Manufacturing Close-Up: What a Merger Can Mean for Cybersecurity

If you’re into the mid-century modern aesthetic – or even if you’re not – you’ve most likely heard of Herman Miller, maker of the iconic Eames lounge chair, the Noguchi table, and the Marshmallow sofa. The company’s 2021 merger with another modern-furniture icon, Knoll, made it a global powerhouse of furniture design and manufacturing, with an expansive cybersecurity threat landscape.

Which means Brian Klotz doesn’t get to sit back much.

As the company’s global endpoint architect, Klotz is the guy managing a vast infrastructure, with scads of endpoints, from desktop computers to a host of network devices used to operate machinery in factories across the globe.

The future of IT and security is autonomous. But most organizations don’t know which manual processes are easy to eliminate. This is where you start.

The design giant’s portfolio, besides Herman Miller and Knoll, includes notable brands like Design Within Reach, DatesWeiser, Edelman leather, Holly Hunt, Muuto, and more. And that makes for an incredibly complex IT environment.

Klotz is a 20-year IT veteran who worked first in desktop support “running around office buildings,” then leading IT teams, and eventually moving to more technical roles in system architecture and endpoint support. Having served Fortune 500 commercial manufacturers, plus organizations in healthcare and higher education, Klotz has seen a wide range of endpoints and exponential challenges that arise when trying to combine disparate systems.

When we take a machine down by an accidental patch or reboot a computer in the middle of a manufacturing run… it’s very, very disruptive.

Here’s his take on mergers and acquisitions (M&As) and how security teams can wrangle different sub-brands, IT leadership strategies, executive leadership strategies, and a host of device use cases.

(The following interview is adapted from a conversation with Klotz and podcast host Chelsea Nelson on Tanium Podcast, produced by Tanium, which publishes this magazine. It has been edited for space and clarity.)

What are the IT challenges unique to a large for-profit manufacturing business?

Manufacturing is an uptime-based business and that has a direct connection to the revenue for the company.

Manufacturing has a lot of older systems. Some of the facilities are running machines that were made 20 years ago, and the computers that run them are therefore stuck in time with those operating systems.

So when we take a machine down by an accidental patch or reboot a computer in the middle of a manufacturing run, when a chair is being made… it’s very, very disruptive. And the amount of time it takes to reboot a computer could cost the company thousands of dollars. And the longer that goes on, it just kind of compounds.

Manufacturing has a lot of older systems. Some of the facilities are running machines that were made 20 years ago, and the computers that run them are therefore stuck in time with those operating systems.

[Read also: 5 key goals to guide cybersecurity budgets in 2025]

So as much as we would like to say we don’t want Windows 98 in our environment, we don’t have that option – say, in a case where it runs a saw, and that saw was made 20 years ago, and that company doesn’t exist anymore.

You’re talking about legacy systems… As MillerKnoll acquires different brands with different levels of tech maturity, how does this growth make endpoint management more complex for you?

Just by the natural acquisition of a large number of different sub-brands that have different IT leadership and different executive leadership, different device use cases set up in different countries, and different third-party contractors setting them up, all of them have very different postures and operating procedures.

[Read the case study: Success story – how a multibrand powerhouse sorts out disparate cybersecurity practices and secures growth]

So some of the really unique challenges have been trying to standardize and unify all of that under one big umbrella. Because once you put them together on the same network and they can all talk to each other, you want to make sure that the devices are set up to a baseline configuration that’s both secure and interoperable.

How did you accomplish that?

We brought on [a cloud-based security system] to allow us to do things that we could not do with an on-premises-based infrastructure.

That’s one of the real benefits I see with AEM – it’s going to allow us to build and design workflows so that they happen automatically.

The fact that it was cloud-based was a tremendous benefit to because we had devices all over the world and behind different firewalls, different networks. And it really allowed us to gain insight into where all of our assets were, what the setup and posture was of all those different devices and allowed us to begin that journey of adding the security into our environment that we needed.

When we first started, our patching level for our operating systems was all over the board. A very low percentage were current to the current release of Windows and the current patch level. Most recently, we ran these numbers and were at like 87.5% current to at least two patch levels back.

What about AI, automation, machine learning – how do you see these technologies helping you in the future?

One of the major challenges we’ve had over the years is that a lot of the tasks we find ourselves doing, especially deployments and scheduled actions, are repeatable. And we want to have multiple repeatable actions take place in a certain sequence.

And that’s one of the real benefits I see with AEM [autonomous endpoint management, which global IT systems advisory firm Gartner calls a “next-generation approach” that uses automation to accelerate endpoint management, remain compliant and improve the digital employee experience] – it’s going to allow us to build and design workflows so that they happen automatically. We don’t have to manually set them up every single time or run the same set of drill-down queries, one after another, to get to the data I need and deploy one part, then go back and do it again after the data has been updated and run a second part.

[Read also: How AI is redefining data loss prevention (DLP)]

So I’m really looking forward to the automation.

And your workforce, are they excited about the possibilities? Many worry their jobs are going to be replaced. How do you respond to that?

I’m not feeling any of that because our company has been pretty aggressive, over the last year, in trying to build an AI strategy for the organization. We’ve had leadership throughout the organization engaged in those discussions about where AI can be best used within MillerKnoll, and the IT organization supports a lot of that.

We use Microsoft Windows and have access to the Copilot tool. We have some exciting projects going on within the organization that utilize that. So I think the appetite for AI and automation is there. What it really comes down to is understanding what the product is going to do and how it can make your life easier.

TO HEAR MORE:

Check out the whole interview with Klotz at the link below, where he discusses in more detail the challenges that M&As bring to endpoint management.

• Brian Klotz on how MillerKnoll gains endpoint visibility (and simplifies M&A)