AZURE, MARCH 2020
A large FMCG company had their brands and business units operating in a federated manner. While this is not uncommon it has created a scenario where shadow IT was occurring, most especially in the digital space, making GRC and execution against an overall IT strategy impossible. Each brand within the group was running its own digital policies (or none at all!) and operating on whatever platform they wanted. More often than not these decisions were not being made by knowledgeable technical staff but by marketing or digital agencies. This created a significant governance concern and posed a significant IT security risk to the group. This situation came to a head when an external incident caused severe damage to one of the brands. This incident had the potential to damage the main holding company’s brand as well as the financial well-being of the entire group.