Manutan CIO modernizes out security risks

An emergency can, as we know all too well, trigger significant change. For business-to-business specialist retailer Manutan, a cybersecurity incident has moved the French business from what the CIO describes as a state of technology obsolescence to the adoption of digital factory methods.

The ransomware attack proved to be the catalyst to wholesale change at the business, headquartered in Gonesse, close to Paris. The attack, which Group CIO Sylvain Coquio says profited from the obsolescence of the application estate, spread right across the European business and led to 10 days of major damage. Full-scale recovery took five months and Coquio says the legacy IT helped the hackers. However, this enabled the CIO to have a much needed frank discussion with the business. He explains:

Big decisions had to be made, and the business realized it had to invest a lot to make sure it was not completely in danger. In addition, I said we have to think completely differently, and we have to prepare for agility and digital transformation.

Manutan has 27 subsidiary businesses in 17 European countries. It is best known in education, office supplies and local government circles for supplying the materials, ranging from boxes and racks to office furniture. Manutan is also the business behind Ironmongery Direct in the UK for tradespeople and DIY enthusiasts, Zack, a French-based technology recycling business and Casal Sport for sports equipment.

Increasingly the business is connecting its online B2B retail to services such as the installation of tennis courts for schools or local authorities, for example. Coquio says this is giving the business an advantage over pure retail providers, in particular Amazon, which he cites as a major rival.

New horizon

As Manutan recovered from the cyber attack, Coquio scoped out the Horizon programme, a plan that incorporated both an immediate response to get the business back to operational health but also to consider the years ahead. The Horizon programme delivered a modernized network, access technologies and a new data centre estate. It has been reported that the application estate contained 2016 versions of Microsoft Windows and Red Hat Linux.

A major part of the investment was the wholesale replacement of VMWare hosting clusters with Nutanix. The CIO says:

There was no RFP as we were in a hurry to mitigate risk. If you have been attacked, then you are more likely to be attacked again. 

There were challenges with the change as there is in any company, but now the smiles are coming back on their faces.

Without the hindrance of an RFP process, Coquio was able to move rapidly, and in less than 12 months, the business had a new estate of HP servers, an on-premises hybrid cloud infrastructure and two new data centres in place with Equinix. Asked why the CIO sees hybrid cloud as the best fit for Manutan, he says:

We have large warehouses, and at these, we need servers to ensure quick interfacing.

With the new infrastructure in place, Coquio is now moving the organization to the digital factory model of rapid development in close collaboration with business lines. The digital factory will use Kubernetes containers, Microsoft Azure and the Nutanix infrastructure technologies to automate and rapidly deploy applications to the 27 subsidiaries.

Prior to the attack, most of the subsidiaries had their own servers and technology estate. The new infrastructure allows for the core compute needs of Manutan to be centrally operated, but the digital factory ensures each subsidiary has the opportunity to personalize technology for its operational or customer needs.

Coquio adds that a digital factory model also enabled greater automation across the businesses. Coquio says the legacy VMware estate was too complex, but moving to a new provider was far from easy. He says:

The switch from VMWare to Nutanix was a difficult story for the system administrators, as they were efficient and expert in these tools.

It is a common challenge CIOs face; a particular vendor becomes entrenched in the organization and its business processes. Team members are not only comfortable with that supplier's technology but have often invested in that vendor in terms of keeping up to date with the vendor's technology and taking time to study and sit the qualifications offered by the vendor.

A CIO choosing another vendor can feel like that investment is now under valued or at risk. Nutanix was selected over VMWare, though as the CIO felt they were a better cultural fit. He explains:

Nutanix was not only a technology choice, it was a mindset choice.

With Manutan increasing its usage of Microsoft Azure, and Nutanix and Microsoft announcing an even closer collaboration, as Nutanix CEO Rajiv Ramaswami recently told diginomica, the alignment between technology partners should help the CIO, leaving integration challenges in the past.

Restocking

Coquio is now, like so many of his peers across Europe, looking for additional technology skills, both externally and within Manutan. The CIO says:

Finding good expertise is very hard. We are going to 200 in IT, and if we are going to go quickly with the transformation, then we need more people.

Currently, the CIO has 120 technologists in his team, with 80 of them based in the company’s headquarters. To help find the skills, Coquio has worked with the Human Resources (HR) department, which has taken on a freelance technology recruiter solely for IT. Coquio joined Manutan in March 2020, having led technology at pharmaceuticals logistics firm OCP Répartition and, prior to that over two years as CIO of Louvre Hotels Group and fashion retail group Tally Weijl.

My take

Organizational structures can be complex, and often subsidiaries and business lines can feel secure if they own - perhaps can even see - the technologies they use to deliver their service. However, complex organizational structures needn't always have complex technology estates. If one element of that technology estate becomes outdated, it can, as it did with Manutan, expose the business to risk. Coquio is navigating an interesting path of centralizing technology to keep a close eye on weak points or applications becoming outdated, but also creating a digital factory to ensure the organization remains connected and involved in the future story.