Campari Group blends equal parts protection, creativity, and employee awareness for the perfect security recipe

Securing Campari Group with the power and passion of the Camparista

The Campari Group’s motto is “Toasting life together.” Invented in 1860 in Milan, Italy, the red-tinged apéritif soon became synonymous with the ritual of the apéritif in the city—a ritual that it helped expand and spread around the world.

The same dedication to the sophisticated creativity that typifies Campari’s iconic advertising images translates to strong team spirit and a willingness to go the extra mile for the company. When Campari Group intensified its digital transformation following a 2020 ransomware attack and implemented Microsoft Security solutions, the IT team emphasized security principles for every person and every device. The company’s 4,000 employees—its Camparistas—were all in with passion and pragmatism. Their shared commitment to cybersecurity and a seamlessly connected Microsoft Security deployment is keeping the company safer—and ensuring that the passion for innovation and creativity thrive. 

Empowering agility and innovation with Azure

Every day, a team of 89 IT Camparistas deliver the solutions and IT support that bolster Campari Group’s success. Their responsibilities include Internet of Things (IoT) and business systems in 22 production plants, along with the business applications used by about 4,000 other Camparistas working across 190 markets worldwide. The company grows organically and through acquisitions, which presents its IT team with an ever-evolving challenge, but the drive to be fast and inventive is constant.

Campari Group Chief Information Officer Christopher Woods recognizes that some situations hinge on quick delivery, like creating an environment on the fly for a marketing agency working on the latest Campari campaign. Operationally, the company might need to spin up infrastructure to ingest data for insights. That, coupled with cost, scalability, and convenience factors, is why Campari Group began migrating to its cloud platform of choice, Microsoft Azure, in 2019. “We made a strategic decision to build our IT foundation on the Azure stack,” explains Woods. “We closed down our physical datacenters and migrated all of our business-critical global applications to Azure, which has been a great business continuity support.”

The Campari Group IT team had to turn from its cloud migration work when the company was hit by a ransomware attack in early November 2020. The ransom request came in at about the same time that the team realized that cybercriminals had encrypted much of its physical infrastructure. But the team had made the most of the security features built into Azure, and its hard work migrating the company’s most important systems was about to pay off. “By taking advantage of the capabilities in Azure and implementing the landing zones with security by design, we protected the workloads hosted in Azure. Thankfully, they were not compromised,” says Matthew Zeidler, Senior Director of Enterprise Architecture and Technology at Campari Group. “In a few days, we were able to begin bringing key business capabilities back online.” 

Creating a cocktail of Microsoft Security solutions for deliciously enhanced protection

Like the rest of the team, Andrea Mazzetti, Global IT Manager, Cyber Security at Campari Group, still remembers with dismay the call informing him of the attack on that cold November day. But he’s also equally proud of the speed with which his team rolled out the Microsoft Security suite in the aftermath of the attack.

The team stepped up its cloud migration, moving 90 percent of applications to Azure and ensuring that Azure Active Directory (Azure AD), part of Microsoft Entra, was in place to manage user identities for its software as a service applications. And those solutions are used in concert with a Zero Trust strategy—never trust, always verify.

As part of the multi-year security roadmap that it had finalized prior to the attack, Campari Group immediately stood up a security operations center, putting Microsoft Sentinel in place. The IT team rounded out the connected tool set offered by Microsoft 365 Defender services with Microsoft Defender for Identity and Microsoft Defender for Cloud, coordinating them with Microsoft Sentinel. “The biggest benefit in our eyes is the increased and holistic visibility we get across the entire Campari Group thanks to the fusion of the Defender solutions and Microsoft Sentinel,” says Mazzetti.

Telemetry data streams from both IT and IoT devices into Microsoft Sentinel, affording the team a constant and comprehensive view of Campari Group’s global estate. “We use security automation in Microsoft Sentinel to catch and identify all suspicious behaviors,” says Mazzetti. “Our ability to detect and mitigate suspicious activity grows as we adopt more Microsoft Security solutions.” The team also rolled out Microsoft Defender for Endpoint, using the data it transmits to Microsoft Defender for Cloud Apps to show unauthorized apps on Windows devices, checking off a key goal of eliminating shadow IT. And with the detail it gleans through the Defender suite, Campari Group adds more depth to the breadth of threat protection it gets with Microsoft Sentinel. “We believe that detailed knowledge of the surface is the only way to achieve a high level of security,” insists Mazzetti. “We used Defender for Endpoint to discover and recognize all of our devices around the world, including the IoT devices in our plants.”

Mazzetti appreciates the cyberthreat intelligence embedded in Microsoft Sentinel and the Defender suite that his team can use to stay ahead of cybercriminals. Combined with data governance solutions like Microsoft Purview Information Protection, Campari Group stays proactive because it can apply sensitivity labels across documents, and it can take some of the onus to label content by using the trainable classifiers.

One for all, and all for one

Thanks to the IT Camparistas’ strong skill set, the next step in Campari Group’s cybersecurity strategy came easily. “For Campari Group, security is and was always at the top of our priorities, and that hasn’t changed,” says Mazzetti. “After the ransomware attack, we realized that every single Camparista, every single server, and every single device plays a key role in security. We brought everyone together because a single failure can be a big risk for the whole company. What did change for Campari Group is increasing the awareness about the importance of being part of a single team and a singular, unified company.” 

Not only did Camparistas outside of IT join the security cause, but Campari Group IT teams came to understand the business needs more intimately than ever before. “I think that moving to the cloud helps IT teams realize that it’s no longer just about maintaining resources,” says Zeidler. “They need to fundamentally understand how those assets affect the business on a day-to-day basis.” The resulting meeting of minds helped cement the company’s unified drive to protect digital resources.

Campari Group extends its security emphasis both inside and outside of the company. It provides a secure environment for contractors, consultants, and other external parties with Azure Virtual Desktop, and it enhances security with multifactor authentication through Azure AD and desktop protection from Defender for Endpoint. “Thanks to our emphasis on ‘secure by design,’ we can provide our contractors the same level of security that all Camparistas enjoy,” says Mazzetti.

The IT team adopted a two-pronged approach to educating the rest of the company on cyberdefense. Every new Camparista receives a welcome email that lays out practical information and resources about the company’s cybersecurity policies and trainings so they can help manage threats from the first day on the job. Specialized trainings augment security best practices. The second part of the strategy is a series of monthly, sometimes biweekly, security awareness campaigns to share the latest news in cybersecurity practices and technologies at Campari Group.

Blending ideas and teams with Microsoft

Campari Group drew on its already collaborative relationship with Microsoft as it recovered from the attack, working with the Microsoft Detection and Response Team (DART), which helps customers rebound from cyberattacks and become digitally resilient. Mazzetti feels that his team has done its homework well. “We’re in a better position now than ever before,” he says. “We constantly set our goals higher, and we want to set the standard for cybersecurity in our industry.”

The company’s relationship with Microsoft continues to grow. “Our team works closely with the Microsoft team in a trusting, transparent collaboration,” says Woods. “I’m proud of how our respective teams come together with a win-win attitude, really focusing on what makes a difference for Campari Group. I look forward to working with Microsoft as we continue on our digital transformation journey.”

Find out more about Campari Group on Twitter, Facebook, Instagram, and LinkedIn.