CEO of Zurich, Switzerland-based high-end software and security engineering firm, AdNovum, Ruedi Wipf, spoke to MIS Asia (April 30, 2012) about his company's plans for expansion in Asia, its most recently completed project-building a web-based logistics system for a client in the business of making cement-and how information security should best be managed by organisations worldwide.
Below is the expurgated transcript of that interview.
MIS Asia: Talk about your business, globally, and how important the different geographies are to you.
Ruedi Wipf: AdNovum is an IT company headquartered in Switzerland. So, historically Europe has a strategic importance for us. Three years ago we decided to start our activities in Asia. We picked Singapore as our starting-point and headquarters for AdNovum Asia as it a very international city with a good infrastructure and high education levels.
Many of our international customers in Europe have operations in Singapore as well. So, it was a natural move for AdNovum to follow the customers to Singapore.
Our clients in the region include the CPF Board, UBS in Hong Kong as well as the Asian Development Bank in Manila.
What plans do you have for those geographies you just mentioned?
We maintain a focus in Singapore but look to seize opportunities in other countries in Asia as well. From the first to the second year of operation we tripled our sales revenue in Asia. For the subsequent years we expect a 2-digit growth rate in Asia, and Singapore.
Tell us more about your key customers in Asia.
Our initial plan was to provide solutions and services to the multinationals from Europe. As it turned out, our list of clients quickly expanded to include a number of local organisations, with the Central Provident Fund in Singapore and Intuition-a local consulting firm and the leading provider of mobile sales solutions-being among them.
With specific reference to Holcim, please elaborate on the challenges you have found to be unique to their business, and how you have gone about overcoming them.
Holcim is the world's leading cement company and we are proud to count them among our key customers. Cement has traditionally been a very local business. So streamlining the processes of different countries in one IT solution was a challenging task. The logistics solution that we developed for Holcim-LOGON Logistics Online-is a fully-automated, web-based solution that provides the company with the ability to integrate its entire cement delivery order-to-cash process from initial customer order to distribution and delivery.
The solution which has been deployed in two countries so far, has enabled Holcim to further strengthen its pole market position through the optimisation of its supply chain, considerable improvements in customer satisfaction, quality of service and cost efficiency. The company is now looking into deploying LOGON into more countries.
What are the most difficult security issues that organisations today have to resolve?
This largely depends on the industry you're in and the regulatory framework that applies to you. In the banking industry for example, the main challenge is to prevent loss of client identifying data while still meeting all regulatory requirements.
Complexity of IT systems is generally increasing. Complexity is the enemy of security. Generally speaking, the challenge is to keep systems secure while at the same time complexity is growing. Cloud computing makes the situation even more challenging for enterprises. The definition of the enterprise perimeter gets very blurry in the Cloud. Organisations must be adequately prepared to the new risks in the Cloud era.
Are there any areas of major security concern that you consider to be of grave importance but that customers often fail to see?
Our customers are generally very security aware and already operate on a high security level. We help them to further improve their protection and processes. Rarely do we detect major security holes the customer has never thought of.
To illustrate, typically, financial institutions we work with already have a robust security infrastructure in place to protect their outgoing channels like e-banking. However with Web 2.0, new threats have popped up that require new protections like a Web Application Firewall.
What is your general advice to organisations operating in a global market that is increasingly riskier and less secure?
IT security is a highly specialised business. My general advice is to get help from external professionals to bring in a fresh point of view and broad experience from real live cases in different IT security relevant fields.
Globally speaking, which industries or sectors have you found to be the most progressive when it comes information security, and which the least?
The necessary security level for a company largely depends on the possible risks that company is facing in case of a security incident. Thus, before investing into security solutions, a company should undertake an IT risk assessment.
Such an assessment answers questions like, What are the digital assets of the company? What data is critical, what data is not? What are the possible damages that the company would face in case of data loss, denial-of-service, or transaction fraud?
With such an IT risk assessment on hand, a company can then define which security systems and processes are appropriate.
Certain governmental agencies and financial institutions typically have large amounts of critical data and would potentially face severe problems in case of security incidents. Therefore governmental agencies and banks are our natural and traditional clients. But other industries like insurance companies are catching up.
Share with us how you came to the CEO's seat at AdNovum and how your engineering background has helped or hindered your development as a business leader.
I've been with AdNovum now for 14 years. I started out with the company as a software engineer, then became project manager and later COO of the then much smaller company. After heading our operation in Hungary for 4 years, I had the opportunity to take the CEO position of the AdNovum group.
The success of AdNovum depends greatly on the quality of our people. The organisation is made up of highly skilled IT architects, security engineers and consultants. While it's important to have good ideas, you also need to back that up with strong engineering skills. So that also answers the question as to whether my engineering background helped or hindered my career.