1

Forbo – Our Business Cloud in the Future

Thomas Zinniker, CIO Forbo Group

17.06.2015

THE FORBO GROUP

2

THE FORBO GROUP

A GLOBAL LEADER IN FLOORING AND MOVEMENT

SYSTEMS

More than 5,100 employees worldwide

International network of 24 production and distribution companies,

6 fabrication centers as well as 42 pure sales organizations

In a total of 36 countries worldwide

CHF 1,226.8 million net sales in 2014

CHF 123.4 million Group profit from continuing operatings

Forbo Holding is listed on the SIX Swiss Exchange

Stable shareholder base – Board of Directors’ stake in Forbo of more

than 30%

Forbo is a leading producer of floor coverings, building and

construction adhesives, as well as power transmission and

conveyor belt technology.

THE FORBO GROUP

A GLOBAL LEADER IN FLOORING AND MOVEMENT

SYSTEMS

3

Flooring Systems

15 MANUFACTURING SITES IN 6 COUNTRIES

LOCAL ENTITIES IN 24 COUNTRIESChâteau-Renault

Reims

France

Assendelft

Coevorden

Krommenie

Netherlands

Kaluga

Russia

Giubiasco

Switzerland

Bamber Bridge

Cortonwood

Kirkcaldy

Ripley

Telford

United Kingdom

Erfurt

Germany

Wormerveer

Netherlands

Stary Oskol

Russia

Floor Coverings

Building and

Construction Adhesives

Sales offices worldwide

4

Movement Systems

9 ROLL PRODUCTION SITES AND 6 FABRICATION CENTERS

IN 9 COUNTRIES - LOCAL ENTITIES IN 29 COUNTRIES

Shanghai

Shenyang

China

Itapevi

Brazil

Lunderskov

Denmark

Garbsen

Hanover

Germany

Fukuroi

Japan

Tlalnepantla

Mexico

Malacky

Slovakia

Wallbach

Switzerland

Charlotte

Huntersville

USA

Roll Production

and Fabrication

Centers

300 sales and service points worldwide

5

Forbo Today

Forbo is very decentralized organized

– Although our core backbone is centralized (ERP, CRM, BI) most of the local sites still operate their

own local infrastructure for Finance, HR, File services, etc.

– 50% of all sites have 20 or less users

– Global, Regional and Local IT needs to work hand in hand - global service production (e.g. Device

Engineering) local service delivery (IMAC)

Security setup

– The current security setup has been designed 10 years ago where a global WAN with single

perimeter was state of the art

– Decentralization is also an advantage, if a file server fails only a fraction of users is affected

– Mobility scenarios are weakening our setup by using not approved 3rd party cloud applications

17.06.2015

Major Challenges

Being in control who does access what

– Through the open setup and the use of cloud services (IaaS, PaaS, SaaS) which might not be

integrated into our AD, an integrated account management is not possible

– If a local user leaves the company we have difficulties to manage all his accounts

Where is our data stored, who is in charge to manage the data

– Local sites setup cloud services and start using it. A formal operation is in many cases not

established.

What are the new disaster scenarios, what are the influencing risks

– What kind of risks are we facing, does the responsible manager

Either we fight each individual solution and try to make it secure, or we are

reconsidering our setup completely.

17.06.2015

6

The Forbo way into the Cloud

For Forbo it’s not a decision yes or no, its only about when and how

What has lead us to the decision

– The cloud is the future, it is the most flexible and cost effective way of operating IT

– A global cloud provider can provide an integrated solution replacing many small and adhoc

solutions built up in the past, and can easily be managed more centrally

This provides us with a couple of solutions for our major challenges

– Offering a well managed cloud to local sites provides them with the flexible solutions they are

looking for, preventing unmanaged “insecure” maverick solutions

– Having the transparency of local solutions allows a seamless integration into the rest of the

infrastructure including mobility scenarios and managed identities

– Small sites are using solely cloud resources (infrastructure less) is more cost effective

We start with Microsoft O365 and Azure

17.06.2015

Overall Architecture with Office 365

17.06.2015

Office 365 Cloud

Exchange(eMail)

Skype for Business(communication)

OneDrive for Business(My Documents)

SharePoint Online(Workflow, Apps)

Yammer(Social)

Azure Cloud

SharePoint “on Premise”(Workflow, Apps)

File Server

Other

On Premise

SharePoint (Complex Workflow, Apps)

File Server

LoB Applications

SAP

CRM

BI

…

Approved Users with

approved Devices

Only within Forbo

Network

Only within

Forbo Network

User / Device

Mgmt

(AD)Synchronized (Azure AD)

Gateway

VPN Connections

Virtual Desktops

BYOD

Microsoft Clouds

Forbo WAN

7

How Secure is the Cloud – A holistic approach is needed

Just looking at the cloud security is not the right way. To get a holistic view we have to ask

ourselves the following questions

- How secure is our LAN? Single Perimeter Security in the WAN!

- How secure are our Data Centers? do

- How secure is our WAN?

- What about our Users?

… and then the cloud

Looking at the security aspect, all infrastructure above is less secure than the one of the

major cloud service providers.

We consider the weakest link overall the User –

this does not change if we use the cloud.

17.06.2015

Enforcing Cloud Security – Get the right support

• Security Statement Office 365 Cloud

Security Analysis of Office 365

Risks of Cloud Services

Information security recommendations

• Policy enhancements & definition of a cloud handling policy

• Support strong user authentication for cloud services (PKI based)

Implementation and configuration of a Utimaco Security Server

We rely on the experience and support of InfoGuard.

17.06.2015

8

There will be a paradigm shift in the future

17.06.2015

From one Forbo WAN…

… to a Site / User centric approach

17.06.2015Meeting SAP, 16.4.2015