How to Avoid Data Breach Disasters in Automotive Supply Chains


Published on

AutomotiveNews Webinar 10.11.2011

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

How to Avoid Data Breach Disasters in Automotive Supply Chains

  1. 1. Avoiding Data Breach Disasters in Automotive Supply Chains Brian Jolley | Senior IT Specialist, Automotive Akram J. Yunas | Program Manager AIAG SEEBURGER North America- 1 - © SEEBURGER AG 2011
  2. 2. Objectives Share insight into the pervasiveness of Data Breach. Discuss the financial liability of Data Breach. Identify Data Security related business pressures. Point out how Data Breach risk is being elevated. AIAG Perspective - Global Supply Chain Network Connectivity. Highlight Automotive data exchange trends. Get control with Managed File Transfer solutions. Identify industry leading solutions to mitigate risks and protect data.- 2 - © SEEBURGER AG 2011
  3. 3. Pervasiveness of Data Breach “When asked what keeps them up at night, 24 percent of CIO’s polled said that their top worry is keeping their organizations’ sensitive data out of the wrong hands – the most cited response.” In a survey of 1400 Technology Executives in the US 21% estimate the average company experiences 3 - 5 breaches in a year. “The CIO Insomnia Project” | Robert Half Technologies 2011- 3 - © SEEBURGER AG 2011
  4. 4. Financial Liability of Data Breach “Symantec Corp. (Nasdaq: SYMC) and the Ponemon Institute today released the findings of the 2010 Annual Study: U.S. Cost of a Data Breach, which reveals data breaches grew more costly for the fifth year in a row. The average organizational cost of a data breach increased to $7.2 million and cost companies an average of $214 per compromised record, markedly higher when compared to $204 in 2009.“ Symantec Corporation | March 8, 2011- 4 - © SEEBURGER AG 2011
  5. 5. Polling Question 1 Which of the following best describes your company policies regarding data security? A. Policies are clearly defined and strictly enforced. B. General guidelines exist but are loosely enforced. C. Policies vary from department to department and application to application. D. I am unaware of policies regarding the transfer of unstructured files.- 5 - © SEEBURGER AG 2011
  6. 6. Data Security Related Business Pressures Regulatory Compliance Mandates Federal and State regulations have been enacted mandating that businesses securely manage the transfer of electronic data. Profit Leakage from SLA violations Using unreliable FTP connections in critical business processes creates a huge business impact when there are problems/failures/interruptions: Orders cannot be booked, Delivery cannot be initiated, Delivery times with customers are not met (SLA violation) which will directly lead to lost profit, penalties, etc. Brand & Image Protection Data Breach has a negative impact on the Brand and Image of the company where it has occurred. Customers ask, “This company is unable to keep confidential data confidential, should we continue to work with them?”.- 6 - © SEEBURGER AG 2011
  7. 7. Data Security Related Business Pressures FTP “Spaghetti” Uncontrolled deployment of FTP connections between internal applications as well as transfer beyond the firewall is a tangled mess. No control on process, no security, no audit-trail. Partner & Customer Privacy Requirements Even without a legal mandate, customers may impose their security rules on their suppliers and expect that data coming from them is treated in a secure/controlled way.- 7 - © SEEBURGER AG 2011
  8. 8. Polling Question 2 How often are reports or database queries downloaded from your ERP environment for distribution to other applications or individuals? A. Frequently – multiple times daily B. A few times per week C. Monthly processes D. Rarely- 8 - © SEEBURGER AG 2011
  9. 9. Raising Data Breach Risk Despite the costly liabilities, risky files transfer practices abound in the savviest of enterprises - users often download free trials of FTP software. − Without the knowledge of IT. − Violating compliance standards. − Inadequate content validation before and after file transfer. − Unsecure transfer. Without a unified view of files being transferred companies have no chance to control or stop unauthorized behavior. Dealing with a myriad of file transfer modes make forensic investigation after an incident cumbersome and costly. Additionally there is a movement away from proprietary networks to the public internet for communications.- 9 - © SEEBURGER AG 2011
  10. 10. Global Supply Chain Network Connectivity-Industry Collaborations Enabling Standards Based Interoperability October 11, 2011 Akram Yunas, Program Manager, AIAG Automotive News Webinar
  11. 11. Automotive Industry Action Group… Message From J. Scot Sharland, AIAG Executive Director : “ In the past 15 years…our world and industry have changed dramatically. A new generation of automotive professionals and AIAG volunteers are now being tasked with eliminating cost and complexity in an even more challenging and unpredictable business environment. To successfully drive continuous improvement in global data connectivity… it is imperative that we fundamentally understand and thoroughly vet new technology options…challenge the logic with respect to current standards & the need for higher levels of performance in the areas of speed, security and reliability and…lastly…reaffirm our commitment to work together for our mutual benefit.” 11
  12. 12. Board of Directors 1 2
  13. 13. Global Alliances 1 3
  14. 14. Project Introduction Collaborative Supply Chain Data Network Connectivity-2011 ProjectBusiness Drivers:• What low cost alternatives exist for data exchange for the electronically- enabled supply chain?• Are the low cost alternatives as reliable as current approaches given that these solutions often take advantage of the Public Internet?• Can appropriate levels of security for legal, contractual, regulatory and product tracking information be maintained using a low cost alternative?• Is the current performance and scalability of trading partner information exchanges adversely impacted if a low cost alternative is implemented?• Can Automotive OEMs and Suppliers develop a means to offer cost effective alternatives in the transmission of business and technical information?• Can a common approach be identified and be recommended for the Automotive Industry? 1
  15. 15. VisionSupplier Connectivity Project Launched: March 2010• Automotive Industry supported open standards for communication and transport of Electronic Data• Evaluate and review similar solutions from other industries• Categorize Communication methods by Supply Chain Management business processes and CAD/CAE information requirements – Type – Volume – Security – Global, regional or country specific – Cost value/ROI 1
  16. 16. Project Introduction Collaborative Supply Chain Data Network Connectivity-2011 Project126 Automotive Companies Provided ResourcesProject Leads:• Betty Young, Chrysler Group LLC, Chair• Jerry Finefrock, ANX, Co Chair• Doug Halliday, Trubiquity, Chair Technical Requirements• Henriette Douglas, Covisint, Document Coordinator• Deb Jablonski, Midway Products, Document CoordinatorCorporate Liaisons:• Marilyn Smith, General Motors, AIAG Loaned Executive• Monique Oxender, Ford Motor Company, AIAG Loaned Executive• Morris Brown, Chrysler Group LLC, AIAG Chrysler Loaned Executive 1
  17. 17. AIAG Project- Key Accomplishments• Captured Industry Requirements for Connectivity• Mapped Internet Solutions to Private Network – Pros and Cons• Evaluated IP based solutions and provided implementation case studies• Evaluated State of Connectivity in non-automotive industries via implementation case studies• Captured OEM existing Connectivity Landscape• Captured OEM moving forward connectivity strategies• Captured OEM to Supplier future recommendationsResulting in a renewed game changing supply chain connectivity landscape… 17
  18. 18. OEM LANDSCAPE – 2011 EDI Ford GM Chrysler Honda 1.Public Internet 1.Public Internet 1.Public Internet 1.Public Internet Standard EDI 2.ANX 2.ANX 2.ANX 2.ANX( Machine to Machine) Web EDI(low volume or non EDI Public Internet Public Internet Public Internet Public Internet capable) Engineering Ford GM Chrysler Honda & CADOn-line Engineering 1.Public Internet 1.Public Internet 1.Public Internet N/A (“Direct Connect”) 2.ANX 2.ANX 2.Private Circuit CAD File Exchange Public Internet Public Internet Public Internet Public Internet (off-line engineering) Private Circuit
  19. 19. Global Challenges, Complexities and Opportunities Europe Asia South America Where Are We ? 1
  20. 20. European OEM Connectivity Landscape2011Status BMW Daimler Fiat Ford GM Jaguar PSA Renault VW Volvo GroupAccess 1. ENX 1. ENX 1. ENX 1. ENX 1. ENX 1. ENX 1. ENX 1. ENX 1. ENX 1. ENX 2. ISDN 2. ISDN 2.TCP/IP 2.TCP/IP 2. VAN 2.TCP/IP 2. VAN 2. VAN 2. Public 2.Public (GSX, (GXS) (GXS) Internet Internet Planning Planning 3. ISDN Covisint) 3. ISDN TCP/IP TCP/IP 3.ISDN 3.ISDNProto- 1. OFTP 1. OFTP 1. FTP 1. OFTP 1. FTP 1. OFTP 1. OFTP 1.OFTP 1. OFTP 1. OFTP 2. OFTP2 2. Web 2. OFTP 2. FTP 2. OFTP 2. FTP 2. OFTP2 2. FTP 2. OFTP2 2. OFTP2cols 3. SFTP 3. Web (Engineer) 3. Web (Logistics) 3. SFTP 3. FTP 3. Web 4. FTP Planning Planning Planning OFTP2 OFTP2 OFTP2EDI VDA VDA ODETTE VDA EDIFACT VDA EDIFACT EDIFACT VDA EDIFACT ODETTE ODETTE EDIFACT EDIFACT EDIFACT ODETTE ODETTE EDIFACT ODETTE EDIFACT EDIFACT ANSIX12 ANSIX12 ODETTE ANSIX12 ANSIX12 20
  21. 21. Next Steps at AIAG: Validation Pilot “Internet Based Solution For Global Supply Chain Connectivity”Industry Sponsors:• AIAG, Automotive Industry Action Group (N.A)• Odette, European Standards Organization (Europe)• JAMA, Japan Auto Manufacturers Association (Asia) 21
  22. 22. Conclusion & Take Away….• Private Networks provide a valuable service in todays connectivity domain. They are current connectivity performance standard.• Private Internet (PI) has matured to a point where it now meets automotive industry requirements in terms of security, reliability, speed and bandwidth.• North American OEMs have endorsed PI based solutions as an “approved option” in their supplier connectivity toolkit.• European OEMs are fast transitioning to PI as their preferred and or required “connectivity medium”. 2
  23. 23. Conclusion & Take Away….• Asia Pacific is in the planning stages of migrating to Private Internet for supply chain connectivity.• OFTP 2, an industry developed open standard, is fast becoming the leading protocol which is enabling internet based connectivity. OFTP 2 is compliant to global auto industry connectivity requirements .• Connectivity solutions are not one size fits all. Selection criteria is driven by enterprise specific requirements.• The AIAG working Group projects that Internet based connectivity solutions are expected to save the automotive supply chain millions in direct costs, within the next 5 years. 23
  24. 24. Automotive Data Exchange Trends Movement from proprietary VAN„s to public internet based communications. − Business Driver – Cost Larger files are being exchanged. − Business Driver – Heavy payload, sensitive data – CAD, CAE, High Res Pictures, Video, Graphics,Test Data Compliance Regulation − Business Driver – Government and Trading Partner rules of exchange Strong focus on supplier integration − Business Driver – High diversity in infrastructure raises questions regarding small tier supplier readiness to securely handle data. Increased Data Security Focus- 24 - © SEEBURGER AG 2011
  25. 25. Polling Question 3 At your company, what is the most commonly used method for moving large files from one system or individual to another? A. E-mail B. Shared Folders on an internal network C. Managed File Transfer solution D. Individual FTP processes E. USB thumb drive device- 25 - © SEEBURGER AG 2011
  26. 26. Getting Control with Managed File Transfer Managed File Transfer helps reduce the risk of Data Breach Providing Visibility of people, processes and systems affecting and being affected by messages, files, and transactions. Delivering Monitoring which enables companies to proactively/reactively track these messages, files and transactions as they flow through systems and among people. Establishing Security to address risk, identity, access and authentication issues. Providing Adaptability to connect systems and infrastructures. Delivers Provisioning which enables an enterprise to rapidly onboard systems, companies, individuals, and manage all aspects of change. Enabling automated Workflow which allows a company to design, test, and execute processes associated with a file transfer. Source: Gartner – “Key Issues for Managed File Transfer”- 26 - © SEEBURGER AG 2011
  27. 27. What is MFT? Simple definition from the analyst community: Secure Communications Check Point/ Compression Encryption Restart Workflow Management Repository with Auditing and Logging- 27 - © SEEBURGER AG 2011
  28. 28. Comprehensive MFT/B2B Solution compared to FTP Features FTP MFT MFT Provides a Secure, Cross Platform File ASCII / EBCDIC / Image / Binary X X Transfer Solution file transfers − Encryption Send/Receive files X X − Guaranteed Delivery Point-to-point application links X Just-in-time processing X − End to end process automation Non invasive X X − Empower operations staff Guaranteed delivery X Once and only once delivery X MFT is a complete solution set designed to Logical Naming and Addressing X support all of your file transfer needs Full Error Handling X − One Common User Interface Internet enabled X X − Central Management and Control Advanced Triggering X Advanced Security X − Global Visibility – Intra and Advanced Monitoring X Extra enterprise Broadcasting X − Automation for file transfer related End-to-end managed file transfers X activities and processes. Full Automation X- 28 - © SEEBURGER AG 2011
  29. 29. From File Transfer spaghetti architecture… ERP CRM Finance Platform 6 EAI Platform 5 Partner- 29 - © SEEBURGER AG 2011
  30. 30. …to Managed File Transfer (MFT) ERP CRM Finance MFT Suite Plattform 6 EAI Plattform 5 Partner- 30 - © SEEBURGER AG 2011
  31. 31. SEEBURGER Approach – SEE MFT Adopt an MFT strategy that allows IT teams to centrally manage, monitor, audit and report on file transfers across all critical applications. SEE MFT consolidates and centralizes file transfers to enable oversight, proper management, data protection, and policy enforcement. SEE MFT technology is engineered to handle the changes in file transfer over time including file sizes and volume and the need for increased levels of protection. SEE MFT is a versatile technology that can be deployed as a stand-alone software, integrated into other business applications or delivered as a hosted service.- 31 - © SEEBURGER AG 2011
  32. 32. SEEBURGER Managed File Transfer Solution – Components SEE LINK SEE Adapter SEE FX End point client to connect Human to Human, Human Application and protocol any system in the network, to System and Ad Hoc large specific interface to integrate any file type, any operating file exchange. Integrated applications via various system and any file size with popular Email system standard protocols (ex. OFTP2) supported for ease of use Systems Application SEE SEE Application LINK LINK Adapter Base Functions Governance End-to-End-Visibility Event and Activity End Point Provisioning Policy Management Checkpoint and Restart Management Secure multiprotocol Multi-OS and A2A Content filtering Reporting and Administration communication support Management and Process control and measurement automation- 32 - © SEEBURGER AG 2011
  33. 33. SEEBURGER at a Glance Leading – Ranked as Global leader for Business Integration by independent analysts (i. e. Gartner and Forrester). International – 19 worldwide offices. Successful – 8,500 customers from all industries, Solutions for Automotive since inception for small, mid, and enterprise businesses. Comprehensive – Solutions for B2B, MFT, A2A, BPM and Community Management Independent – profitable since 1986 Focused on industries & standards- 33 - © SEEBURGER AG 2011
  34. 34. Our Core Business: Business Integration focused on connecting people, processes and technology Scalable solutions for any size of company Compatible with all ERP Systems Supports all B2B Standards 100 % Trading Partner Integration Packaged MFT Solutions Industry Solutions Solution extensions for SAP (Auto, Utilities) On Premise/Managed Services/ Cloud Offering- 34 - © SEEBURGER AG 2011
  35. 35. Contact Details Brian Jolley Akram Yunas, Program SEEBURGER Manager, AIAG (734) 634 - 9031 (248) 358-9758 Supplier Connectivity Project Report Available: 35 - © SEEBURGER AG 2011
  36. 36. © Copyright 2011 SEEBURGER AG. All rights reserved. The information in this document is proprietary to SEEBURGER. Neither any part of this document, nor the whole of it may be reproduced, copied, or transmitted in any form or purpose without the express prior written permission of SEEBURGER AG. Please note that this document is subject to change and may be changed by SEEBURGER at any time without notice. SEEBURGER„s Software product, the ones of its business partners may contain software components from third parties. SAP®, SAP® R/3®, SAP NetWeaver®, SAP® Exchange Infrastructure, ABAP™ are registered trade marks of the SAP AG or the SAP AG Deutschland (Germany), as well as Microsoft®, Windows®, Outlook®, NT®, Word®, EXCEL® and PowerPoint® are the ones of the Microsoft Corporation. Oracle is a registered Mark of the Oracle Corporation as well as UNIX and X/Open are registered Marks of the Open Group. HTML, XML, XHTML and W3C are Marks or registered Marks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a trade Mark of Sun Microsystems, Inc. JBOSS is a registered Mark of the JBOSS Inc. 4avis®, 4classification®, 4everything®, 4invoice®, 4invoice WEBflow®, 4order®, BIS:explore®, BIS:open®, BIS:open UX®, BIS:pdx®, BIS:plm®, FAX2XML®, Free Form Interpreter Kontierung Dialog Workflow®, FreeFormation®, FreiForm®, iMartOne®, Paper2ERP®, SEEBURGER®, SEEBURGER Business-Integration- Server®, SEEBURGER DocumentSuite®, SEEBURGER Logistic Solution Professional®, SEEBURGER Web Supplier Hub®, SEEBURGER Workflow®, SEEBURGER-CASEengine®, SEEBURGER-invoiceCONSOLE®, SEEBURGER-WEBflow®, SmartRetailConnector®, TRAVELinvoice®, WebVERA®, WinELKE® and other products or services of SEEBURGER which appear in this document as well as the according logos are marks or registered marks of the SEEBURGER AG in Germany and of other countries worldwide. All other products and services names are marks of the mentioned companies. All contents of the present document are noncommittal and have a mere information intention. Produkts and services may be country-specific designed. All other mentioned company and software designations are trade marks or unregistered trade marks of the respective organisations and are liable to the corresponding legal regulations.  The information in this document is proprietary to SEEBURGER. No part of this document may be reproduced, copied, or transmitted in any form or purpose without the express prior written permission of SEEBURGER AG.  This document is a preliminary version and not subject to your license agreement or any other agreement with SEEBURGER. This document contains only intended strategies, developments, and functionalities of the SEEBURGER product and is not intended to be binding upon SEEBURGER to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SEEBURGER at any time without notice.  SEEBURGER assumes no responsibility for errors or omissions in this document. SEEBURGER does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.  SEEBURGER shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence.  The statutory liability for personal injury and defective products is not affected. SEEBURGER has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party web pages nor provide any warranty whatsoever relating to third-party web pages.- 36 - © SEEBURGER AG 2011