A CIO with a difference 

New Delhi: Paul Schwefer, CIO of Continental AG, the 13.8 billion Euro German automotive supplier is a CIO with a difference. While most CIOs see IT as a service and IT department as an enabler in an enterprise, Paul works like an entrepreneur and likes to be convinced about business benefits before providing IT solution to any department in Continental. 

"As a CIO it is not my duty to do what others want me to do, I am not a service provider, I work more as an entrepreneur. If someone comes to me asking for IT applications, my competence lies in deciding whether it is actually required or not and what benefit would it deliver."

As a champion of change, Paul is regarded as an opinion leader with regard to IT's rightful place in the context of business. According to him, IT has changed its role from a technology fulfillment function to a core business driver and CIOs need to reposition themselves to provide strategic direction and enable business functions to become more effective, efficient and value driven. Talking about the role of information security at Continental, Paul said, "We have a CSO who takes care of all security issues. We lay a lot of stress on transparency, because if there are islands and gaps then security is sure to be hit. We have standardized the technology platform, processes and have taken measures to keep security on a very high level. Standardization has helped us in a big way to improve upon security at Continental."

'You are as secure as your weakest link,' goes the famous saying and Paul agrees to it completely. "We have identified all the weak points and keep doing assessments to find out our weak points and safeguard them by using products and processes. Mostly we use proprietary tools, however, in some areas we prefer using legacy tools, because hackers have complete access to proprietary tools they can be easily hacked."

"As long as nothing happens you have done everything right but as soon as something goes wrong, people feel nothing was done right. We were hit one time in the last 5 years, when a virus came through machines, we are working on this aspect of security breach also, as most of the machines now a days connect to the external networks and are prone to security breach. We have taken stringent measures and since past three years nothing has happened."

Realizing the criticality of information security in enterprises, Continental follows security best practices.

"The process starts when someone joins the company. New joinees are given a full overview of all policies and is required to sign documents promising that he would adhere to them, as whatever said and done, security depends on individual behavior." -Paul Schwefer

Elaborating on how Continental employees are educated about security policies and initiatives, Paul said "The process starts when someone joins the company. New joinees are given a full overview of all policies and is required to sign documents promising that he would adhere to them, as whatever said and done, security depends on individual behavior. Also, on our website's homepage we have a lot of information about IT security; we post early warnings on the website such that all employees are informed. Because of many such initiatives, Continental is geared up to get the whole environment cleaned in case of a virus attack within 24 hrs, worldwide. It's like pressing a panic button and the entire system is taken care of."

Paul feels that in any enterprise the most important security threat is internal, as at any point in time there could be someone from inside who can pass on important information about data, innovations etc. Not elaborating on this, Paul informed, "we have very strong processes to control this."