how to avoid data breach disasters in automotive supply chains
DESCRIPTION
AutomotiveNews Webinar 10.11.2011TRANSCRIPT
- 1 - © SEEBURGER AG 2011
Avoiding Data Breach Disasters in Automotive Supply Chains
Brian Jolley | Senior IT Specialist, AutomotiveSEEBURGER North America
Akram J. Yunas | Program Manager AIAG
- 2 - © SEEBURGER AG 2011
Objectives
Share insight into the pervasiveness of Data Breach.
Discuss the financial liability of Data Breach.
Identify Data Security related business pressures.
Point out how Data Breach risk is being elevated.
AIAG Perspective - Global Supply Chain Network Connectivity.
Highlight Automotive data exchange trends.
Get control with Managed File Transfer solutions.
Identify industry leading solutions to mitigate risks and protect data.
- 3 - © SEEBURGER AG 2011
Pervasiveness of Data Breach
“When asked what keeps them up at night, 24 percent of CIO’s polled said that their top worry is keeping their organizations’ sensitive data out of the wrong hands – the most cited response.”
In a survey of 1400 Technology Executives in the US 21% estimate the average company experiences 3 - 5 breaches in a year.
“The CIO Insomnia Project” | Robert Half Technologies 2011
- 4 - © SEEBURGER AG 2011
Financial Liability of Data Breach
“Symantec Corp. (Nasdaq: SYMC) and the Ponemon Institute today released the findings of the 2010 Annual Study: U.S. Cost of a Data Breach, which reveals data breaches grew more costly for the fifth year in a row. The average organizational cost of a data breach increased to $7.2 million and cost companies an average of $214 per compromised record, markedly higher when compared to $204 in 2009.“
Symantec Corporation | March 8, 2011
- 5 - © SEEBURGER AG 2011
Which of the following best describes your company policies regarding data security?A. Policies are clearly defined and strictly
enforced.B. General guidelines exist but are loosely
enforced.C. Policies vary from department to
department and application to application.
D. I am unaware of policies regarding the transfer of unstructured files.
Polling Question 1
- 6 - © SEEBURGER AG 2011
Data Security Related Business Pressures
Regulatory Compliance MandatesFederal and State regulations have been enacted mandating that businesses securely manage the transfer of electronic data.
Profit Leakage from SLA violationsUsing unreliable FTP connections in critical business processes creates a huge business impact when there are problems/failures/interruptions: Orders cannot be booked, Delivery cannot be initiated, Delivery times with customers are not met (SLA violation) which will directly lead to lost profit, penalties, etc. Brand & Image ProtectionData Breach has a negative impact on the Brand and Image of the company where it has occurred. Customers ask, “This company is unable to keep confidential data confidential, should we continue to work with them?”.
- 7 - © SEEBURGER AG 2011
Data Security Related Business Pressures
FTP “Spaghetti”Uncontrolled deployment of FTP connections between internal applications as well as transfer beyond the firewall is a tangled mess. No control on process, no security, no audit-trail.
Partner & Customer Privacy RequirementsEven without a legal mandate, customers may impose their security rules on their suppliers and expect that data coming from them is treated in a secure/controlled way.
- 8 - © SEEBURGER AG 2011
How often are reports or database queries downloaded from your ERP environment for distribution to other applications or individuals?A. Frequently – multiple times dailyB. A few times per weekC. Monthly processesD. Rarely
Polling Question 2
- 9 - © SEEBURGER AG 2011
Raising Data Breach Risk
Despite the costly liabilities, risky files transfer practices abound in the savviest of enterprises - users often download free trials of FTP software.
− Without the knowledge of IT.− Violating compliance standards.− Inadequate content validation before and after file transfer.− Unsecure transfer.
Without a unified view of files being transferred companies have no chance to control or stop unauthorized behavior.
Dealing with a myriad of file transfer modes make forensic investigation after an incident cumbersome and costly.
Additionally there is a movement away from proprietary networks to the public internet for communications.
Global Supply Chain Network Connectivity- Industry Collaborations Enabling Standards
Based InteroperabilityOctober 11, 2011
Akram Yunas, Program Manager, AIAGAutomotive News Webinar
Message From J. Scot Sharland, AIAG Executive Director :
“ In the past 15 years…our world and industry have changed
dramatically. A new generation of automotive
professionals and AIAG volunteers are now being tasked with eliminating cost
and complexity in an even more challenging and unpredictable business
environment. To successfully drive continuous improvement in global
data connectivity…
it is imperative that we fundamentally understand and thoroughly vet new
technology options…challenge the logic with respect to current
standards & the need for higher levels of performance in the areas of
speed, security and reliability and…lastly…reaffirm our commitment to
work together for our mutual benefit.”
11
Automotive Industry Action Group…
12
Board of Directors
13
Global Alliances
Collaborative Supply Chain Data Network Connectivity-2011 Project
Business Drivers: • What low cost alternatives exist for data exchange for the electronically-
enabled supply chain?• Are the low cost alternatives as reliable as current approaches given that
these solutions often take advantage of the Public Internet?• Can appropriate levels of security for legal, contractual, regulatory and
product tracking information be maintained using a low cost alternative? • Is the current performance and scalability of trading partner information
exchanges adversely impacted if a low cost alternative is implemented?• Can Automotive OEMs and Suppliers develop a means to offer cost
effective alternatives in the transmission of business and technical information?
• Can a common approach be identified and be recommended for the Automotive Industry?
14
Project Introduction
15
Vision
Supplier Connectivity Project Launched: March 2010
• Automotive Industry supported open standards for communication and transport of Electronic Data
• Evaluate and review similar solutions from other industries
• Categorize Communication methods by Supply Chain Management business processes and CAD/CAE information requirements– Type– Volume– Security– Global, regional or country specific– Cost value/ROI
Collaborative Supply Chain Data Network Connectivity-2011 Project
126 Automotive Companies Provided Resources
Project Leads:• Betty Young, Chrysler Group LLC, Chair• Jerry Finefrock, ANX, Co Chair• Doug Halliday, Trubiquity, Chair Technical Requirements• Henriette Douglas, Covisint, Document Coordinator• Deb Jablonski, Midway Products, Document Coordinator
Corporate Liaisons: • Marilyn Smith, General Motors, AIAG Loaned Executive• Monique Oxender, Ford Motor Company, AIAG Loaned Executive• Morris Brown, Chrysler Group LLC, AIAG Chrysler Loaned Executive
16
Project Introduction
• Captured Industry Requirements for Connectivity
• Mapped Internet Solutions to Private Network – Pros and Cons
• Evaluated IP based solutions and provided implementation case studies
• Evaluated State of Connectivity in non-automotive industries via implementation case studies
• Captured OEM existing Connectivity Landscape
• Captured OEM moving forward connectivity strategies
• Captured OEM to Supplier future recommendations
Resulting in a renewed game changing supply chain connectivity landscape… 17
AIAG Project- Key Accomplishments
Allowable / Required Connectivity Types- North AmericaOEM LANDSCAPE – 2011
EDI Ford GM Chrysler Honda
Standard EDI ( Machine to Machine)
1.Public Internet2.ANX
1.Public Internet2.ANX
1.Public Internet2.ANX
1.Public Internet2.ANX
Web EDI (low volume or non EDI
capable)Public Internet Public Internet Public Internet Public Internet
Engineering& CAD
Ford GM Chrysler Honda
On-line Engineering (“Direct Connect”)
1.Public Internet2.ANX
1.Public Internet2.ANX
1.Public Internet2.Private Circuit N/A
CAD File Exchange (off-line engineering) Public Internet Public Internet Public Internet
Private Circuit Public Internet
Europe Asia South America
Where Are We ?
19
Global Challenges, Complexities and Opportunities
20
European OEM Connectivity Landscape
2011 Status
BMW Daimler Fiat Ford GM Jaguar PSA Renault VWGroup
Volvo
Access 1. ENX
2. ISDN
PlanningTCP/IP
1. ENX
2. ISDN
PlanningTCP/IP
1. ENX
2.TCP/IP
1. ENX
2.TCP/IP
3. ISDN
1. ENX
2. VAN(GSX,
Covisint)
1. ENX
2.TCP/IP
3. ISDN
1. ENX
2. VAN(GXS)
1. ENX
2. VAN(GXS)
1. ENX
2. Public Internet
3.ISDN
1. ENX
2.Public Internet
3.ISDN
Proto-cols
1. OFTP2. OFTP23. SFTP
1. OFTP2. Web
PlanningOFTP2
1. FTP2. OFTP
1. OFTP2. FTP3. Web
Planning OFTP2
1. FTP2. OFTP
1. OFTP2. FTP
Planning OFTP2
1. OFTP2. OFTP2(Engineer)3. FTP
1.OFTP2. FTP3. Web
1. OFTP2. OFTP2(Logistics)3. Web
1. OFTP2. OFTP23. SFTP4. FTP
EDI VDAODETTEEDIFACTANSIX12
VDAODETTEEDIFACTANSIX12
ODETTEEDIFACT
VDAEDIFACTANSIX12
EDIFACT VDAEDIFACTANSIX12
EDIFACTODETTE
EDIFACTODETTE
VDAEDIFACTODETTE
EDIFACTODETTE
Validation Pilot “Internet Based Solution For Global Supply
Chain Connectivity”
Industry Sponsors:• AIAG, Automotive Industry Action Group (N.A)• Odette, European Standards Organization (Europe)• JAMA, Japan Auto Manufacturers Association (Asia)
21
Next Steps at AIAG:
• Private Networks provide a valuable service in todays connectivity domain. They are current connectivity performance standard.
• Private Internet (PI) has matured to a point where it now meets automotive industry requirements in terms of security, reliability, speed and bandwidth.
• North American OEMs have endorsed PI based solutions as an “approved option” in their supplier connectivity toolkit.
• European OEMs are fast transitioning to PI as their preferred and or required “connectivity medium”.
22
Conclusion & Take Away….
• Asia Pacific is in the planning stages of migrating to Private Internet for supply chain connectivity.
• OFTP 2, an industry developed open standard, is fast becoming the leading protocol which is enabling internet based connectivity. OFTP 2 is compliant to global auto industry connectivity requirements .
• Connectivity solutions are not one size fits all. Selection criteria is driven by enterprise specific requirements.
• The AIAG working Group projects that Internet based connectivity solutions are expected to save the automotive supply chain millions in direct costs, within the next 5 years.
23
Conclusion & Take Away….
- 24 - © SEEBURGER AG 2011
Automotive Data Exchange Trends
Movement from proprietary VAN‘s to public internet based communications.− Business Driver – Cost
Larger files are being exchanged.− Business Driver – Heavy payload, sensitive data – CAD, CAE,
High Res Pictures, Video, Graphics,Test Data
Compliance Regulation− Business Driver – Government and Trading Partner rules of exchange
Strong focus on supplier integration− Business Driver – High diversity in infrastructure raises questions regarding
small tier supplier readiness to securely handle data.
Increased Data Security Focus
- 25 - © SEEBURGER AG 2011
At your company, what is the most commonly used method for moving large files from one system or individual to another?A. E-mailB. Shared Folders on an internal networkC. Managed File Transfer solutionD. Individual FTP processesE. USB thumb drive device
Polling Question 3
- 26 - © SEEBURGER AG 2011
Getting Control with Managed File Transfer
Managed File Transfer helps reduce the risk of Data Breach
Providing Visibility of people, processes and systems affecting and being affected by messages, files, and transactions.
Delivering Monitoring which enables companies to proactively/reactively track these messages, files and transactions as they flow through systems and among people.
Establishing Security to address risk, identity, access and authentication issues.
Providing Adaptability to connect systems and infrastructures.
Delivers Provisioning which enables an enterprise to rapidly onboard systems, companies, individuals, and manage all aspects of change.
Enabling automated Workflow which allows a company to design, test, and execute processes associated with a file transfer.
Source: Gartner – “Key Issues for Managed File Transfer”
- 27 - © SEEBURGER AG 2011
What is MFT?
Simple definition from the analyst community:
Workflow
Management
Secure Communications
Compression
Repository with Auditing and Logging
Check Point/Restart Encryption
- 27 - © SEEBURGER AG 2011
- 28 - © SEEBURGER AG 2011
Comprehensive MFT/B2B Solution compared to FTP
MFT Provides a Secure, Cross Platform File Transfer Solution
− Encryption− Guaranteed Delivery− End to end process automation− Empower operations staff
MFT is a complete solution set designed to support all of your file transfer needs
− One Common User Interface− Central Management and Control− Global Visibility – Intra and
Extra enterprise− Automation for file transfer related
activities and processes.
Features FTP MFTASCII / EBCDIC / Image / Binary file transfers
X X
Send/Receive files X X
Point-to-point application links X
Just-in-time processing X
Non invasive X X
Guaranteed delivery X
Once and only once delivery X
Logical Naming and Addressing
X
Full Error Handling X
Internet enabled X X
Advanced Triggering X
Advanced Security X
Advanced Monitoring X
Broadcasting X
End-to-end managed file transfers
X
Full Automation X
- 29 - © SEEBURGER AG 2011
From File Transfer spaghetti architecture…
Platform 6
Platform 5
CRM
ERP
EAI
Finance
Partner
- 30 - © SEEBURGER AG 2011
…to Managed File Transfer (MFT)
Plattform 6
Plattform 5
CRM
ERP
EAI
Finance
Partner
MFT Suite
- 31 - © SEEBURGER AG 2011
SEEBURGER Approach – SEE MFT
Adopt an MFT strategy that allows IT teams to centrally manage, monitor, audit and report on file transfers across all critical applications.
SEE MFT consolidates and centralizes file transfers to enable oversight, proper management, data protection, and policy enforcement.
SEE MFT technology is engineered to handle the changes in file transfer over time including file sizes and volume and the need for increased levels of protection.
SEE MFT is a versatile technology that can be deployed as a stand-alone software, integrated into other business applications or delivered as a hosted service.
- 32 - © SEEBURGER AG 2011
SEEBURGER Managed File Transfer Solution – Components
SEE Adapter
End point client to connect any system in the network, any file type, any operating system and any file size supported
Application and protocol specific interface to integrate applications via various standard protocols (ex. OFTP2)
Human to Human, Human to System and Ad Hoc large file exchange. Integrated with popular Email system for ease of use
Base Functions
GovernancePolicy ManagementMulti-OS and A2A support
End-to-End-VisibilityCheckpoint and RestartContent filtering
Event and Activity ManagementReporting and AdministrationManagement and measurement
SEE LINK SEE FX
ApplicationAdapter
Application
SEE LINK
SEE LINK
Systems
End Point ProvisioningSecure multiprotocolcommunicationProcess control and automation
- 33 - © SEEBURGER AG 2011
SEEBURGER at a Glance
Leading – Ranked as Global leader for Business Integration by independent analysts (i. e. Gartner and Forrester).
International – 19 worldwide offices.
Successful – 8,500 customers from all industries, Solutions for Automotive since inception for small, mid, and enterprise businesses.
Comprehensive – Solutions for B2B, MFT, A2A, BPM and Community Management
Independent – profitable since 1986
Focused on industries & standards
- 34 - © SEEBURGER AG 2011
Our Core Business: Business Integration focused on connecting people, processes and technology
Scalable solutions for any size of company
Compatible with all ERP Systems
Supports all B2B Standards
100 % Trading Partner Integration
Packaged MFT Solutions
Industry Solutions
Solution extensions for SAP (Auto, Utilities)
On Premise/Managed Services/Cloud Offering
- 35 - © SEEBURGER AG 2011
Contact Details
Brian JolleySEEBURGER (734) 634 - [email protected]
Akram Yunas, Program Manager, AIAG(248) [email protected] Supplier Connectivity Project Report Available: www.aiag.org
- 36 - © SEEBURGER AG 2011
© Copyright 2011 SEEBURGER AG. All rights reserved.The information in this document is proprietary to SEEBURGER. Neither any part of this document, nor the whole of it may be reproduced, copied, or transmitted in any form or purpose without the express prior written permission of SEEBURGER AG. Please note that this document is subject to change and may be changed by SEEBURGER at any time without notice. SEEBURGER‘s Software product, the ones of its business partners may contain software components from third parties.
SAP®, SAP® R/3®, SAP NetWeaver®, SAP® Exchange Infrastructure, ABAP™ are registered trade marks of the SAP AG or the SAP AG Deutschland (Germany), as well as Microsoft®, Windows®, Outlook®, NT®, Word®, EXCEL® and PowerPoint® are the ones of the Microsoft Corporation.Oracle is a registered Mark of the Oracle Corporation as well as UNIX and X/Open are registered Marks of the Open Group.HTML, XML, XHTML and W3C are Marks or registered Marks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.Java is a trade Mark of Sun Microsystems, Inc. JBOSS is a registered Mark of the JBOSS Inc.
4avis®, 4classification®, 4everything®, 4invoice®, 4invoice WEBflow®, 4order®, BIS:explore®, BIS:open®, BIS:open UX®, BIS:pdx®, BIS:plm®, FAX2XML®, Free Form Interpreter Kontierung Dialog Workflow®, FreeFormation®, FreiForm®, iMartOne®, Paper2ERP®, SEEBURGER®, SEEBURGER Business-Integration-Server®, SEEBURGER DocumentSuite®, SEEBURGER Logistic Solution Professional®, SEEBURGER Web Supplier Hub®, SEEBURGER Workflow®, SEEBURGER-CASEengine®, SEEBURGER-invoiceCONSOLE®, SEEBURGER-WEBflow®, SmartRetailConnector®, TRAVELinvoice®, WebVERA®, WinELKE® and other products or services of SEEBURGER which appear in this document as well as the according logos are marks or registered marks of the SEEBURGER AG in Germany and of other countries worldwide. All other products and services names are marks of the mentioned companies. All contents of the present document are noncommittal and have a mere information intention. Produkts and services may be country-specific designed.All other mentioned company and software designations are trade marks or unregistered trade marks of the respective organisations and are liable to the corresponding legal regulations.
The information in this document is proprietary to SEEBURGER. No part of this document may be reproduced, copied, or transmitted in any form or purpose without the express prior written permission of SEEBURGER AG.
This document is a preliminary version and not subject to your license agreement or any other agreement with SEEBURGER. This document contains only intended strategies, developments, and functionalities of the SEEBURGER product and is not intended to be binding upon SEEBURGER to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SEEBURGER at any time without notice.
SEEBURGER assumes no responsibility for errors or omissions in this document. SEEBURGER does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
SEEBURGER shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence.
The statutory liability for personal injury and defective products is not affected. SEEBURGER has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party web pages nor provide any warranty whatsoever relating to third-party web pages.