At Zimmermann, IT security is a top priority. In this interview, Tobias Hiller, Head of IT, explains how the team ensures that data remains protected, knowledge stays within the company, and our systems run reliably — for our customers and for ourselves.
Tobi, you’ve been our IT expert for 19 years. Why is IT security so important for Zimmermann?
Because all of our work depends on it. We process sensitive design data and control complex processes. A failure or, even worse, unauthorized access, whether digitally or physically, would have serious consequences for our customers and for us. This is why we make ongoing investments in our IT security.
What have you implemented most recently?
We modernized both of our data centers, replaced legacy components, and expanded our storage capacities. At the same time, we updated and modernized our servers, and optimized our backup strategy. As a result, we’re not only more efficient, but also far better protected against potential cyberattacks.
How secure is our data today?
We must remain realistic: 100 percent security doesn’t exist, claiming anything else would be irresponsible. But we are very well prepared. Our data backup operates on multiple layers, across different time frames, server locations, storage media, and versions. This ensures that in an emergency, we are able to recover and access our data quickly and reliably and continue working without major interruption. We regularly test our systems to ensure they perform as expected in practice.
What are the next steps regarding IT security?
Currently, we are evaluating whether certification under the NIS2 Directive would be beneficial for us. This involves systematic analysis of vulnerabilities and recommendations for further improvement. The topic is also becoming increasingly important to our customers, more and more often, evidence of IT security is required or requested. Rather than just reacting, we take proactive measures to guarantee that your data is fully protected at Zimmermann.
Your conclusion?
IT security is not a one-off project that you complete and then check off. It is an ongoing process. Our goal is clear: the knowledge and data of our customers and employees must remain protected, today and in the future.