Steve Lorimer
Group Privacy & Information Security Officer
In an era of escalating cyber threats and expanding attack surfaces, large enterprises face significant challenges in securing their digital assets. Hexagon, the global leader in digital reality solutions, combining sensor, software and autonomous technologies, offers a compelling case study to address these challenges.
Hexagon operates in more than 50 countries with approximately 24,500 employees, specialising in creating precision sensor and software technologies to support customers managing vast amounts of data in our interconnected world.
Supporting customers worldwide, the business-to-business tech leader requires a robust security strategy to protect against cyber threats.
A large enterprise's objectives for security
At the helm of Hexagon's information security efforts is Steve Lorimer, the Group Privacy and Information Security Officer. With nearly 23 years of experience within Hexagon and its subsidiaries, Steve brings a comprehensive understanding of the company's operations.
"I joined as a software engineer, and through a number of different roles, I experienced a comprehensive understanding of how the business operates and customers operate globally," says Steve.
Steve is responsible for deploying all of Hexagon's information security solutions across the company’s five business units. His role extends beyond internal security, collaborating with product teams to ensure Hexagon's products are built with security and privacy in mind.
Hexagon's security habitat
When Steve assumed his role in 2018, it marked the first time Hexagon had a global security officer at the corporate level. He describes the situation as "almost a greenfield opportunity,” presenting both challenges and opportunities.
Under Steve’s leadership, Hexagon transitioned from a decentralised security model to a fully centralised one. This shift was driven by the need for consistency and efficiency across the rapidly growing company.
"As an example, we were at a point where we had seven different EDR or antivirus solutions in play,” Steve explains. “Building consistency across those solutions is very complex and it becomes very difficult to provide assurance that the control set is robust."
Partnering for a full spectrum of security
Hexagon's security success is partly due to strategic partnerships with both large-tech giants and smaller, specialised firms. The company has implemented a rigorous approach to vendor selection, especially for critical services.
"We ran a large RFI-RFP process to narrow the huge vendor landscape to focus on the organisations that could meet our essential needs," Steve explains. Following that, we entered into extensive discussions with select vendors to ensure that they could deliver the necessary quality of services at a scale to meet Hexagon needs.
One crucial partnership is with eSentire, which provides Hexagon with a managed Security Operations Centre (SOC) service. This partnership ensures 24/7 monitoring of Hexagon's systems and networks, enabling rapid detection and response to potential security incidents.
Keeping safe in a growth-filled future
As a fast-growing company, Hexagon faces ongoing challenges, including an ever-changing compliance landscape and the need to continually enhance its security posture.
The company is working on projects to increase protection of cloud infrastructure, improving attack surface management operations as well as standardising network and endpoint management across the organisation.
AI is playing an increasingly significant role in Hexagon's security strategy. Steve anticipates that AI will be particularly useful in combating sophisticated social engineering attempts, such as deep fake videos and voice simulations used in fraud attempts.
"We've got technologies like Microsoft Security Copilot which we're starting to use to speed up the incident response process. It can provide significant insights in understanding the evolution of an incident much faster. It also provides clear benefits to reduce the workload of Security Analysts when generating incident reports This continual evolution will help us to defend quicker, respond faster and resolve incidents in a more timely manner."
Securing the gains of tomorrow, today
Hexagon's approach to security, under Steve’s guidance, offers valuable insights for other large enterprises grappling with cybersecurity challenges.
By centralising operations, carefully selecting partners and embracing emerging technologies like AI, Hexagon has built a strong security foundation to support its high-growth ambitions.
"For me, the most important factors within security are to make sure that you are aligned to the business, and you are supporting the organisation's overall strategic success,” says Steve.
In an era where digital innovation and security are increasingly intertwined, Hexagon stands as a testament to how companies can successfully balance these crucial aspects.
Read the full report HERE
**************
Make sure you check out the latest edition of Mining Digital and also sign up to our global conference series - Manufacturing LIVE 2024
**************
Mining Digital is a BizClik brand
Featured Interviews
I’m quite proud that, even without a technical background, I’ve managed to acquire sufficient technical acumen at a managerial level to make informed decisions about innovative technologies.