Case Study

Coca-Cola FEMSA Fortify on Demand helps minimize security issues through a comprehensive assessment process providing full visibility and control.

Overview own and our partner’s applications made us Coca-Cola FEMSA is the largest franchise much more aware of potential security risks. bottler of Coca-Cola trademark beverages Once the organization as a whole understood in the world. It operates 67 bottling plants the serious consequences of a security and serves more than 2.8 million points- breach with a cloud-hosted application, of-sale through 344 distribution centers. it became a priority to find a solution Coca-Cola FEMSA is present in 10 countries. that could help us identify any potential application vulnerabilities.” Challenge At a Glance Jair García Osorio, Chief Technology Security The team looked for a solution that Officer for Coca-Cola FEMSA, provides some could support the implementation of a Industry context to the role of the security department: comprehensive set of security guidelines for Manufacturing applications, both Coca-Cola FEMSA’s own “We are a centralized security division for Location the whole company, across all locations. and their partners, to adhere to. Although security has always been important to us, a move towards cloud-hosting our Solution Challenge Market research showed Micro Focus A move to hosting applications in the cloud Fortify on Demand to be a great option. prompted the need for more structured This application security as a service application security to identify vulnerabilities “We looked at alternatives but integrates static, dynamic, and mobile before they cause issues found it a real challenge to find application security test­ing with continuous Products and Services a solution that identifies a wide application monitoring. Scalable for application range of vulnerabilities and makes growth, Fortify on De­mand can be delivered Micro Focus Fortify on Demand them visible in an easy-to-action in a flexible cloud or hybrid environment, Critical Success Factors to align with application demand. way. Once we saw what Fortify on • Full SOX-compliance with clear visibility and Demand was capable of, we knew reporting Jair García Osorio comments: “We looked at it was the solution for us.” • Comprehensive security strategy aligned with alternatives but found it a real challenge to company goals find a solution that identifies a wide range of Jair García Osorio • Easy process to assess the security of new Chief Technology Security Officer vulnerabilities and makes them visible in an applications for the environment Coca-Cola FEMSA easy-to-action way. Once we saw what Fortify “We consider Fortify on Demand a key service for our business. It helps us, and the rest of the organization, understand how applications work in the cloud. Thanks to that, we can minimize potential security issues in applications before they are allowed in our environment.” Contact us at CyberRes.com Jair García Osorio Like what you read? Share it. Chief Technology Security Officer Coca-Cola FEMSA

on Demand was capable of, we knew it was and unbiased. In a single page we have the solution for us.” the full status of an application, giving us a detailed and clear analysis of what needs to Fortify on Demand was soon implemented be done to fix any vulnerabilities. We share and the security team started scanning all the reports with vendors or our own software applications using the service. The majority developers to ensure all applications are of applications come from vendors, but they meeting our high security standards when all need to adhere to the centrally agreed they enter our infrastructure.” security criteria before they are allowed within the Coca-Cola FEMSA IT infrastructure. Results Fortify on Demand provides an easy way to Fortify on Demand provides the Coca-Cola assess new applications within the portfolio to FEMSA team with the visibility and insight ensure they meet certain security standards needed when purchasing applications. It has before they are implemented in production. helped design a comprehensive security Scans are carried out simultaneously, and a strategy to align with the company’s business straightforward portal interface provides full goals. The security team was able to gain the visibility to the process. respect of the whole company, beyond the IT department, by showing the risks and impact Jair García Osorio explains the day-to-day that the organization was exposed to and use of the solution: “The clear reporting help them understand the importance of within Fortify on Demand enables us to IT and application security. translate technical issues into business ones. Once a vulnerability is identified, there are Jair García Osorio says: “We consider Fortify different ways of fixing it. We can give the on Demand a key service for our business. vendor a report which explains exactly It helps us, and the rest of the organization, what code changes need to be made to understand how applications work in the improve the solution. We have also created cloud. Thanks to that, we can minimize fixes for common problems that can be potential security issues in applications implemented automatically through the before they are allowed in our environment.” use of digital signatures.” He concludes: “Fortify on Demand fully He adds: “Fortify on Demand helps us supports our SOX-compliance and it enabled determine which security methodology to us to create clear security guidelines aligning apply when assessing certain applications, all business areas involved in the introduction depending on how critical they are to the of a new application.” business. The reporting we receive is clear

768-000005-001 | M | 06/21 | © 2021 Micro Focus or one of its affiliates. Micro Focus and the Micro Focus logo, among others, are trademarks or registered trademarks of Micro Focus or its subsidiaries or affiliated companies in the United Kingdom, and other countries. All other marks are the property of their respective owners.