Introduction
Lavazza Group: a global coffee company with a security-focused vision.
Headquartered in Italy, Lavazza Group is a renowned coffee company that has made its mark in over 140 markets worldwide. With eight production plants and a dedicated team of more than 5,500 employees worldwide, Lavazza Group has firmly established itself as an industry leader, generating a revenue of €3.1 billion in 2023.
Operating across diverse business sectors, their global reach is a testament to nearly 130 years of continuous growth. This impressive growth has been fueled by a dedication to research and innovation. Today, Lavazza Group proudly produces more than 30 billion cups of coffee annually, equivalent to around 82 million cups per day, cementing its place as an extraordinary success story.
Situation
Confronting increased and challenging cybersecurity risk.
Amidst the backdrop of global uncertainties, the imperative for robust security solutions has never been more critical. Economic challenges demand that businesses not only adapt, but also safeguard their operations and data against evolving threats.
Lavazza Group, like many other large organisations, faced an ever-growing challenge in the realm of cybersecurity. As the number and sophistication of threats continue to rise, coupled with the client’s expanding global presence and limited cybersecurity resources, the company was finding it increasingly challenging to respond to incidents promptly. Recognising the need for a more effective approach to prioritising alerts, Lavazza Group sought a solution.
In an effort to address these concerns, the client invested in Microsoft 365 E5 licences, which provided access to a wide range of security solutions.
However, the organisation had yet to fully implement, integrate and configure these licenses to harness the maximum protection offered by the technology. Recognising that simply acquiring this technology was insufficient for achieving robust security, Lavazza Group sought assistance from PwC Italy, supported by an international network, to fully harness the potential of their existing software.
Additionally, while some of the features provided by Microsoft’s solution offered new capabilities, there was also an overlap with Lavazza Group’s existing security software. This presented an opportunity for the client to simplify and optimize the IT environment.
With this in mind, Lavazza Group set out to centralise and strengthen the company’s incident management to provide enhanced protection for the organisation and its sensitive data.
Solution
Pinpointing a golden opportunity
The client selected PwC because of our strong technical experience, strategic partnership with Microsoft and PwC Italy's deep understanding of Lavazza Group’s business needs. Our robust local knowledge and proven collaboration set us apart when pitching an exceptional level of service to Lavazza Group.
The programme is set to run for five years – including a three-year implementation period and two years of PwC Italy providing maintenance and monitoring. Our first step was a portfolio rationalisation assessment, which revealed that 18 of Lavazza Group’s 25 security requirements could be met using the company’s existing security solutions. This approach helped the client by minimising the need to purchase new solutions. Additionally, it enabled the organisation to streamline their IT environment by replacing other third-party security tools.
PwC Italy also redesigned Lavazza Group’s security operations centre (SOC) team, carefully reviewing the integration with the ticketing systems and adding L1, L2 and L3 ownership. We also developed an incident response playbook that provides standard, formal policies and procedures for prioritising and reacting to different types of alerts.
Business
Faster responses to security threats
After implementing the recommendations from PwC Italy’s assessment, Lavazza Group achieved remarkable progress in less than six months. They also experienced faster responses to security threats and substantial cost savings. This means they can now manage a higher number of security incidents, demonstrating that they are much more efficient in addressing security issues and can swiftly respond to potential threats. They have not only improved their cybersecurity but also optimized their spend to get the best results.
Experience
Embracing a more proactive approach
Working closely with the client, PwC Italy used the Microsoft Security E5 solutions to automate responses to various risks. For example, if a Lavazza Group employee accidentally clicks on a phishing link in an email, an incident is automatically triggered and the employee is blocked for a certain period of time until it’s safe to access again. Additionally, if the client identifies a strong likelihood of ransomware activity on a specific endpoint, then the affected device is isolated to prevent further spread and mitigate potential damages, giving the security team more time to act.
Intelligent use of automation means that Lavazza Group can respond to alerts in seconds or minutes instead of hours. Rather than focusing on responding to alerts that come in, the organisation is able to take a more proactive approach to security.
Technology
Transforming the security systems landscape
This was the most important cybersecurity programme that Lavazza Group has ever performed. It involved a full implementation, configuration and fine-tuning of the whole Microsoft 365 E5 Security suite.
We also replaced the client’s existing mobile device management software with Microsoft Intune, which now manages thousands of endpoints. Our approach followed the tried-and-tested PwC Cloud Transformation Framework together with Microsoft’s Cloud Adoption Framework in three main areas of work.
The implementation, adoption, governance and maintenance of cybersecurity technologies for identity and access management (IAM), privileged access management (PAM) and endpoint detection and response (EDR) using our PwC reference architecture;
awareness, management and control of the implemented measures;
overall programme governance.
Result
Enjoying the taste of success
Lavazza Group’s commitment to proactive cybersecurity assessment and adaptation has been instrumental in their journey. By successfully leveraging existing technologies and streamlining the system’s landscape, PwC Italy has helped Lavazza Group tighten its security globally. Meanwhile, automation has emerged as a game-changer for the client, enabling them to accelerate their threat detection and response capabilities.
By streamlining their software licenses, the client has not only improved their cybersecurity but optimized their IT environment, this has enabled them to allocate resources more efficiently. Lavazza Group’s ability to streamline while enhancing their cybersecurity posture is a testament to their strategic vision and commitment to excellence.
Lavazza Group’s journey exemplifies the power of proactive assessment, adaptation and consistent improvement. Their commitment to change and implementation of recommendations created a more efficient and effective operational landscape.
At Lavazza Group, we believe in the value of excellence. We believe in technology as a tool and in innovation for the service of people. We believe in progress that safeguards our digital landscape while empowering those who rely on it. PwC is supporting us in this key project in a way that went beyond our expectations.
Fabio Piredda
IT Infrastructure & Security Senior Manager at Lavazza Group
Lavazza Group demonstrated a visionair approach to cybersecurity and anticipated several topics that are becoming a must-have in the cyberspace. We are proud to work with them in this extremely challenging and engaging opportunity.
Giuseppe D'Agostino
Partner Cybersecurity & Resilience at PwC Italy
