Sebastian Kemi , Chief Information Security Officer at Sandvik , discusses how the organisation has shifted to a Zero Trustbased security infrastructure as a way to combine new technologies with its business strategy of constant innovation . We hear how it worked with Zscaler to deliver on this .

In 2020 , Sandvik transitioned from a traditional Virtual Private Network ( VPN ) to a Zero Trust work-fromanywhere model to provide employees with flexible and secure access . Sandvik ’ s long-term goal was to overhaul its existing VPN technology , as connecting and securing remote workers was becoming a significant challenge . That vision generated a change momentum within the business over a period of months , but activity had to accelerate rapidly when the COVID-19 pandemic forced a sudden switch to remote working .

More than a technology change

The drive for transformational change originated from multiple places within the business , with the enduser experience meeting technological reasons to make the shift . “ People had got used to consuming cloud services wherever they were through their smartphones ,” said Sebastian Kemi , Chief Information Security Officer at Sandvik . “ Then they ’ d come back to enterprise IT , with on-premise solutions for mail and such like , and it was too cumbersome .”

Kemi put together a team that comprised members from across the business , representing the various stakeholders . Employee access must be secure , as well as flexible . Sandvik recognised the importance of this business driver and as such , the transformation initiative sat with the security team within network IT .

Defining business outcomes

The team started with the programme ’ s objectives . Kemi stresses the importance of clear business drivers in transformation programmes . “ Rather than talk about a product , or technology shift , we talked about the business goals : where do we want to go ? What steps do we need to take to get there ? You need to remove the product conversation from this stage ; otherwise , it becomes tech people finding a good solution and trying to enforce it , with nobody really understanding why ,” said Kemi .

He pointed out that earlier application migrations to the cloud had caused internal frustration , with some people wanting to move back to the legacy solution . “ I think that was because we concentrated on the technology change ,” he said . “ When we started talking about the long-term goal , the perception change trickled down really fast . People need to see what the benefits are .”

Selling the long-term strategy

The team then set about engaging senior leadership and management , ensuring they understood the strategy and were behind it . These leaders would get questions from their team members and would need to give out the same message . Alongside this engagement activity , the team prepared the proposal

Sebastian Kemi , Chief Information Security Officer at Sandvik

www . intelligentcio . com INTELLIGENTCIO EUROPE 63