ValueEdge: Value Stream Management
Align corporate investments with business strategy
Continuous quality from requirements to delivery
Scale enterprise SCCM with security and compliance
Resilient AI-powered functional test automation
Enterprise-level requirements management
Deliver continuous application performance testing
Plan, track, orchestrate, and release applications
Govern quality and implement auditable processes
Automate deployments for continuous delivery
Build business applications using new tools & platforms
The leading solution for COBOL application modernization
Modernize mainframe applications for the Cloud
Modernize host application access
Discover the future of CORBA
Modern mainframe application delivery for IBM Z
Secure, zero-footprint access to host applications
Access host data and automate processes with RPA
Multi-factor Authentication for IBM z/OS endpoints
Build secure software fast
Augment human intelligence
Discover, analyze, and protect sensitive data
Drive IT ecosystem with identity-centric expertise
Deliver simplified, secure access to users
Scale to billions of identities with IGA platform
Gain control of privileged user activities
Track changes and activities in managed services
Get fast, accurate detection of threats
Analytics for text, audio, video, and image data
Reduce risk, cost, and maintenance, and T2M
AI and machine learning for data analysis
Enterprise backup/disaster recovery
Unified traditional and mobile device management
Meet regulatory & privacy retention requirements
Email, IM, and chat-based collaboration
Mobile workforce communication & collaboration
Secure critical file storage and print services
Manage IT & non-IT services with automation and AI
Discover, monitor, and remediate with AIOps
Monitor and optimize complex networks
Discover, manage, and map configurations & assets
Accelerate provisioning with governance in place
Automate and orchestrate processes end to end
Manage IT & software assets for better compliance
Automate server provisioning, patching, and compliance
Automate screen-based human actions with robots
All Micro Focus learning in one place
Build the skills to succeed
Streamline software delivery for faster value
ValueEdge: Value Stream Management
Align corporate investments with business strategy
Continuous quality from requirements to delivery
Scale enterprise SCCM with security and compliance
Resilient AI-powered functional test automation
Enterprise-level requirements management
Deliver continuous application performance testing
Plan, track, orchestrate, and release applications
Govern quality and implement auditable processes
Automate deployments for continuous delivery
Access all products in application delivery management
Modernize Core Business Systems to Drive Business Transformation
Build business applications using new tools & platforms
The leading solution for COBOL application modernization
Modernize mainframe applications for the Cloud
Modernize host application access
Discover the future of CORBA
Modern mainframe application delivery for IBM Z
Secure, zero-footprint access to host applications
Access host data and automate processes with RPA
Multi-factor Authentication for IBM z/OS endpoints
Access all products in Application Modernization & Connectivity
Security at the core to everything you do; Operations, Applications, Identity and Data
Build secure software fast
Augment human intelligence
Discover, analyze, and protect sensitive data
Drive IT ecosystem with identity-centric expertise
Deliver simplified, secure access to users
Scale to billions of identities with IGA platform
Gain control of privileged user activities
Track changes and activities in managed services
Get fast, accurate detection of threats
Access all products in CyberRes
Trusted, proven legal, compliance and privacy solutions
Analytics for text, audio, video, and image data
Reduce risk, cost, and maintenance, and T2M
AI and machine learning for data analysis
Enterprise backup/disaster recovery
Unified traditional and mobile device management
Meet regulatory & privacy retention requirements
Email, IM, and chat-based collaboration
Mobile workforce communication & collaboration
Secure critical file storage and print services
Access all products in Information Management and Governance
Simplify Your IT Transformation
Manage IT & non-IT services with automation and AI
Discover, monitor, and remediate with AIOps
Monitor and optimize complex networks
Discover, manage, and map configurations & assets
Accelerate provisioning with governance in place
Automate and orchestrate processes end to end
Manage IT & software assets for better compliance
Automate server provisioning, patching, and compliance
Automate screen-based human actions with robots
Access all products in IT Operations Management
Give your team the power to make your business perform to its fullest
Coca-Cola FEMSA is the largest franchise bottler of Coca-Cola trademark beverages in the world. It operates 67 bottling plants and serves more than 2.8 million points-of-sale through 344 distribution centers. Coca-Cola FEMSA is present in 10 countries.
Industry
Location
Products and Services
Jair García Osorio, Chief Technology Security Officer for Coca-Cola FEMSA, provides some context to the role of the security department: “We are a centralized security division for the whole company, across all locations. Although security has always been important to us, a move towards cloud-hosting our own and our partner’s applications made us much more aware of potential security risks. Once the organization as a whole understood the serious consequences of a security breach with a cloud-hosted application, it became a priority to find a solution that could help us identify any potential application vulnerabilities.”
The team looked for a solution that could support the implementation of a comprehensive set of security guidelines for applications, both Coca-Cola FEMSA’s own and their partners, to adhere to.
Market research showed Micro Focus® Fortify on Demand to be a great option. This application security as a service integrates static, dynamic, and mobile application security testing with continuous application monitoring. Scalable for application growth, Fortify on Demand can be delivered in a flexible cloud or hybrid environment, to align with application demand.
Jair García Osorio comments: “We looked at alternatives but found it a real challenge to find a solution that identifies a wide range of vulnerabilities and makes them visible in an easy-to-action way. Once we saw what Fortify on Demand was capable of, we knew it was the solution for us.”
Fortify on Demand was soon implemented and the security team started scanning all applications using the service. The majority of applications come from vendors, but they all need to adhere to the centrally agreed security criteria before they are allowed within the Coca-Cola FEMSA IT infrastructure. Fortify on Demand provides an easy way to assess new applications within the portfolio to ensure they meet certain security standards before they are implemented in production. Scans are carried out simultaneously, and a straightforward portal interface provides full visibility to the process.
Jair García Osorio explains the day-to-day use of the solution: “The clear reporting within Fortify on Demand enables us to translate technical issues into business ones. Once a vulnerability is identified, there are different ways of fixing it. We can give the vendor a report which explains exactly what code changes need to be made to improve the solution. We have also created fixes for common problems that can be implemented automatically through the use of digital signatures.”
He adds: “Fortify on Demand helps us determine which security methodology to apply when assessing certain applications, depending on how critical they are to the business. The reporting we receive is clear and unbiased. In a single page we have the full status of an application, giving us a detailed and clear analysis of what needs to be done to fix any vulnerabilities. We share the reports with vendors or our own software developers to ensure all applications are meeting our high security standards when they enter our infrastructure.”
Fortify on Demand provides the Coca-Cola FEMSA team with the visibility and insight needed when purchasing applications. It has helped design a comprehensive security strategy to align with the company’s business goals. The security team was able to gain the respect of the whole company, beyond the IT department, by showing the risks and impact that the organization was exposed to and help them understand the importance of IT and application security.
Jair García Osorio says: “We consider Fortify on Demand a key service for our business. It helps us, and the rest of the organization, understand how applications work in the cloud. Thanks to that, we can minimize potential security issues in applications before they are allowed in our environment.”
He concludes: “Fortify on Demand fully supports our SOX-compliance and it enabled us to create clear security guidelines aligning all business areas involved in the introduction of a new application.”
We looked at alternatives but found it a real challenge to find a solution that identifies a wide range of vulnerabilities and makes them visible in an easy-to-action way. Once we saw what Fortify on Demand was capable of, we knew it was the solution for us.
We consider Fortify on Demand a key service for our business. It helps us, and the rest of the organization, understand how applications work in the cloud. Thanks to that, we can minimize potential security issues in applications before they are allowed in our environment.