My name is John Sapp. I’m the director of IT security and CISO for Orthofix International, which is a global medical device company. We do have offices in Verona, Italy, Sao Paulo, Brazil, the United Kingdom, Germany, France, and through an acquisition, we just acquired an organization out of Sunnyvale, California. So, we do cover a broad spectrum, and one of the things that Masergy’ security capabilities give me is the ability to have a global security operations center.
One of the key pain points that I came across very early on when I came into the organization was that headcount would be at a premium, and it was not going to be something that I would be able to gain very easily from the organization. So, using a managed service provider became the overall strategy for how I would resource and staff the capability. So, Masergy’s security detection and response plan forum does give me 24-by-7, 365 capability. It gives me the opportunity to have someone actually triage and research any of the alerts, and only the top priority issues that really need a decision by me or my small staff are what get escalated to me. And Masergy is that trusted advisor that allows me to feel very confident that nmy environment will be protected.
So one of the key things that we’re concerned about in our industry being a medical device company that has federal regulations such as the FDA and HIPAA. We also have global regulations such as GDPR, which is the new General Data Protection Regulation that becomes effective on May 25th, 2018. And Masergy’s ability to detect things that are suspicious or malicious give me insight into any potential infiltration into my environment so I can respond appropriately. Masergy’s continuing strategic growth as it relates to cloud and network security such as their CASB, managed CASB offering, give me the ability to converge both my network and cloud security, and now I can correlate for an overall improved security posture.
One of the things that I find that’s been most valuable and what I call the risk reward out of this is that I’ve seen our risk reduced by about 75%. In terms of the number of alerts that we saw in beginning, as we started to normalize the environment, I’ve had one call at two a.m. in the past 18 months. So, I’ll take that. I would recommend to other CISOs who are looking for a security service provider, is to ensure that they’ll sit down and have a strategic conversation with you to begin understanding your environment so that you can develop an overall strategic plan for securing your environment. That’s what Masergy did for us.