Man walking in front of wind turbines

SGS: creating a more secure, agile and sustainable infrastructure in the cloud

Inés Rivas Carnero

Inés Rivas Carnero

Azure Integrated Marketing Manager | Western Europe

Read Time, 7 min.

“If you ask anyone at SGS what’s in the DNA of the company, they will all say the same two words: integrity and safety. We want to add a third word to the list: security.”

Frederic Ducret, Global Head of Cloud and IT Infrastructure at SGS is talking about the core qualities that define the world’s largest and most successful auditing, testing, inspection and certification company.

“Since I joined SGS a quarter of a century ago, we have always talked about the critical importance of integrity, because our business relies on the trust that our customers have for SGS,” Ducret continues. “We have zero-tolerance against any deviation from our integrity policy within our network, as it could ruin our reputation if someone does something bad somewhere.

“In the digital age, you need to secure your infrastructure, data and applications to enforce integrity. That’s a big piece of our move to the cloud.”

It is a move that has been ongoing since Ducret’s team presented the case to move the company’s infrastructure from on-premise data centers housed primarily in SGS offices across the globe, to the Azure cloud.

With over 80% of the company’s servers now based in the cloud, the team are well on their way to achieving their ultimate goal of being a cloud-only company. And they are reaping the security benefits that cloud-based solutions like Azure Sentinel are bringing the company.

Unifying the company’s infrastructure in the cloud

Established in Switzerland in 1878, SGS has grown over nearly a century and a half into the industry leader in inspection, verification, testing and certification. With more than 89,000 employees operating from some 2,600 offices and laboratories around the world, SGS has established itself as the global benchmark for quality and integrity.

“We provide analysis of products and substances for our customers,” explains Ducret. “So we could go to a tanker, for example, take a sample of the oil, analyze it and then provide an objective analysis of whether it is compliant with our customers’ requirements.”

Making sure that SGS’s operations are robust is a key priority for Ducret. “We need to make sure our services and applications are always-on,” he says. “Our reputation depends on it, so that is my number 1 priority.”

But in the last couple of years, there has also been an increased focus on introducing some agility to the operations at SGS. “We want to be able to deliver new services to the business, things like IoT and other digital innovations,” he says. “And the cloud strategy we have in place is the foundation of that.”

Another key driver of the company’s cloud strategy is the unification of SGS’s vast infrastructure. “We came from a situation where we had applications distributed in 180 local data centers. And these weren’t state of the art data centers. In some cases, it was just a computer room with a couple of servers and some basic facility services.”

So in 2017, the company took the decision to move to Azure. And it has ushered in a new era for the company. One that is more agile, optimized and secure.

Gaining company-wide security visibility with Azure Sentinel

“When we presented our case for moving to Azure to the top management, security was the big area we focused on,” recalls Ducret, who oversaw cyber security for SGS until the end of 2020. “We showed them that the setup we had with our applications running in 180 different data centers across the world was far from optimized from both a security and a cost perspective.”

“If we wanted to improve the security, it would cost a fortune because in each location we had different technologies. For example, if you wanted to implement web application firewalls across the network, you would have to buy, implement and maintain a specific solution at each location.”

But the security case for the cloud was about more than the bottom line. It was also about increasing visibility across the network. “We have something like 75,000 computers and 85,000 users distributed across more than 140 countries worldwide,” says Ducret. “Of course, from a network perspective, that presents a challenge.

“Before the cloud, at group level, we had limited visibility over the compliance of our local affiliates across the world to the high standards SGS needs to respect. Now with Azure, we have this global visibility and we are able to automate some processes to help our Security Operations Center prevent and detect any anomalies they may have.”

The company has been using various cloud-based security tools, including Azure Sentinel – a cloud-native security information and event management (SIEM) platform that uses built-in AI to help analyze and correlate large volumes of data across enterprises.

The solution allows SGS to define different use cases to detect security threats across its network. “We have defined 12 use cases,” says Ducret. “It allows us to correlate different events and convert them into a security incident, if it is indeed a security incident. We have 75,000 computers and 4,000 servers, so we have many security events every day. It’s not manageable if you don’t have something which automatically analyzes those events and identifies which ones require an action.

“You also get some forensic capabilities with Azure Sentinel,” he adds. “The logs of these incidents are centralized and Sentinel gives us the tools to make some queries and do some forensic analysis of cybersecurity threats.

“And of course, the ease of integration with Azure and the broader Microsoft ecosystem is game changing, especially when it comes to quickly deploying and leveraging a solution in a Microsoft environment.”

Boosting the company’s security posture

One of the most important aspects of having Azure Sentinel is that SGS can reassure their customers that they have comprehensive cybersecurity solutions and practices in place. “Nowadays, customers will ask if we are using an SIEM,” says Ducret. “And it’s important for our security posture score that we can say yes.”

Companies like BitSight and Scorecard can scan the external exposure of companies like SGS and publish reports detailing the effectiveness of the solutions they are using.

“Increasingly, customers looking for testing and certification services like ours will check the external security posture scores of the companies that they are going to work with,” says Ducret. “So for us It’s very important to have a good ranking.”

With Azure Sentinel, the company is increasing that external security posture. But SGS are also working to create their own security ranking internally too.

“We’ve started to create an internal security index to compare affiliates within our network and put them in friendly competition with each other,” says Ducret. “One part of this security index is the completion rate of the security awareness program which we have developed. Each SGS employee has to undertake three per year, and we report the compliance by the completion rate based on location.

“And it is all possible because of how easy the cloud makes it to track this sort of information across our network,” he adds.

Increasing the company’s sustainability credentials

Aside from the security, agility, optimization and cost-saving benefits of the company’s move to the cloud, there are also more profound impacts linked to sustainability.

“A cloud supplier like Microsoft will be much better at optimizing the datacenter’s energy consumption, or consuming blue or green energy, than SGS,” says Ducret. “We cannot achieve the same level of optimization with our internal datacenters – that’s not part of our core business to do that.

“So from this sustainability point of view, there are also considerable benefits of the cloud,” he continues. “And this is important because more and more companies are reporting to an external sustainability index. SGS is very proud to be one of the top companies in the sustainability index. And that’s partially due to the fact that we have been adopters of cloud technology like Microsoft 365 and Azure.

“Now we want to move all our applications to the cloud and embrace not just a cloud-first approach, but become a cloud-only company.”

A big part of that next step will be to introduce Microsoft Teams telephony to the company. “We are already using Teams telephony in our Geneva office and we want to develop a global strategy so that our affiliates can adopt this technology too,” says Ducret.

“So going forward, I think we have a great cloud foundation. It puts us in a strong position to introduce new innovations and strengthen the business with capabilities like IoT technology. It will help us become much more data-driven,” he concludes.

“We have a great footprint for us to take the next step.”

Free eBook: Five questions executives should be asking their security teams

See what questions you need to ask about your organisation’s security measures

Protect your business with Microsoft security and Surface

Discover How IT and business leaders facilitate safety, trust, and collaboration in our modern workforce

Discover more related articles per industry:

Education

  • a woman sitting at a table using a laptop

    VSNU: coordinating a nationwide university digital transformation in one weekend

    “A lesson for us during this crisis, has been that new technology doesn’t just change how you work – it also changes people and culture, which is something you have to support everyone through.” Director of Accountability at The Association of Universities in the Netherlands (VSNU), Reinout Van Brakel, is talking about the instrumental role […]

  • a person sitting on a chair in a room

    Bridging the education gap in challenging times

    Across the globe, teachers, students and parents are dealing with a new reality: how to adapt to an educational environment that has moved from the classroom to the internet. As in many countries, the remote Faroe Islands, more than 300 kilometres off the coast of Scotland in the North Sea, has found the lives of […]

Government

  • Ineco

    Ineco improves employee productivity with modern tools and AI

    Struggling with software doesn’t help people get more done. Likewise, if sharing files and collaborating on documents is difficult, productivity takes a hit. Ineco, a Spanish public sector company, understands this, which is why it set out to change the way employees interact with technology and one another. By deploying Microsoft 365 to its over […]

  • a man and two women standing in front of a brick building

    Ajuntament de Lleida: transforming the public sector with a modern, virtual workplace

    “At Ajuntament de Lleida, we think differently. We embrace new technology. And when we see that it could add real value to the work we do, we find a way to make it happen.” Carles GinéSabaté, Systems Implementation Planning Manager at Ajuntament de Lleida, is reflecting on his organization’s open-armed approach to digital transformation and […]

Healthcare

Manufacturing

  • Etex

    Etex uses modern tools to unite its business and better focus on customers

    When it comes to construction, all components must come together in a timely manner in order to produce the optimum product. While Etex, a Belgian building solution manufacturing company, helps make this a reality on a day-to-day basis, it wanted to find a way to enhance productivity and collaboration internally. With locations across more than […]

  • a woman smiling for the camera

    Etex Group: Future-proofing employees to work anywhere across the world

    When COVID-19 spread across Europe in early 2020, businesses entered a new digitally-dependent age. Social distancing measures had asked offices of all shapes and sizes to close their doors, sparking organizations to quickly find other virtual ways for colleagues to meet and collaborate remotely. But for Belgium building material specialist Etex, this was a step they were ready for – having already implemented a cloud-based infrastructure and collaboration tools […]

Retail

  • HeadBrands is ready for the future with Microsoft 365 Business

    HeadBrands is ready for the future with Microsoft 365 Business

    Since its creation in 2010, HeadBrands has continued to grow, rapidly becoming the leading retailer of hairdressing products in Scandinavia. HeadBrands needed a modern IT solution to increase its business productivity and improve collaboration, both within the company and externally. Its response to this challenge was to replace most of its previous services with Microsoft […]

  • GDPR and Retail: Four GDPR requirements and how Microsoft can help

    GDPR and Retail: Four GDPR requirements and how Microsoft can help

    Learn how we can help you meet GDPR requirements with solutions available today: Assessing your current risk profile “How do I understand where I am already compliant and where I need to focus next?” This is one of the most common questions from retailers in regard to the GDPR. It’s also one of the hardest to […]

Discover more related articles per dossier:

Customer Stories

  • A boat in Soderhammns

    Risky, unsecure file sharing inspired this government. Here’s why.

    “This file is too large to send.” We’ve all done it. When time is of the essence, and a large file won’t go where we want it to go, risky public file-transfer methods are suddenly a very appealing option. Security goes out the door in place of convenience. For local governments this creates a systemic […]

Digital Transformation

  • Two female nurses having a virtual conversation through Microsoft Teams

    Belfast Trust: Reimagining patient care

    “There have been many heroic actions by our staff but we’re not heroes for what we’ve done – I’m just glad we could do our bit to help.” Paul Duffy, Co-Director of IT and Telecommunications at Belfast Trust, is talking about the monumental impact COVID-19 has had on the healthcare sector and how virtual consultations […]

Security & Privacy

  • Peace of mind when it comes to privacy and security

    Peace of mind when it comes to privacy and security

    “Safely stored in the cloud, compliant and protected by best-in-class security: your data, and the tools you use to harness it, can truly empower your business.” The world is inherently more dangerous than it has ever been, and the cyber threats we face are becoming more sophisticated. Today, any device is a potential route into […]

Tips

  • a person sitting at a desk in front of a laptop computer

    Top tips for smarter remote working with Microsoft Teams

    With remote working becoming the new normal for many, people are having to find different ways of effectively functioning as a team. Microsoft Teams is designed to keep colleagues productively connected and ensure that everybody can continue to work as collaboratively, efficiently and securely as in the office. So, whether you already use it or […]