HEINEKEN’s flagship product has never been just another beer. Not stopping at perfecting its signature brew, the company’s lofty goal is to become the best-connected brewer. In a world where the threat landscape constantly grows and evolves, more connections equal more risks. HEINEKEN is meeting the challenge with a shift from fragmented, siloed, and costly operations to seamless digital interaction across the entire value chain. And to protect all of that, it adopted Microsoft Security solutions for the blend of security and agility it needs to keep its premier product on tap around the globe.
“Microsoft has proven its commitment to security through its intense investments in that area, and Microsoft Security solutions were a gift for our cybersecurity team as we created a new approach to agile security.”
Gabriela Popescu, Cyber Defense and Operations and Technology Manager, HEINEKEN
Beer has come a long way since our ancestors first imbibed it in the 5th millennium BC, but it’s still the same refreshing drink enjoyed at social gatherings. Likewise, HEINEKEN still brews every batch with the same care it lavished on the beer made in the family brewery in Amsterdam since 1873. The difference? Just about everything—HEINEKEN has left its microbrewery roots far behind, sending its high-quality brew to 192 countries. The 25 million servings appreciated every day around the globe represent more than a commitment to great lager.
Just as HEINEKEN has grown and changed, so has the world around it. Taking a cue from nature, the company formed its EverGreen 2025 strategy, a multiyear strategy allowing it to adapt to a fast-changing world and grow stronger. As part of this strategy, HEINEKEN wants to become the best-connected brewer, boosting digitization of all of its processes and building a modern IT backbone while digitally transforming the route to the customers and consumers. The company adopted end-to-end Microsoft Security solutions for the agility, cost-effectiveness, and safety it needs to become the best-connected brewer in an increasingly connected world.
Predicting the unpredictable
Today’s swiftly evolving threat landscape and relentless innovation intensifies security challenges—in a world where information is growing and attackers can now damage revenue and customer deliveries by shutting down production in factories with ransomware. “When we have roadmap discussions, we ask ourselves what we can predict in an unpredictable world,” says Gabriela Popescu, Cyber Defense and Operations and Technology Manager at HEINEKEN. “The attacks are ever more creative, even as the avenues for those attacks have expanded to social media platforms that didn’t exist a few years ago.”
For Popescu, becoming the best-connected brewer brings both opportunity and risk. The company’s vast relationship web of suppliers, customers, and other entities translates to a complex endpoint landscape for her team to protect. “Our security team has to ask ourselves how we can best support HEINEKEN’s connected strategy,” she explains. “How do we design with openness in mind as well as safety and security? For us, it meant moving away from a fully managed security service model because we didn’t want to outsource accountability and innovation.”
Marina Marceta, Security Incident Manager and Chapter Lead Security at HEINEKEN, adds that the attack landscape has shifted focus from the financial sector to the companies with the most data and critical infrastructure, period. The company’s complex global supply chain, sophisticated consumer content—personalized for a vast consumer network—and end-to-end operational model require an equally sophisticated security posture. “We become targets unknowingly or by chance because any security compromise to one of our supply chain partners can affect us too," she notes. “That’s where the agility we get with Microsoft Security solutions is so important.”
Stepping away from a fully managed service model
HEINEKEN wanted to find the sweet spot between a full-blown managed security service provider (MSSP) model and maintaining an internal security team large enough to oversee security for a thriving global concern. A few months of using an MSSP model for all its needs revealed a disconnect between HEINEKEN’s fundamental agile style and the extra time its MSSP model incurred: a protracted approvals process that could render decisions irrelevant by the time they were approved.
The company has crafted a hybrid model, retaining internal control over security management and strategy while outsourcing 24/7 security operation services and cyber end user–reported incidents to third-party trusted vendors. HEINEKEN facilitates that approach with Microsoft Sentinel and Microsoft 365 Defender, a connected array of extended detection and response (XDR) solutions that maximize security team productivity with intelligent and automated protection. As part of its 2022 roadmap, it will explore preventing security incidents and production downtime on operational technology (OT) equipment in its plants. HEINEKEN is now in the midst of its transition to a truly agile company. The visibility into its estate and the efficiencies it achieves are helping HEINEKEN to control its IT environment in the agile way it envisioned.
Marceta connects the dots between the company’s aspirations and the agile security model her team delivers, especially the Zero Trust principles (always verifying identity to protect data from malicious actors trying to steal employee identities). “Our team are the enablers for Zero Trust principals at HEINEKEN,” she explains. “So, by using the latest security technologies that support our goal to become the best-connected brewer, we have a safe way for our business to innovate—like technology that helps reduce our carbon footprint and save water—to really brew a better world.” Patrick Bolderman, Senior Technology Specialist in Engineering at HEINEKEN, agrees. “With Microsoft Security solutions, we’re truly in the driver’s seat. We set a point on the horizon, and our team drives forward to achieve that goal.”
Bringing a full slate of security solutions online—together
HEINEKEN is a longtime Microsoft customer, so it was easy for the company to make full use of the security features in Microsoft 365, protecting identities in the on-premises applications in its hybrid environment with Azure Active Directory (Azure AD), part of Microsoft Entra, which it augments with both identity protection and conditional access policies. For HEINEKEN, conditional access policies were set to proactively restrict access by the degree of sensitivity of information, by user location—whether they’re signing in from outside the office or their usual location—and other criteria. HEINEKEN enhances identity protection with Microsoft Defender for Identity, a cloud-based monitoring solution that uses Azure AD signals to detect and respond to external threats.
The company took a greenfield approach—a fresh start with no constraints—and replaced its previous MSSP with the entire Microsoft Security solution set. It rolled out the full slate simultaneously and added external solutions for some very specific use cases. With this approach, HEINEKEN gained control and uplifted its security posture. Its Microsoft 365 E5 license gave HEINEKEN access to the full Microsoft Defender suite, so in addition to Azure AD and Microsoft Sentinel, the company replaced ArcSight with Microsoft Defender for Endpoint. HEINEKEN also replaced Symantec with Microsoft Defender Antivirus. It adopted Microsoft Sentinel as its security information and event management solution (SIEM)—used extensively by its third-party security partners to monitor the HEINEKEN environment—and Microsoft Defender for Cloud Apps for its app governance.
It’s about empowerment, Popescu explains. “Everyone can picture the ideal—it’s a matter of finding the processes that enable it,” she says. “Using Microsoft Security solutions in our hybrid model empowers us, and there’s no question that this technology brings out more innovation and security in our team.” Bolderman and Marceta point out that finding solutions that work for the company’s maturity level is key to optimal security practices. “Microsoft Sentinel was perfect for us when we approached security as a greenfield opportunity,” says Marceta. “We were able to grow with Microsoft Sentinel, and Microsoft Sentinel grew with us.”
Microsoft technologies have earned the team’s trust. That’s why they’re so key to next steps in the HEINEKEN IT security plan. “I believe in the benefits,” says Popescu. “Because we had the guts to change our model and the way we approach security, we’re seeing present and future benefits.” Next on her agenda: Microsoft Defender for Cloud, for more natively integrated security posture management across cloud workloads. The team’s next step will focus on using those technologies to enhance HEINEKEN’s OT security.
Creating the “magic mix”—team and technology
The HEINEKEN ethos for fairness and inclusion—and the company’s emphasis on innovation—applies not just to the communities it serves around the world but to the teams within. The icing on the cake is that the approach maximizes the inventiveness and resourcefulness of its teams. Women in leadership positions in IT, particularly in security, are still rare. But in the HEINEKEN CDO and indeed within its entire IT department, gender balance is the norm. “I’ve never seen as many women working in IT as I have at HEINEKEN,” says Bolderman. But Popescu is clear that diversity means much more. “Diversity is so much more than gender,” she says. “It’s nationality, it’s personality, culture—and our teams show that. It’s been proven that gender-balanced management teams are good for business, and the respect, the fun, and the balance we provide make HEINEKEN a welcoming company.” Marceta adds, “This environment inspires women as well as men to join, explore what they can do, and achieve. The leadership here works hard to create this environment.”
That mutual trust has paved the way for HEINEKEN’s transition from a fully MSSP model to a hybrid team. “Our team had a clear vision for the agility and empowerment that we wanted from our environment,” says Popescu. “We were able to sell that idea of embracing Microsoft Security because we believe in it, and our management stood behind us all the way.” That small team succeeded in convincing approximately 100 executives of the wisdom of their shared vision. Bolderman kept the human element in mind throughout the process, from presenting the concept all the way through implementation. “The people aspect is crucial,” he says. “When we change procedures and tools, keeping everyone informed and educated is the way to succeed, especially with a rollout as fast as ours was.”
A visionary team and strong leadership were only two parts of a successful project. “Microsoft doesn’t just represent an investment for us,” says Marceta. “It’s a valued relationship because our Microsoft team works with us, incorporating our suggestions and ideas.”
For Popescu, the value of those conversations is tangible. “In keeping with the entrepreneurial spirit rooted in the HEINEKEN DNA, we took a brave step to change our security model,” she observes. “Microsoft has proven its commitment to security through its intense investments in that area, and Microsoft Security solutions were a gift for our cybersecurity team as we created a new approach to agile security.”
Popescu is grateful for the team that has brought so much to a well-loved global brand. “Nobody thinks of HEINEKEN as a cybersecurity leader, of course,” she says. “But that’s how we want to be seen—using the talent in our company to promote HEINEKEN not just as a beer, but as a beautiful product that we protect. We really believe in what we do, and we do it with authenticity and passion.”
Find out more about HEINEKEN on Twitter, Facebook, YouTube, Instagram, and LinkedIn.
“Microsoft doesn’t just represent an investment for us. It’s a valued relationship because our Microsoft team works with us, incorporating our suggestions and ideas.”
Marina Marceta, Security Incident Manager and Chapter Lead Security, HEINEKEN
Follow Microsoft