how to avoid data breach disasters in automotive supply chains

- 1 - © SEEBURGER AG 2011

Avoiding Data Breach Disasters in Automotive Supply Chains

Brian Jolley | Senior IT Specialist, AutomotiveSEEBURGER North America

Akram J. Yunas | Program Manager AIAG


Objectives

Share insight into the pervasiveness of Data Breach.

Discuss the financial liability of Data Breach.

Identify Data Security related business pressures.

Point out how Data Breach risk is being elevated.

AIAG Perspective - Global Supply Chain Network Connectivity.

Highlight Automotive data exchange trends.

Get control with Managed File Transfer solutions.

Identify industry leading solutions to mitigate risks and protect data.


Pervasiveness of Data Breach

“When asked what keeps them up at night, 24 percent of CIO’s polled said that their top worry is keeping their organizations’ sensitive data out of the wrong hands – the most cited response.”

In a survey of 1400 Technology Executives in the US 21% estimate the average company experiences 3 - 5 breaches in a year.

“The CIO Insomnia Project” | Robert Half Technologies 2011


Financial Liability of Data Breach

“Symantec Corp. (Nasdaq: SYMC) and the Ponemon Institute today released the findings of the 2010 Annual Study: U.S. Cost of a Data Breach, which reveals data breaches grew more costly for the fifth year in a row. The average organizational cost of a data breach increased to $7.2 million and cost companies an average of $214 per compromised record, markedly higher when compared to $204 in 2009.“

Symantec Corporation | March 8, 2011


Which of the following best describes your company policies regarding data security?A. Policies are clearly defined and strictly

enforced.B. General guidelines exist but are loosely

enforced.C. Policies vary from department to

department and application to application.

D. I am unaware of policies regarding the transfer of unstructured files.

Polling Question 1


Data Security Related Business Pressures

Regulatory Compliance MandatesFederal and State regulations have been enacted mandating that businesses securely manage the transfer of electronic data.

Profit Leakage from SLA violationsUsing unreliable FTP connections in critical business processes creates a huge business impact when there are problems/failures/interruptions: Orders cannot be booked, Delivery cannot be initiated, Delivery times with customers are not met (SLA violation) which will directly lead to lost profit, penalties, etc. Brand & Image ProtectionData Breach has a negative impact on the Brand and Image of the company where it has occurred. Customers ask, “This company is unable to keep confidential data confidential, should we continue to work with them?”.


Data Security Related Business Pressures

FTP “Spaghetti”Uncontrolled deployment of FTP connections between internal applications as well as transfer beyond the firewall is a tangled mess. No control on process, no security, no audit-trail.

Partner & Customer Privacy RequirementsEven without a legal mandate, customers may impose their security rules on their suppliers and expect that data coming from them is treated in a secure/controlled way.


How often are reports or database queries downloaded from your ERP environment for distribution to other applications or individuals?A. Frequently – multiple times dailyB. A few times per weekC. Monthly processesD. Rarely

Polling Question 2


Raising Data Breach Risk

Despite the costly liabilities, risky files transfer practices abound in the savviest of enterprises - users often download free trials of FTP software.

− Without the knowledge of IT.− Violating compliance standards.− Inadequate content validation before and after file transfer.− Unsecure transfer.

Without a unified view of files being transferred companies have no chance to control or stop unauthorized behavior.

Dealing with a myriad of file transfer modes make forensic investigation after an incident cumbersome and costly.

Additionally there is a movement away from proprietary networks to the public internet for communications.

Global Supply Chain Network Connectivity- Industry Collaborations Enabling Standards

Based InteroperabilityOctober 11, 2011

Akram Yunas, Program Manager, AIAGAutomotive News Webinar

Message From J. Scot Sharland, AIAG Executive Director :

“ In the past 15 years…our world and industry have changed

dramatically. A new generation of automotive

professionals and AIAG volunteers are now being tasked with eliminating cost

and complexity in an even more challenging and unpredictable business

environment. To successfully drive continuous improvement in global

data connectivity…

it is imperative that we fundamentally understand and thoroughly vet new

technology options…challenge the logic with respect to current

standards & the need for higher levels of performance in the areas of

speed, security and reliability and…lastly…reaffirm our commitment to

work together for our mutual benefit.”

11

Automotive Industry Action Group…

12

Board of Directors

13

Global Alliances

Collaborative Supply Chain Data Network Connectivity-2011 Project

Business Drivers: • What low cost alternatives exist for data exchange for the electronically-

enabled supply chain?• Are the low cost alternatives as reliable as current approaches given that

these solutions often take advantage of the Public Internet?• Can appropriate levels of security for legal, contractual, regulatory and

product tracking information be maintained using a low cost alternative? • Is the current performance and scalability of trading partner information

exchanges adversely impacted if a low cost alternative is implemented?• Can Automotive OEMs and Suppliers develop a means to offer cost

effective alternatives in the transmission of business and technical information?

• Can a common approach be identified and be recommended for the Automotive Industry?

14

Project Introduction

15

Vision

Supplier Connectivity Project Launched: March 2010

• Automotive Industry supported open standards for communication and transport of Electronic Data

• Evaluate and review similar solutions from other industries

• Categorize Communication methods by Supply Chain Management business processes and CAD/CAE information requirements– Type– Volume– Security– Global, regional or country specific– Cost value/ROI

Collaborative Supply Chain Data Network Connectivity-2011 Project

126 Automotive Companies Provided Resources

Project Leads:• Betty Young, Chrysler Group LLC, Chair• Jerry Finefrock, ANX, Co Chair• Doug Halliday, Trubiquity, Chair Technical Requirements• Henriette Douglas, Covisint, Document Coordinator• Deb Jablonski, Midway Products, Document Coordinator

Corporate Liaisons: • Marilyn Smith, General Motors, AIAG Loaned Executive• Monique Oxender, Ford Motor Company, AIAG Loaned Executive• Morris Brown, Chrysler Group LLC, AIAG Chrysler Loaned Executive

16

Project Introduction

• Captured Industry Requirements for Connectivity

• Mapped Internet Solutions to Private Network – Pros and Cons

• Evaluated IP based solutions and provided implementation case studies

• Evaluated State of Connectivity in non-automotive industries via implementation case studies

• Captured OEM existing Connectivity Landscape

• Captured OEM moving forward connectivity strategies

• Captured OEM to Supplier future recommendations

Resulting in a renewed game changing supply chain connectivity landscape… 17

AIAG Project- Key Accomplishments

Allowable / Required Connectivity Types- North AmericaOEM LANDSCAPE – 2011

EDI Ford GM Chrysler Honda

Standard EDI ( Machine to Machine)

1.Public Internet2.ANX




Web EDI (low volume or non EDI

capable)Public Internet Public Internet Public Internet Public Internet

Engineering& CAD

Ford GM Chrysler Honda

On-line Engineering (“Direct Connect”)



1.Public Internet2.Private Circuit N/A

CAD File Exchange (off-line engineering) Public Internet Public Internet Public Internet

Private Circuit Public Internet

Europe Asia South America

Where Are We ?

19

Global Challenges, Complexities and Opportunities

20

European OEM Connectivity Landscape

2011 Status

BMW Daimler Fiat Ford GM Jaguar PSA Renault VWGroup

Volvo

Access 1. ENX

2. ISDN

PlanningTCP/IP

1. ENX

2. ISDN

PlanningTCP/IP

1. ENX

2.TCP/IP

1. ENX

2.TCP/IP

3. ISDN

1. ENX

2. VAN(GSX,

Covisint)

1. ENX

2.TCP/IP

3. ISDN

1. ENX

2. VAN(GXS)

1. ENX

2. VAN(GXS)

1. ENX

2. Public Internet

3.ISDN

1. ENX

2.Public Internet

3.ISDN

Proto-cols

1. OFTP2. OFTP23. SFTP

1. OFTP2. Web

PlanningOFTP2

1. FTP2. OFTP

1. OFTP2. FTP3. Web

Planning OFTP2

1. FTP2. OFTP

1. OFTP2. FTP

Planning OFTP2

1. OFTP2. OFTP2(Engineer)3. FTP

1.OFTP2. FTP3. Web

1. OFTP2. OFTP2(Logistics)3. Web

1. OFTP2. OFTP23. SFTP4. FTP

EDI VDAODETTEEDIFACTANSIX12

VDAODETTEEDIFACTANSIX12

ODETTEEDIFACT

VDAEDIFACTANSIX12

EDIFACT VDAEDIFACTANSIX12

EDIFACTODETTE

EDIFACTODETTE

VDAEDIFACTODETTE

EDIFACTODETTE

Validation Pilot “Internet Based Solution For Global Supply

Chain Connectivity”

Industry Sponsors:• AIAG, Automotive Industry Action Group (N.A)• Odette, European Standards Organization (Europe)• JAMA, Japan Auto Manufacturers Association (Asia)

21

Next Steps at AIAG:

• Private Networks provide a valuable service in todays connectivity domain. They are current connectivity performance standard.

• Private Internet (PI) has matured to a point where it now meets automotive industry requirements in terms of security, reliability, speed and bandwidth.

• North American OEMs have endorsed PI based solutions as an “approved option” in their supplier connectivity toolkit.

• European OEMs are fast transitioning to PI as their preferred and or required “connectivity medium”.

22

Conclusion & Take Away….

• Asia Pacific is in the planning stages of migrating to Private Internet for supply chain connectivity.

• OFTP 2, an industry developed open standard, is fast becoming the leading protocol which is enabling internet based connectivity. OFTP 2 is compliant to global auto industry connectivity requirements .

• Connectivity solutions are not one size fits all. Selection criteria is driven by enterprise specific requirements.

• The AIAG working Group projects that Internet based connectivity solutions are expected to save the automotive supply chain millions in direct costs, within the next 5 years.

23

Conclusion & Take Away….


Automotive Data Exchange Trends

Movement from proprietary VAN‘s to public internet based communications.− Business Driver – Cost

Larger files are being exchanged.− Business Driver – Heavy payload, sensitive data – CAD, CAE,

High Res Pictures, Video, Graphics,Test Data

Compliance Regulation− Business Driver – Government and Trading Partner rules of exchange

Strong focus on supplier integration− Business Driver – High diversity in infrastructure raises questions regarding

small tier supplier readiness to securely handle data.

Increased Data Security Focus


At your company, what is the most commonly used method for moving large files from one system or individual to another?A. E-mailB. Shared Folders on an internal networkC. Managed File Transfer solutionD. Individual FTP processesE. USB thumb drive device

Polling Question 3


Getting Control with Managed File Transfer

Managed File Transfer helps reduce the risk of Data Breach

Providing Visibility of people, processes and systems affecting and being affected by messages, files, and transactions.

Delivering Monitoring which enables companies to proactively/reactively track these messages, files and transactions as they flow through systems and among people.

Establishing Security to address risk, identity, access and authentication issues.

Providing Adaptability to connect systems and infrastructures.

Delivers Provisioning which enables an enterprise to rapidly onboard systems, companies, individuals, and manage all aspects of change.

Enabling automated Workflow which allows a company to design, test, and execute processes associated with a file transfer.

Source: Gartner – “Key Issues for Managed File Transfer”


What is MFT?

Simple definition from the analyst community:

Workflow

Management

Secure Communications

Compression

Repository with Auditing and Logging

Check Point/Restart Encryption



Comprehensive MFT/B2B Solution compared to FTP

MFT Provides a Secure, Cross Platform File Transfer Solution

− Encryption− Guaranteed Delivery− End to end process automation− Empower operations staff

MFT is a complete solution set designed to support all of your file transfer needs

− One Common User Interface− Central Management and Control− Global Visibility – Intra and

Extra enterprise− Automation for file transfer related

activities and processes.

Features FTP MFTASCII / EBCDIC / Image / Binary file transfers

X X

Send/Receive files X X

Point-to-point application links X

Just-in-time processing X

Non invasive X X

Guaranteed delivery X

Once and only once delivery X

Logical Naming and Addressing

X

Full Error Handling X

Internet enabled X X

Advanced Triggering X

Advanced Security X

Advanced Monitoring X

Broadcasting X

End-to-end managed file transfers

X

Full Automation X


From File Transfer spaghetti architecture…

Platform 6

Platform 5

CRM

ERP

EAI

Finance

Partner


…to Managed File Transfer (MFT)

Plattform 6

Plattform 5

CRM

ERP

EAI

Finance

Partner

MFT Suite


SEEBURGER Approach – SEE MFT

Adopt an MFT strategy that allows IT teams to centrally manage, monitor, audit and report on file transfers across all critical applications.

SEE MFT consolidates and centralizes file transfers to enable oversight, proper management, data protection, and policy enforcement.

SEE MFT technology is engineered to handle the changes in file transfer over time including file sizes and volume and the need for increased levels of protection.

SEE MFT is a versatile technology that can be deployed as a stand-alone software, integrated into other business applications or delivered as a hosted service.


SEEBURGER Managed File Transfer Solution – Components

SEE Adapter

End point client to connect any system in the network, any file type, any operating system and any file size supported

Application and protocol specific interface to integrate applications via various standard protocols (ex. OFTP2)

Human to Human, Human to System and Ad Hoc large file exchange. Integrated with popular Email system for ease of use

Base Functions

GovernancePolicy ManagementMulti-OS and A2A support

End-to-End-VisibilityCheckpoint and RestartContent filtering

Event and Activity ManagementReporting and AdministrationManagement and measurement

SEE LINK SEE FX

ApplicationAdapter

Application

SEE LINK

SEE LINK

Systems

End Point ProvisioningSecure multiprotocolcommunicationProcess control and automation


SEEBURGER at a Glance

Leading – Ranked as Global leader for Business Integration by independent analysts (i. e. Gartner and Forrester).

International – 19 worldwide offices.

Successful – 8,500 customers from all industries, Solutions for Automotive since inception for small, mid, and enterprise businesses.

Comprehensive – Solutions for B2B, MFT, A2A, BPM and Community Management

Independent – profitable since 1986

Focused on industries & standards


Our Core Business: Business Integration focused on connecting people, processes and technology

Scalable solutions for any size of company

Compatible with all ERP Systems

Supports all B2B Standards

100 % Trading Partner Integration

Packaged MFT Solutions

Industry Solutions

Solution extensions for SAP (Auto, Utilities)

On Premise/Managed Services/Cloud Offering


Contact Details

Brian JolleySEEBURGER (734) 634 - [email protected]

Akram Yunas, Program Manager, AIAG(248) [email protected] Supplier Connectivity Project Report Available: www.aiag.org

mailto:[email protected]

mailto:[email protected]

http://www.aiag.org/


© Copyright 2011 SEEBURGER AG. All rights reserved.The information in this document is proprietary to SEEBURGER. Neither any part of this document, nor the whole of it may be reproduced, copied, or transmitted in any form or purpose without the express prior written permission of SEEBURGER AG. Please note that this document is subject to change and may be changed by SEEBURGER at any time without notice. SEEBURGER‘s Software product, the ones of its business partners may contain software components from third parties.

SAP®, SAP® R/3®, SAP NetWeaver®, SAP® Exchange Infrastructure, ABAP™ are registered trade marks of the SAP AG or the SAP AG Deutschland (Germany), as well as Microsoft®, Windows®, Outlook®, NT®, Word®, EXCEL® and PowerPoint® are the ones of the Microsoft Corporation.Oracle is a registered Mark of the Oracle Corporation as well as UNIX and X/Open are registered Marks of the Open Group.HTML, XML, XHTML and W3C are Marks or registered Marks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.Java is a trade Mark of Sun Microsystems, Inc. JBOSS is a registered Mark of the JBOSS Inc.

4avis®, 4classification®, 4everything®, 4invoice®, 4invoice WEBflow®, 4order®, BIS:explore®, BIS:open®, BIS:open UX®, BIS:pdx®, BIS:plm®, FAX2XML®, Free Form Interpreter Kontierung Dialog Workflow®, FreeFormation®, FreiForm®, iMartOne®, Paper2ERP®, SEEBURGER®, SEEBURGER Business-Integration-Server®, SEEBURGER DocumentSuite®, SEEBURGER Logistic Solution Professional®, SEEBURGER Web Supplier Hub®, SEEBURGER Workflow®, SEEBURGER-CASEengine®, SEEBURGER-invoiceCONSOLE®, SEEBURGER-WEBflow®, SmartRetailConnector®, TRAVELinvoice®, WebVERA®, WinELKE® and other products or services of SEEBURGER which appear in this document as well as the according logos are marks or registered marks of the SEEBURGER AG in Germany and of other countries worldwide. All other products and services names are marks of the mentioned companies. All contents of the present document are noncommittal and have a mere information intention. Produkts and services may be country-specific designed.All other mentioned company and software designations are trade marks or unregistered trade marks of the respective organisations and are liable to the corresponding legal regulations.

The information in this document is proprietary to SEEBURGER. No part of this document may be reproduced, copied, or transmitted in any form or purpose without the express prior written permission of SEEBURGER AG.

This document is a preliminary version and not subject to your license agreement or any other agreement with SEEBURGER. This document contains only intended strategies, developments, and functionalities of the SEEBURGER product and is not intended to be binding upon SEEBURGER to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SEEBURGER at any time without notice.

SEEBURGER assumes no responsibility for errors or omissions in this document. SEEBURGER does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

SEEBURGER shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence.

The statutory liability for personal injury and defective products is not affected. SEEBURGER has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party web pages nor provide any warranty whatsoever relating to third-party web pages.