, right? Ultimately this type of attack at the end could destroy the company reputation. So, it’s a big problem for the large companies.
Mark Lynd 04:22
Yeah, you’ve really chosen at Leng d’Or… You’ve really chosen to use one primary security vendor and most of their security, if not all of the security portfolio to help you move forward with protecting the organization, moving towards zero trust, doing some of these initiatives, is that correct?
Enric Cuixeres 04:39
It’s correct. We are as I said, training all employees in this kind of attack. We are deploying lots more tools. Usually, a lot… Lots of tools from Cisco like the security mail appliance and advanced phishing as I state, we are trying to avoid and minimize the impact of this kind of attacking in our company.
Mark Lynd 05:03
Yeah, that’s great. I think, one of the things that gets mixed up and also missed besides training and keeping your tools up to date is actually the integration of all those tools. Having a bunch of disparate security products trying to work together can create as many problems as it solves sometimes.
Enric Cuixeres 05:20
Yeah, the integration of these tools with SecureX is a big step for us because in one point we could see in real-time our security landscape. Yeah, in one point, we can check all our digital endpoints in SecureX because all the security tools are reporting directly to SecureX. Nowadays, we can just use this one tool and we completely would have a big snapshot of the status of the strength of our security in just a second. So, it’s a big process.
Mark Lynd 06:00
Yeah, that’s awesome. I think… so how would you say leadership view these cyber investments and you mentioned brand reputation a moment ago, how does it impact or strengthen brand reputation?
Enric Cuixeres 06:11
We need to be more and more proactive, maybe even more proactive in this with the cybersecurity policies. Because if we have maybe in the future, a problem with our brand reputation, as you said maybe the company will lock down and we’ll close in the next few months, because why? Because the trust is one of the most important things for a large company. So, if there is sensitive data or maybe the development secrets or the names of all the customers were exposed on Internet. The trust will be finished for all the people, right. So, it’s very important to try to protect the brand reputation against the ransomware attacks.
Mark Lynd0 6:59
Yeah, how does your leadership see those cyber investments? Are they happy with what the results so far?
Enric Cuixeres 07:04
Now… we are very happy with the results because of the integration of all our tools with SecureX. As I said, its giving us a lot of information in real time, and we could act in real time when we have a breach at our corporation. Nowadays, I think that we are in the good situation with all of the actions, and we could work in a very proactive mode in this cybersecurity war against ransomware. I’m happy with this… very happy with this security solution.
Mark Lynd 07:39
Fantastic. So, was part of your decision making… as customers tell me all the time that they need automation in their cybersecurity activities. Just due to the sheer amount of data, logs, everything they must review and decisions they must make and getting through that. We are seeing a lot of AI and machine learning being put into these cyber tools. Was that one of the decisions… because nobody has too many resources, right? Everybody has look… everybody has a little bit too few resources and they get to make the best use of those. Was it automation in the portfolio of tools that helped you whittle down and figure out what’s going on without a whole lot of effort? Was that one of the reasons or one of the justifications for the tools?
Enric Cuixeres 08:23
Yeah, I totally agree with you Mark. This is a part of the future of the next two or three years of the best in cybersecurity. Right in this sense, it’s very necessary to promote the use of intelligent tools in order to analyze all the data that they all the appliance could sense as in real time, right? The objective is… Mark to look for the commonness on this kind of appliance and trying to find the different patterns in real time, when a strange event happens. And why, because when we… when this kind of strange pattern is not as straight, but when you check a strange part and you could act in real time and try to avoid the possible breach and if you do this thing, maybe the damage will be very small.
Mark Lynd 09:24
Yeah. I think it’s interesting, right? Because we’re so used to the word of tools and having things that were really the Cisco portfolio is a platform, I think one of the interesting things is that with that platform, you get a wide variety of capabilities that help you do exactly what you were just talking about as well. Doing that it also, it leads you and helps you down the path towards zero trust, right? So, obviously Leng-d’Or is headed down the zero trust path due to ransomware, breaches and some of the things that are going on out there. Having a really good platform like the Cisco security portfolio, SASE…that type of thing has that really helped you with your zero trust initiatives?
Enric Cuixeres 10:09
Yeah, we are using different products of Cisco in order to deploy our digital trust policy. We are using Duo and where we are using Duo and why we are seeing Duo with our remote workers… workers because with Duo, we are using the two-factor identification with Cisco Umbrella. In real time, we can check the incoming connection from our employee. And we could check if our employee is the right employee and not in an odd place, not spoofed by the cyber criminals. I n our internal organization, we are using also Duo security in order to protect our internal critical web applications with the two- factor identification. Nowadays in Leng d’Or, we need to access from outside the company to inside the company, we need to know the employee password and then validate through authentication within. Also, we have deployed new policies that control the localization of the employee, check that the laptop is completely up to date, checks that the Cisco security end point is completely up to date also. So, we are trying to check that the employee profile is completely okay in order to get inside our company.
Mark Lynd 11:30
Yeah, cause really zero trust is more than identity and segmentation, even though they are really important items, there’s more to it. We hear a lot about identity. I don’t know about you, but people ask, where do you start with zero trust? I am always like, you might want to start with identity, right? Because, to your point, it is so critical to your important applications.
Enric Cuixeres 11:53
That’s very important because we need to have, as its name states, zero trust with the inbound connections. Mark because. sometimes the cyber criminals try to spoof the internal employees, or sometimes the cyber criminals get the password. And so, if you have a system, a simple system that only check the username and password it’s very easy to try to steal their password and then get inside the company and do whatever. So, for u zero trust policy must continue to be applied at all the levels because we need to identify all the people that work with a laptop, with a computer in our company. Because we need to check in real time and know in real time when an unauthorized access is trying to get inside our company, and why because these kinds of attacks could allow access into our critical systems causing real damage.
Mark Lynd 12:57
It sounds like you’ve been very busy, right? As many IT security leaders have been. So, are there still some things left in your zero trust journey?
Enric Cuixeres 13:08
Yes, in this space we are also doing training with all the employees with these kinds of tools because these kind of tools affects the day by day of our employees, right? Because now they must learn to use a second factor of authentication is a new rule and it takes more seconds in order to do the same thing.
But, as I say always, security must be completely done in the large companies’ market, because only one attack, could lock down a big company. We have a lot of examples around the world, not from the past, but from this year 2021, as we have a lot of troubles around the world.
Mark Lynd 13:47
Gotcha… Look I, it sounds like you’ve been very busy. You’ve done, some great things using the Cisco security portfolio and, really doing great things for Leng d’Or and making sure that the organization, its employees, and customers are safe and have a great working environment.
I really do appreciate your time and I want to thank you for joining.
Enric Cuixeres 14:14
Thank you, Mark. It’s a pleasure for me to stay here with you and talk and share with you. Very happy to share my time. Share my time today with you. Thank you so much Mark.
Mark Lynd 14:28
Thank you so much Enric. Have a great day.
Enric Cuixeres 14:31
Thank you. Have a nice day. Bye.