Time pressure & outsourcing

How the CISO from STERNAUTO was able to secure the go-live of a new IT organization with ProSec

How do you manage to secure a project reliably under enormous time pressure and an outsourcing rate of over 80% so as not to endanger the parent company?

These were the questions that brought the then CISO & Head of Digitalization at STERNAUTO, Christoph Ludwig, to us at the beginning of our collaboration. In his success story we show how, with our support, he was not only able to stick to the tight time frame, but also gain control over the safety and quality of external service providers. The IT security thinking from day 1 of the project paid off both for Mr. Ludwig's professional development and for the stability and economic success of STERNAUTO.

Table of Contents

STERNAUTO Group

The STERNAUTO Group stands out in the German automotive industry with 23 locations and a team of over 1.500 employees. As an important player in LSH Auto's global network, the STERNAUTO Group offers a diverse range of premium brands such as Mercedes-Benz, smart, BYD, Grenadier, FUSO, HYMER and Silence. Across its entire network, the group stands for excellence in automotive and customer satisfaction.

Christopher Ludwig
CISO & Head of Digitalization

Christoph Ludwig contacted us as CISO & Head of Digitalization at STERNAUTO. His pursuit of calculable security follows an inner drive that is not satisfied with certificates or superficial tests.

The challenges

My professional journey at STERNAUTO began in the middle of the Greenfield setup of an IT organization in connection with starting a new company.

 

The expectations of me as CISO & Head of Digitalization were clear: the go-live should happen in one go within a very tight time frame. This was both for economic reasons and because of the public interest of great importance.

In addition to the time pressure, I was confronted with a variety of challenges: the management of external service providers and consulting companies was difficult Outsourcing rate of 80 to 90% extremely complex. This put enormous pressure on the efficiency and security of our infrastructure. I had to ensure that all service providers met the company's high security standards - and not just on paper. At the same time, I soon discovered that internally, due to the structure unclear distribution of roles and responsibilities Template. In addition, for competitive reasons, the integration had to be prepared without direct communication with future employees.

Above these tasks and the tight schedule, there was a central mission for me: I had to ensure the security of the parent company throughout the entire integration project. For this, constant risk and compromise management was essential.

For me personally, this project was an opportunity to demonstrate my skills and determination at STERNAUTO. Successful completion not only meant a win for STERNAUTO, but also for me personally and my position in the company.

Our solutions

It quickly became clear to me that I wanted one trustworthy partner with extremely high technical and strategic competence in IT security to successfully navigate STERNAUTO through these challenges. I found this partner in ProSec.

ProSec responded to the time pressure and the indispensable protection of the parent company with the Focus on actual risks (and not in hypothetical ones). She asked one interactive testing process ready, which made risk management tradable for me. My partners at ProSec supported me in managing the numerous external parties detailed discussions with IT service providers. They ensured a high level of transparency in every project phase promoted the acceptance of important sub-projects in the sense of IT security.

For me, ProSec became a kind of secret weapon in ensuring security standards: “If that doesn’t work, we’ll turn on ProSec!” became an appeal that gave us control over the quality of our suppliers' work. The specialists at ProSec did not simply follow a set process throughout the entire project, but rather contributed as real partners with a real understanding of our specific situation, pragmatism and solution orientation.

The result

Thanks to the support of the specialists at ProSec, I was able to include IT security topics in the construction and integration of the new infrastructure from day 1, thereby ensuring a high security standard for STERNAUTO.

Through close collaboration with ProSec and all stakeholders, we managed to complete the implementation efficiently and with minimized risk within the set time frame. My partners at ProSec gave me a personal feeling of security and control over the situation, which was confirmed by the successful completion.

STERNAUTO also won financially by stringently ensuring quality standards: The successful go-live event secured and expanded the company's position within the LSH Group.

Bonus

During this first project with ProSec, I not only gained through the successful completion of the project, but at the same time I also found an absolutely trustworthy and reliable partner for long-term cooperation.

After the go-live phase, STERNAUTO integrated other companies such as Russ & Janot and Sternagel. Thanks to the support of ProSec, these were always able to be integrated securely and smoothly into our existing IT framework.

Over time, ProSec supported us in addition to supporting and securing projects through regular pentesting and IT security consulting.

My conclusion from our long-standing collaboration: When ProSec is on board, I can sleep peacefully at night.

Start your own success story!
What are your challenges in expanding your IT security?
Schedule a Personal Consultation
More success stories
Raise OT security to IT level

Most manufacturing companies will be familiar with this problem: OT is nowhere near as easy to optimize as IT when it comes to IT security.

Table of Contents