Neue Zürcher Zeitung Media Group
Solving the security challenge of digital transformation for one of the most prestigious German-Swiss media groups
First published in 1780, NZZ is one of the oldest and most respected media groups in Europe, delivering high-quality journalism to 187,000+ subscribers via newspapers, journals and magazines, digital media, TV as well as events and services. As consumers continue to shift media consumption from traditional to digital, the media group has to keep up - a huge undertaking for the security team was to secure their expanding external perimeter and digital transformation.
Industry: Media Products: Outscan, Appsec Scale
Digitizing the 240-year old newspaper for growth
The market has changed a lot since newspapers were first printed in the 16th century. Printed media is now being used in a different way; digital forms of media have taken over and have become an important way to reach new audiences, especially younger ones. The Board recognized this change some years ago and to grow their subscriber base they would need to transform from when they were founded 240 years ago to 2020 and beyond. With digital being the main driving force for their growth success and to drive sustainable profitability, which is re-enforced with an even stronger security infrastructure and posture.
As the Head of Web Services and Internet Security, building and securing a safe digital media operation for the newspaper and delivering secure information to their customers is Erich Giesinger’s top priority, he explains,“we have grown to 187,000 subscribers in 2020 and that needs to increase to 200,000 by the end of next year and 400,000 by 2030, doubling our subscribers base over a 10-year period. We must turn a digital corner and security is paramount for our customers to support business growth.”
Online media frequently targeted by bots and malware
Erich and his team are responsible for the complete website and security infrastructure including ensuring firewalls and proxies are in place for full web infrastructure security protection for NZZ and its joint ventures with a combined revenue of over €350 million.
With a large amount of critical assets exposed to the internet, NZZ needed an advanced network security tool to protect their assets 24/7 and secure the highly dynamic media operation without slowing down new releases to the websites. They used a pen test partner before Outpost24 and it wasn’t sufficient to protect their external networks and web applications on a continuous basis, as the testing frequency cannot keep up with their release cadence for the dynamic online media outlets, so NZZ needed a solution that could work ‘with’ rather than ‘against’ their fast development cycles.
After a thorough vendor selection process NZZ chose Outpost24’s network security scanner Outscan and dynamic application security (DAST) scanner Scale for its ease of integration and expansive security coverage. The automated scanning solutions allow the NZZ team to carry out vulnerability assessment and regular releases with the backing of evidence-based security insights.
NZZ benefits from automated scanning that continually checks for known vulnerabilities, with minimal impact to production. They can be confident that any critical issues discovered are flagged immediately for remediation, which is important for a media business delivering highly dynamic content in real-time. This removes the security bottleneck and ensures the security team is able to take a proactive approach to vulnerability management without getting in the way of development, which is essential for ensuring their online audiences receive the best experience at all times.
Erich comments, “The Outpost24 platform saves us time. The alerting feature means I can investigate any issues when notified, which is set up to match our business parameters and filter out irrelevant findings that clog up my inbox, helping my small team with multiple responsibilities to better collaborate with DevOps and prioritize vulnerabilities more coherently”.
Reporting and workflow efficiency are key to driving collaborations
The reporting function is vital for Erich and his team, as it enables them to quickly draw conclusions from the data and take the right actions in a guided approach. The report groups critical vulnerabilities by OS, server or port so they can quickly identify what needs to be fixed and where their biggest risks are. NZZ understands that keeping on top of every vulnerability is not possible, so Erich relies on Outpost24’s advanced reporting data to make smarter and faster decisions on remediation priorities to optimize resources and deliver a return on investment.
Effective remediation and reporting go hand in hand, and without the solution-based reports the team would have to spend hours looking through the data themselves. Erich continues “the information is easy to understand and is presented in a way that’s suitable for technical engineers as well as managers in a business context. It’s a real benefit being able to share the information with my colleagues across the business in pdf and csv which is very effective for our own reporting.”
The Outpost24 platform has been integrated and embedded into their security workflow over the past three years and Erich has seen huge benefits including time saved and improved understanding of vulnerabilities effecting his business with the support of the technology and customer success.
He explains, "Automation is king and Outpost24 engineers are extremely helpful in providing the right guidance and tips when we need it most. Having direct access to the Outpost24 support team is an invaluable tool for us, whether we have a platform or app question – they are able to provide the trusted answer at the right time.”