Customer stories

Coca-Cola FEMSA

Fortify on Demand helps minimize security issues through a comprehensive assessment process providing full visibility and control

Products and services

OpenText™ Core Application Security (Fortify™ On Demand)

Outcomes

Full SOX-compliance with clear visibility and reporting
Comprehensive security strategy aligned with company goals
Easy process to assess the security of new applications for the environment

Challenge

A move to hosting applications in the cloud prompted the need for more structured application security to identify vulnerabilities before they cause issues.

Jair García Osorio, Chief Technology Security Officer for Coca-Cola FEMSA, provides some context to the role of the security department: “We are a centralized security division for the whole company, across all locations. Although security has always been important to us, a move towards cloud-hosting our own and our partner’s applications made us much more aware of potential security risks. Once the organization as a whole understood the serious consequences of a security breach with a cloud-hosted application, it became a priority to find a solution that could help us identify any potential application vulnerabilities.”

The team looked for a solution that could support the implementation of a comprehensive set of security guidelines for applications, both Coca-Cola FEMSA’s own and their partners, to adhere to.

Details

Solution

Market research showed OpenText™ Fortify™ On Demand to be a great option. This application security as a service integrates static, dynamic, and mobile application security testing with continuous application monitoring. Scalable for application growth, Fortify on Demand can be delivered in a flexible cloud or hybrid environment, to align with application demand.

Jair García Osorio comments: “We looked at alternatives but found it a real challenge to find a solution that identifies a wide range of vulnerabilities and makes them visible in an easy-to-action way. Once we saw what Fortify on Demand was capable of, we knew it was the solution for us.”

We looked at alternatives but found it a real challenge to find a solution that identifies a wide range of vulnerabilities and makes them visible in an easy-to-action way. Once we saw what Fortify on Demand was capable of, we knew it was the solution for us.

Jair García Osorio
Chief Technology Security Officer, Coca-Cola FEMSA

Fortify on Demand (a SaaS based solution powered by AWS) was soon implemented and the security team started scanning all applications using the service. The majority of applications come from vendors, but they all need to adhere to the centrally agreed security criteria before they are allowed within the Coca-Cola FEMSA IT infrastructure. Fortify on Demand provides an easy way to assess new applications within the portfolio to ensure they meet certain security standards before they are implemented in production. Scans are carried out simultaneously, and a straightforward portal interface provides full visibility to the process.

Jair García Osorio explains the day-to-day use of the solution: “The clear reporting within Fortify on Demand enables us to translate technical issues into business ones. Once a vulnerability is identified, there are different ways of fixing it. We can give the vendor a report which explains exactly what code changes need to be made to improve the solution. We have also created fixes for common problems that can be implemented automatically through the use of digital signatures.”

He adds: “Fortify on Demand helps us determine which security methodology to apply when assessing certain applications, depending on how critical they are to the business. The reporting we receive is clear and unbiased. In a single page we have the full status of an application, giving us a detailed and clear analysis of what needs to be done to fix any vulnerabilities. We share the reports with vendors or our own software developers to ensure all applications are meeting our high security standards when they enter our infrastructure.”

Results

Fortify on Demand provides the Coca-Cola FEMSA team with the visibility and insight needed when purchasing applications. It has helped design a comprehensive security strategy to align with the company’s business goals. The security team was able to gain the respect of the whole company, beyond the IT department, by showing the risks and impact that the organization was exposed to and help them understand the importance of IT and application security.

Jair García Osorio says: “We consider Fortify on Demand a key service for our business. It helps us, and the rest of the organization, understand how applications work in the cloud. Thanks to that, we can minimize potential security issues in applications before they are allowed in our environment.”

He concludes: “Fortify on Demand fully supports our SOX-compliance and it enabled us to create clear security guidelines aligning all business areas involved in the introduction of a new application.”

We consider Fortify on Demand a key service for our business. It helps us, and the rest of the organization, understand how applications work in the cloud. Thanks to that, we can minimize potential security issues in applications before they are allowed in our environment.

Jair García Osorio
Chief Technology Security Officer, Coca-Cola FEMSA

About Coca-Cola FEMSA

Coca-Cola FEMSA is the largest franchise bottler of Coca-Cola trademark beverages in the world. It operates 67 bottling plants and serves more than 2.8 million pointsof-sale through 344 distribution centers. Coca-Cola FEMSA is present in 10 countries.

Aviator AIAviator AI

Analytics CloudAnalytics Cloud

Data Lakehouse & AnalyticsData Lakehouse & Analytics

BI, Visualization & ReportingBI, Visualization & Reporting

eDiscovery with AIeDiscovery with AI

OpenText™ Aviator Search

Business Network CloudBusiness Network Cloud

Supply Chain AutomationSupply Chain Automation

B2B IntegrationB2B Integration

Secure CollaborationSecure Collaboration

Supply Chain TraceabilitySupply Chain Traceability

Supply Chain InsightsSupply Chain Insights

Industry Applications and ServicesIndustry Applications and Services

OpenText™ Business Network Aviator

Content CloudContent Cloud

Document ManagementDocument Management

AI Content ManagementAI Content Management

Capture and Intelligent Document ProcessingCapture and Intelligent Document Processing

Process AutomationProcess Automation

Business IntegrationsBusiness Integrations

Information ArchivingInformation Archiving

Industry SolutionsIndustry Solutions

Information GovernanceInformation Governance

OpenText™ Content Aviator

Cybersecurity CloudCybersecurity Cloud

Application Security TestingApplication Security Testing

Data SecurityData Security

Security OperationsSecurity Operations

Identity and Access ManagementIdentity and Access Management

Digital Forensics and Incident ResponseDigital Forensics and Incident Response

OpenText™ Cybersecurity Aviator

DevOps CloudDevOps Cloud

DevOps PlatformDevOps Platform

Functional TestingFunctional Testing

PPM and Strategic Portfolio ManagementPPM and Strategic Portfolio Management

Quality ManagementQuality Management

Performance EngineeringPerformance Engineering

OpenText™ DevOps Aviator

Experience CloudExperience Cloud

Web & Mobile ExperiencesWeb & Mobile Experiences

Contact Center AnalyticsContact Center Analytics

Messaging & FaxMessaging & Fax

Customer CommunicationsCustomer Communications

Digital Asset ManagementDigital Asset Management

Customer Journey and DataCustomer Journey and Data

OpenText™ Experience Aviator

Observability and Service Management CloudObservability and Service Management Cloud

Service ManagementService Management

ObservabilityObservability

AIOpsAIOps

Automation and Vulnerability RemediationAutomation and Vulnerability Remediation

CMDB and Asset ManagementCMDB and Asset Management

OpenText™ Service Management Aviator

OpenText™ ThrustOpenText™ Thrust

OpenText™ Thrust bundleOpenText™ Thrust bundle

OpenText™ Aviator Thrust

Device and Data ProtectionDevice and Data Protection

Enterprise Data Backup and Disaster Recovery SolutionsEnterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management ToolsUnified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving ComplianceEmail Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document ManagementConnectivity and Document Management

Information reimaginedInformation reimagined

Artificial IntelligenceArtificial Intelligence

IndustryIndustry

Enterprise ApplicationsEnterprise Applications

Your journey to successYour journey to success

Customer SupportCustomer Support

Customer Success ServicesCustomer Success Services

Consulting ServicesConsulting Services

Cloud MigrationCloud Migration

NextGen ServicesNextGen Services

Latest product releasesLatest product releases

Learning ServicesLearning Services

Managed ServicesManaged Services

Find an OpenText PartnerFind an OpenText Partner

Find a Partner SolutionFind a Partner Solution

Grow as a PartnerGrow as a Partner

Become a Partner

Resource libraryResource library

Aviator AI

Analytics Cloud

Data Lakehouse & Analytics

BI, Visualization & Reporting

eDiscovery with AI

Business Network Cloud

Supply Chain Automation

B2B Integration

Secure Collaboration

Supply Chain Traceability

Supply Chain Insights

Industry Applications and Services

Content Cloud

Document Management

AI Content Management

Capture and Intelligent Document Processing

Process Automation

Business Integrations

Information Archiving

Industry Solutions

Information Governance

Cybersecurity Cloud

Application Security Testing

Data Security

Security Operations

Identity and Access Management

Digital Forensics and Incident Response

DevOps Cloud

DevOps Platform

Functional Testing

PPM and Strategic Portfolio Management

Quality Management

Performance Engineering

Experience Cloud

Web & Mobile Experiences

Contact Center Analytics

Messaging & Fax

Customer Communications

Digital Asset Management

Customer Journey and Data

Observability and Service Management Cloud

Service Management

Observability

AIOps

Automation and Vulnerability Remediation

CMDB and Asset Management

OpenText™ Thrust

OpenText™ Thrust bundle

Device and Data Protection

Enterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document Management

Information reimagined

Artificial Intelligence

Industry

Enterprise Applications

Your journey to success

Customer Support

Customer Success Services

Consulting Services

Cloud Migration

NextGen Services

Latest product releases

Learning Services

Managed Services

Find an OpenText Partner

Find a Partner Solution

Grow as a Partner

Resource library

Blogs

Events

Communities

Customer stories

OpenText Navigator

Marketplace