There aren’t many residents of Brazil who don’t consume something produced by Grupo Abril during a given week. A privately-held conglomerate founded in 1950 by Victor Civita, Abril is the country’s leading producer of textbooks, and its 300 periodical titles command 54 percent of the national market. Its magazine Veja is Brazil’s most popular and is the world’s best-selling newsweekly outside of the United States.
Abril also operates Brazil’s MTV television station and some of Brazil’s most popular websites. It offers broadband Internet access and has business units devoted to logistics and distribution and printing services. Until a few years ago, each business unit had its own IT staff and infrastructure.
In 1999, Max Thomaz was recruited to lead the IT team for the logistics and distribution business unit. He came to Abril with broad IT leadership experience, with assignments at financial services firm Grupo Safra, market information firm A.C. Nielsen, and telecommunications giant Telebras. His educational background included studies in business and IT at three of the world’s top institutions—Harvard Business School, the University of Navarra’s Graduate Institute of Business Studies in Spain, and Brazil’s Getulio Vargas Foundation.
Breaking down silos
A few years later, Abril’s executive team realized that having 27 separate IT organizations and strategies was hindering growth. “They liked what I had accomplished in the logistics group, so they invited me to develop a new strategy,” Thomaz recalls. “They made me the CIO for all of Grupo Abril in 2003.”
Over the course of the next year, IT employees were gradually moved from the various business units to the central IT group. At the same time, Thomaz and his team were busy developing corporate IT standards, methodologies, and governance models. “It was a tough year,” he admits, “but it was worthwhile to make the transition relatively quickly. It was only possible through the support of executive management.”
As the team consolidated, it began to focus on delivering improved levels of service at reduced cost. Two key strategies were vendor consolidation and outsourcing of functions outside of the group’s core competencies. “Today, about 80 percent of our IT operations are outsourced,” Thomaz reports, “and we have reduced our vendor count from 500 to 10. You can imagine the business value we have achieved from such a change.”
An early priority for the newly-consolidated team was endpoint management. “Each business unit had its own policies and procedures for everything from lifecycle management to software deployment, and each maintained its own inventories,” Thomaz says. “As a result, it was very important to gain a corporate view of everything we had, and to begin the process of standardization.”
Abril began implementing Symantec endpoint management technologies in 2004. Over time, Thomaz and his team rolled out multiple functionalities in Altiris Client Management Suite, Altiris Server Management Suite, and Altiris Service & Asset Management Suite. “The Altiris platform has helped us to efficiently manage and track our IT assets,” Thomaz explains. “It is a real benefit that everything from deployment to patch management to asset management can be managed from a single console.”
One big project was to import legacy information from all business units into the Configuration Management Database (CMDB) in Altiris Service & Asset Management Suite. “It took some time, and there were some who resisted providing the information,” Thomaz says. “But it was well worth it. Today, a typical change to either clients or servers takes 25 percent the staff time that it previously required.”
Focusing on security
Security was always a priority for Abril, but Thomaz saw the need to form a group exclusively dedicated to security in 2008. “We made an overseas acquisition, and it seemed important to have a group devoted to security as our operations became more international,” Thomaz explains. “Today we have 10 people in the group.”
The new team began analyzing Abril’s security posture and developing a strategic plan. Symantec Endpoint Protection was already Abril’s standard for endpoint security, so the team invited Symantec engineers to conduct a risk assessment.
The Symantec team presented its findings to Thomaz and the security team in April 2009. “They identified several areas of concern and showed us how we could address those issues while continuing to reduce cost and complexity,” Thomaz says. “We were excited to see how the proposed Symantec solutions would work together with our existing Symantec portfolio.”
Abril purchased a number of Symantec security solutions in November 2009 and began the deployment process with the help of Symantec Consulting Services early in 2010.
Getting a consolidated view
Symantec Security Information Manager will be the nerve center of Abril’s consolidated security infrastructure. The solution will collect and correlate log and event data from across the company’s hardware and software infrastructure, enabling centralized reporting and customized alerts of events requiring the attention of security staff.
“Symantec Consulting Services is developing custom data collectors for some of our infrastructure,” Thomaz explains. “Once those are complete, we will have a single view of what is happening from a security perspective, and the ability to easily produce reports and analysis. This is very important to us.”
Symantec Data Loss Prevention will address one of Abril’s most pressing security needs. “Our systems contain the credit card information of millions of subscribers, and of course the HR information of our employees,” Thomaz notes. “We needed to bolster the protection of data in motion.”
Abril will initially use Symantec Data Loss Prevention to monitor the movement of sensitive data to identify gaps in policy, enforcement, and user education. Users who violate policies will receive an email advising of best practices for protecting sensitive data. Later, the team will automate enforcement of security policies and prevent sensitive data from being sent to unauthorized parties.
Rounding out a comprehensive solution
Laptops used by executives and other mobile employees will be protected with Symantec Endpoint Encryption, and Symantec Backup Exec System Recovery Desktop Edition will perform regular backups on these devices.
In addition, the team is using a Symantec Brightmail Gateway appliance to filter spam and scan incoming and outgoing messages for viruses and other malware. “Ninety percent of our incoming email is spam, and our research indicates that the Symantec solution will be more effective at filtering spam than our current solution, with fewer false positives,” Thomaz says.
Abril also opted to upgrade to Symantec Business Critical Services, Symantec’s premium level of technical support, which features industry-leading response levels, onsite and remote services, and a proactive, single point of contact for all of Abril’s service needs.
A relationship of trust
The past seven years have been eventful for Thomaz and his team. “Consolidation is a difficult process, as it involves many personalities and many corporate cultures,” he says. “I have to give a lot of credit to my team, as they had to have not only technical skills, but also people skills, to make these changes happen.
“Symantec also played a big role in helping us meet our business requirements,” Thomaz asserts. “They offer a mature, comprehensive solution that helps us meet our goals in vendor consolidation. But more than that, they are professionals. They are very well prepared for every meeting and are ready to address our unique needs. Our relationship with Symantec is very strong.”
Mark L.S. Mullins is a managing editor of CIO Digest and The Confident SMB and senior manager of Symantec’s Global Reference Program team.