When Daniel Fabbo took over as the Manager of Security Engineering at Cimpress plc in 2018, he realized his job responsibilities had just grown 10-fold. Cimpress, a multinational organization with over 12,000 employees, is structured as a strategically-focused group with 11 distinct businesses operating underneath its umbrella.
Fabbo, who had spent his last four years as the Senior Lead Information Security Engineer at Vistaprint, a company that operates under Cimpress, found himself with a unique challenge. He was now responsible for managing and securing assets at not just one, but all 11 businesses.
To make things more challenging, Cimpress was highly decentralized. The organization had no interconnected network, but instead chose to leave ownership of the disparate infrastructures to the individual businesses.
In his first two years, Fabbo and his team depended on each individual business having its own up-to-date, accurate asset inventory. It was a process Fabbo described as a “rudimentary asset management system,” where his team had to “jump through hoops to identify if a system is critical or not.” When his team was able to get their hands on the data they needed, it was often error-prone — a direct result of the manual data collection process.
Plagued by data accuracy and collection issues, Fabbo struggled to identify gaps in his Antivirus and EDR coverage. When the security team identified an incident or vulnerability, they found it difficult to locate and then understand the particular asset or assets in question — causing delays to their incident response program.
“It’s extremely hard to find an asset management solution that can cover 11 distinct businesses… especially 12,000 without having an agent installed,” Fabbo explained.
Daniel Fabbo, Manager of Security Engineering, Cimpress