Dashboard solutions from admins for admins: Dr. Oetker is continuously increasing the security of its IT infrastructure with Azure and Power BI

The challenge: IT indicators for security and compliance issues spread across multiple platforms

Cybercriminality is steadily on the rise. In 2022, 84 percent of all companies in Germany fell victim to industrial espionage, sabotage, or data theft. For the affected companies, successful hacker attacks often mean losses in the billions, stolen trade secrets, extortion through ransomware, and damage to their reputation. At Dr. August Oetker Nahrungsmittel KG, the global IT organization’s compliance and security guidelines provide a high level of IT security. “We have around 40 country organizations, and the local administrators have to ensure that devices have the latest updates, are centrally managed, or have fully installed and up-to-date antivirus software,” says Maik Wegnar, IT Senior Professional Infrastructure at Dr. August Oetker Nahrungsmittel KG. “The same standards need to be applied everywhere. As a company, we are always only as strong as the weakest link in the chain.”

In the past, when local administrators wanted to gain an overview of the status of the IT landscape, they had to pull the required data and information from five or six systems—including the endpoint security solution, software deployments, Azure Active Directory, an encryption system for devices, and Microsoft Intune—and correctly interpret the figures. Only then did they know, for instance, whether or not all devices had been furnished with a functioning virus scanner. This ate up a lot of time and staff capacity—not just for the local IT organizations, but for global IT, too. “If, say, operating systems weren’t updated on time, we’d send email reminders,” says Sebastian Fingberg, Lead Architect Digital Workplace at Dr. August Oetker Nahrungsmittel KG. “With 40 country organizations, this took around two weeks to complete—and that was just for one area of our compliance guidelines.”

The goal became to minimize this effort: “We wanted a platform that would let us see at a glance which systems and devices met our guidelines and which ones didn’t—presented in a way that was easily understandable and organized according to target groups. It should evaluate the data using KPIs and provide clear instructions for how to proceed,” says Christian Plitt, Strategic Lead Infrastructure & Workplace Solutions at Dr. August Oetker Nahrungsmittel KG. They were keen to give the local IT departments a tool that reduces complexity, makes data transparent, and thus frees up time for activities that add value. “But the aim was not just to support local IT by making it easier for them to keep their environment up to date and therefore secure. We also wanted our global IT organization to have simpler ways of monitoring and reporting on the status of our company-wide security levels,” Fingberg says.

The solution: Uniform Power BI dashboards provide a user-friendly overview of all security-relevant KPIs

The first step toward the new solution was an Excel spreadsheet that was published once a month with an overview of the security-relevant KPIs of all locations. The project team soon received numerous inquiries and ideas from the admin community, and the solution steadily developed from there. Today, the company relies on the Microsoft Intelligent Data Platform. This uses a number of interfaces to send data hourly from the back-end systems to an SQL database where, using Power BI, it is analyzed and visualized in various dashboards. Once a week, the data is archived in anonymous form, thus also facilitating an overview of the historical development in the individual areas. “The dashboards differ according to use case and target group. They offer filtering options from the country and location level down to individual operating systems and their versions,” Wegnar says. “Once a month, the reports are distributed to all admins through the ticket system. This lets us ensure that everyone has actively called up the reports at least once.”

When it comes to compliance and security, Dr. Oetker team’s main tool is the infrastructure cockpit based on Power BI. “If a device hadn’t been turned on for a longer period or if the antivirus software is outdated and the device thus no longer complies with our guidelines, that device automatically shows up in our compliance report,” Fingberg says. “The local admins immediately see all information about the device and why it’s no longer compliant. They can also see how long the device has been listed in the report as well as the deadline for resolving the vulnerability. This time frame varies depending on how urgent the issue is. As a result, potential security risks are recorded and resolved more quickly. If an admin doesn’t respond on time, the device is automatically wiped for security reasons. Administrators may then have to set up the device again completely from scratch, which takes considerably more time than updating or processing.”

The security overview merges data from different areas, such as devices, users, and security solutions, and aggregates it to form an overall KPI. Factors such as outdated or unpatched operating systems, deactivated or orphaned accounts, and outdated virus scanners directly impact the KPIs. To obtain the best possible figure, all areas have to be continuously monitored and kept up to date. “With two or three clicks, the administrators get a detailed list of their IT vulnerabilities and a checklist for addressing them—all visible at a glance,” Wegnar says. “This is far more efficient than it used to be and saves an enormous amount of time. What’s more, we’re continuously adding additional factors to the security KPIs so we can make a lasting improvement to security at Dr. Oetker,” Plitt says.

More efficient license management and faster rollouts thanks to increased transparency

Using the insights from the dashboards, Dr. Oetker can now also optimize its license management. “The overviews in the dashboards identify accounts that were set up but never used, or that have expired and not been deleted,” Wegnar says. “This helps us reduce the number of legacy and orphaned accounts, achieve significant savings on license costs, and satisfy the compliance requirements of the General Data Protection Regulation.”

The dashboards also generate added value for IT projects: “For example, we prepared a report for a Windows 11 readiness check in preparation for rollout. For each country organization, the report shows which devices meet the hardware requirements of the new operating system and which ones don’t,” Fingberg says. “It also complements the technical device data with information from the manufacturers’ clouds, such as shipment date and warranty status.” This simplifies and optimizes annual cost and investment planning.