This audio was created using Microsoft Azure Speech Services
Recent cybersecurity research estimates that organizations around the globe are attacked over 1,600 times per week on average, thanks to the sophistication of cybercriminals and evolving technologies like artificial intelligence and machine learning. That’s why companies like Schneider Electric, a leader in energy management and industrial automation solutions, invest in its security posture.
Schneider Electric recognizes that as we digitize our core business processes, customer solutions, and supporting technologies, our digital landscape and risk exposure grows and evolves. We also understand that organizations which are part of the Schneider Electric family, such as our ecosystem of non-integrated companies, are also digitalizing and increasing our attack surface and threat exposure even more.
Schneider Electric’s ecosystem of non-integrated companies is a valuable extension of our business, brand, and reputation as they enhance our offer portfolio with a wide range of products and services. From a security point of view, our customers expect these companies to be as secure as Schneider Electric. Our Security Ecosystem program provides guidance and support to our non-integrated companies to mature their security posture over time and align to our Trust Charter.
Accelerating cybersecurity maturity while creating a culture of trust
By definition, our non-integrated companies are either acquired organizations or subsidiaries of Schneider Electric with independent IT infrastructures that are not integrated into ours when they join the Schneider Electric family. Regardless of their maturity posture, the companies’ participation in the Security Ecosystem program provides a framework with the end goal of protecting their IT environments with equivalent or better cybersecurity standards than Schneider Electric uses.
With the goal of building an elevated level of cybersecurity maturity while reducing threats and risks, the program enables these companies to:
- Retain ownership of their cybersecurity programs while taking advantage of Schneider Electric’s industry best practices, deep cybersecurity expertise, and extensive resources.
- Identify any potential cybersecurity gaps in their existing security postures and collaborate with Schneider Electric to implement the appropriate mitigation solutions.
- Become part of a community of like-minded security professionals from other ecosystem companies who share best practices and lessons learned as they mature their security posture.
- Demonstrate that building a strong security posture is a business enabler which can lead to continued growth.
Creating broad and deep support for cybersecurity excellence
The Security Ecosystem program began several years ago as an initiative and now has grown into a robust program with commitment and support from throughout Schnieder Electric.
- Governance and management: With executive-level sponsorship and endorsement, a centralized governance team manages the Security Ecosystem program. This team ensures the program is aligned with Schneider Electric’s Cybersecurity Trust Standards, which are based on the National Institute of Standards and Technology (NIST) cybersecurity framework that covers three main security pillars – digital, product, and data.
- Program execution and responsibility: The Security Ecosystem program is executed by regional chief information security officers (CISOs) who are responsible for the region’s overall cybersecurity as well as the security of the non-integrated companies in their areas. The CISOs and their teams are the ones who build ongoing relationships with the executives of these companies and the people responsible for security.
- Security expertise and support: As appropriate, the non-integrated companies are also supported by various cybersecurity experts within Schneider Electric. Based on specific business focuses and security requirements, they can benefit from security expertise in areas such as product security, vulnerability management, incident response, data and cyber risk, security training and awareness, and more.
Establishing a comprehensive framework for cybersecurity maturity
The governance team built a global framework for the Security Ecosystem program that is based on approximately 30 trust standards in four domains that help ensure the sustainability of the highest level of security possible. The domains include:
- A governance security framework which is the foundation for cybersecurity and data protection standards that every organization within the Schneider Electric family embraces.
- Security awareness and training that ensures the embodiment of a cybersecurity culture aligned with Schneider Electric principles.
- Information technology (IT) and operational technology (OT) solutions that are updated and implemented with the latest and most secure versions to maintain a strong security posture.
- Operating model processes that drive the execution and application of the security framework, standards, and technologies used in everyday business interactions to ensure we sustain the highest level of security possible.
Building a strong, aligned, and mature security posture
The regional CISO and security officers directly support the non-integrated companies through personalized relationships. We provide them with advice and support on everything from the deployment of Schneider Electric’s trust standards to cybersecurity hygiene and incident response management.
Core to each relationship are annual Trust Standards workshops, ongoing monthly engagements, and continued monitoring of progress during which customized continuous improvement plans for ever-evolving security maturity are developed and executed.
- Annual Trust Standards workshops: The regional teams design the annual workshops based on the current level of security maturity for each company. The initial workshop involves a collaborative assessment of the company’s existing security structure and, together with Schneider Electric, a mutually agreed upon security vision and maturity plan are developed. During each subsequent yearly workshop, the vision and plan are reviewed and any potential risks, security gaps, and growth opportunities are identified. A final report is presented to the company’s executive leadership team so they can create action plans with prioritized needs and commit to the recommended actions going forth.
- Monthly follow-up meetings: Each month the regional teams meet with the companies to monitor progress, and adjustments are made as needed.
- Ongoing performance monitoring: Throughout the year, the companies also participate in three external cyber scoring platforms – Bitsight, RiskRecon, and SecurityScorecard. The results of these ratings help Schneider Electric understand the overall security performance of the companies as well as their digital infrastructure and ongoing external exposure.
Collaborating individually to build a stronger security posture collectively
As demonstrated here, one of Schneider Electric’s topmost goals is to build customer trust by embracing ambitious standards for cybersecurity. By collaborating with each individual non-integrated company through a customized cybersecurity maturity program, we extend our cybersecurity standards to them through the Security Ecosystem program. Through the joint ownership of this program, these companies get the tailored support they need to continuously build stronger security postures, and thus, they are helping us protect not only the Schneider Electric family, but also all our customers as well.
Add a comment