Protecting Your Information Assets from Security Breaches ...

- 1 - © SEEBURGER AG 2011

Protecting Your Information Assets from

Security Breaches and Data Leakage


What is the problem and why?

What are well run companies

doing globally to protect their

information assets?


Reducing Risk by ensuring Data Security

Well Run Companies are focused on:

Meeting Compliance Mandates and Legislation

Protecting Data Assets and Intellectual Property

This impacts all C-Level stakeholders


How big is the issue

“When asked what keeps them up at night, 24 percent of CIO’s polled said

that their top worry is keeping their organizations’ sensitive data out of the

wrong hands – the most cited response.”

In a survey of 1400 Technology Executives in the US 21% estimate the

average company experiences 3 - 5 breaches in a year.

“The CIO Insomnia Project” | Robert Half Technologies 2011


What is the Financial Liability of Data Breach

“Symantec Corp. (Nasdaq: SYMC) and the Ponemon Institute today released

the findings of the 2010 Annual Study:

U.S. Cost of a Data Breach, which reveals data breaches grew more costly

for the fifth year in a row. The average organizational cost of a data breach

increased to $7.2 million and cost companies an average of $214 per

compromised record, markedly higher when compared to $204 in 2009.“

Symantec Corporation | March 8, 2011


Examples of information at Risk

Intellectual Property (product design and specifications)

Customer Lists

Employee Compensation

HR data (i.e. 401K and HIPPA)

CAD and Engineering Drawings

Pricelists

Point of Sale Data

Contracts and RFPs

Financial and Tax data

Sensitive product launch details

Data your company is entrusted to managed (i.e. credit card numbers)

Product Test Data

Business plans

And Much More…………….


Legacy technology putting companies at risk:

FTP Servers – No visibility or control.

Email – Very limited policy management

B2B (EDI) processing on separate disparate systems

Media storage devices (i.e. USB and CD)


It’s time for Managed File Transfer

MFT Solves Strategic Challenges by:

Providing Visibility of people, processes and systems affecting and being affected by

messages, files, and transactions

Delivering Monitoring which enables companies to proactively/reactively track these

messages, files and transactions as they flow through systems and among people

Establishing Security to address risk, identity, access and authentication issues

Providing Adaptability to connect systems and infrastructures

Delivers Provisioning which enables an enterprise to rapidly onboard systems,

companies, individuals, and manage all aspects of change

Enabling automated Workflow which allows a company to design, test, and execute

processes associated with a file transfer

Source: Gartner – “Key Issues for Managed File Transfer”


What drives investment in MFT?

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

Pro

tec

tin

g s

en

sit

ive

d

ata

tra

nsfe

rs-B

2B

Pre

ve

nt

da

ta l

oss

Co

mp

lia

nc

e -

Inte

rn

al

Cre

ati

ng

a s

tro

ng

a

ud

it t

ra

il

Co

mp

lia

nc

e -

Ex

tern

al

Co

ntr

oll

ing

c

osts

/sta

yin

g i

n

bu

dg

et

Eli

min

ati

ng

un

ma

na

ge

d

FT

P

Inc

re

asin

g IT

sta

ff

pro

du

cti

vit

y

Op

tim

izin

g e

-ma

il

pe

rfo

rm

an

ce

MF

T C

on

so

lid

ati

on

Au

tom

ati

ng

w

ork

flo

ws

Re

pla

cin

g H

om

e

Gro

wn

Data

Se

curity

Com

plia

nce

Cost C

ontr

ol


What is MFT?

Simple definition from the analyst community:

Management

Secure Communications

Repository with Auditing and Logging

Workflow

Compression Encryption Check Point/

Restart

B2B


SEEBURGER’s Business Integration Suite Consolidates MFT with B2B

Managed Integration

Fully automated

System-to-System

Managed Collaboration

Interactive or semi automated

Human-to-Human, System-to-Human

Managed B2B

Fully automated and interactive

B2B standards

SE

EB

UR

GE

R

Bu

sin

ess In

teg

rati

on

Su

ite


Managed Integration

SEEBURGER Managed File Transfer Solution – Components

SEE Adapter

End point client to connect

any system in the network,

any file type, any operating

system and any file size

supported

Application and protocol

specific interface to integrate

applications via various

standard protocols (FTP, SFTP,

HTTP(s), ...)

Human to Human, Human

to System and Ad Hoc large

file exchange. Integrated

with popular Email system

for ease of use

Base Functions

Governance

Policy Management

Multi-OS & A2A

support

End-to-End-Visibility

Checkpoint & Restart

Content filtering

Event & Activity Management

Reporting & Administration

Management & measurement

SEE LINK SEE FX

Application

Adapter

Application

SEE

LINK

SEE

LINK

Systems

End Point Provisioning

Secure multiprotocol

communication

Process control & automation



SEEBURGER Integration Platform

Pro

ce

ss

Ac

tivit

ies

Business Integration Server

Process Management

Process Monitoring

Process Development

Portal

Managed B2B/MFT

Human Interaction Workflow


File eXchange (SEE FX)

Community Management

Rollout | Self Service | WebEDI/B2B

Transport

Transformation

Adapters

Components

Ma

na

ge

In

teg

rati

on

Business Activity Monitoring

Event Montoring | Operational Dashboard

Provisioning

Auto install | Auto upgrade | Heart beat check

Process Execution


Internal File Sharing with Governance (Sending)

User authenticates with the portal.

Single sign-on and LDAP (Active Directory) supported.

File is securely sent over an encrypted connection.

File at rest is also encrypted.

Payload is scanned for unauthorized and inappropriate key words.

File sharing can be restricted, based upon content.

Customer List

VP of Sales


Internal File Sharing with Governance (Receiving)


Access is not limited to only internal network.

Recipient group is on approved list for file type.

Policy enforcement for file movement.

File securely downloaded over an encrypted connection.

Event is logged in audit trail and forwarded to SYSLOG.

Customer List

Marketing Dept


External File Transaction with Governance (Sending)

Plugin tightly integrates with email client.

Microsoft Outlook 2007, 2010, and other market leaders

File is securely sent over an encrypted connection.

Unlimited file attachment size.

Payload is scanned for unauthorized and inappropriate content.

Third party virus scanner can also be leveraged.

Product Design

Engineer


External File Transaction with Governance (Receiving)


Compatible with all popular email clients.

Restricted recipients and number of downloads.

Non-repudiation.

File securely downloaded over an encrypted connection.

Event is logged in audit trail and forwarded to SYSLOG.

Product Design

Manufacturer


SEEBURGER at a Glance

Leading – Ranked as Global leader for Business Integration by Independent analysts (i.e.

Gartner and Forrester)

International – 19 worldwide offices

Successful – 8,500 customers from various industries; over 25% run SAP

Comprehensive – Solutions for B2B, MFT, A2A, BPM, and Communitty Mgt

Independent – profitable since 1986

Focused on industries & standards


Who else benefits with SEEBURGER?

SEEBURGER References


Customer Story – COOP C U S T O M E R S T O R Y

The company COOP is the second largest retailer in Switzerland,

with over 1400 retail outlets. It is a leader in eco- and fair trade products.

Requirements

Doubling of EDI partners and processes in a short time

frame caused by increased partner relationships.

Modeling of Non-EDIFACT-processes

Solution

BIS 6 for the creation of the necessary infrastructure

Advantages: Faster updated process overview, technical /

business monitoring, more precise process cost allocation, process analysis etc.

Customer benefits

Operating System compatability - no dependence on Microsoft Windows, usable with

SUN Solaris clusters

Direct integration of sister companies with various integration points offered by BIS 6


Customer Story – E.ON

Business processes

Customer exchange data from/to market partner

Processing of electric meter data

Invoices to special contract customers

Processing of net schedules

Internal SAP-to-SAP communication

various confirmation messages

Message formats

EDIFACT, XML, database

Communication

X.400, Mail, SAP

Data volume with unbundling

Per month: 1,7 Terabyte

Peak: 31 GB/hour)

C U S T O M E R S T O R Y

Transfer Net

Operator

Special Contract

Customers

Distribution Net

Operator

External

Partners

Internal systems (SAP, Archive system, ORACLE-database)


Kurt Siegl, Director of IT & Finance Projects at Magna:

»The project management with SEEBURGER and the expertise of the employees were excellent. We

were also very grateful for SEEBURGER's flexibility and swiftness. After all, we had to switch to BIS in

a matter of six months. Working with SEEBURGER, we were able to achieve our objective of reducing

our costs even faster.«

Customer Story – MAGNA

The Challenge

Magna wanted to make its extensive information network with approx. 60 international subsidiaries and

more than 500 customers and suppliers more efficient and decided to consolidate its worldwide processes

on a central platform. Another objective was to reduce the workload of smaller sites that have no EDI

system of their own. For this purpose, Magna was looking for a high performance platform with a high

degree of automation for a multitude of processes that would ensure the rapid and secure exchange of data.

Moreover, Magna was looking for first class worldwide service and 24/7 follow-the-sun support.



Customer Story – MAGNA C U S T O M E R S T O R Y

Message

Tracking

Magna IT

SEEBURGER

BIS 6 as a

central platform

ERP 1

ERP 3

ERP 2

Future automotive

portals for supplier

integration

Purchase orders,

invoices,

delivery notes,

credit notes,

JIT/JIS,

JIT delivery

schedules,

collective daily

delivery notes

Customers

All major OEMs such

as BMW, Audi,

Porsche, GAZ Group

(Russia), ...

Suppliers

WebEDI etc.

Up to 60 subsidiaries

in Europe, Asia and

North America

External partners Magna IT

Business processes

Delivery schedules

JIT delivery schedules

Purchase orders

Invoices

JIT/JIS processes

Credit notes

Collective daily

delivery notes

The benefits:

Cost savings through worldwide consolidation with BIS for all formats and business processes

Monitoring with the SEEBURGER Process & Message Tracking

Automated supplier integration planned with SEEBURGER's automotive portal

Rapid integration within a matter of six months without affecting any suppliers

Proximity through worldwide service

Message formats: ODETTE, EDIFACT, ANSI X.12 | Communication: OFTP, FTP, SFTP, VAN


Customer Story – OSRAM

The Challenge

Due to the worldwide EDI consolidation and the integration of additional partners, the data volume

increased by approx. 50 percent per year.

The benefits

Future-proof because BIS is based on service-oriented architecture (SOA) and supports standards

such as Business Process Execution Language (BPEL)

High-performance SAP connection solved a bottleneck of the past and made additional server nodes

obsolete

Full Web Service Support for communication with various internal and external business applications

Process designer that maps services and business processes through a graphical user interface

A flexible trading partner management that allows faster, centralized change management across

hierarchical levels

Increased operational transparency through improved Message Tracking & Monitoring



Customer Story – OSRAM

Implemented Business Processes:

Purchase orders

delivery schedules

order confirmations

delivery previews

Invoices

payment previews

… and many more

EDI project team at OSRAM:

»Our EDI volume has grown continually over the past years because the BIS made it easy to do so.

We were also faced with new requirements regarding message and communication standards.

SEEBURGER BIS enables us to handle such increasing volumes and new requirements.«

SAP

R/3

OSRAM Suppliers

Customers



© Copyright 2011 SEEBURGER AG. All rights reserved.

The information in this document is proprietary to SEEBURGER. Neither any part of this document, nor the whole of it may be reproduced, copied, or transmitted in

any form or purpose without the express prior written permission of SEEBURGER AG. Please note that this document is subject to change and may be changed by

SEEBURGER at any time without notice. SEEBURGER„s Software product, the ones of its business partners may contain software components from third parties.

SAP®, SAP® R/3®, SAP NetWeaver®, SAP® Exchange Infrastructure, ABAP™ are registered trade marks of the SAP AG or the SAP AG Deutschland (Germany),

as well as Microsoft®, Windows®, Outlook®, NT®, Word®, EXCEL® and PowerPoint® are the ones of the Microsoft Corporation.

Oracle is a registered Mark of the Oracle Corporation as well as UNIX and X/Open are registered Marks of the Open Group.

HTML, XML, XHTML and W3C are Marks or registered Marks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.

Java is a trade Mark of Sun Microsystems, Inc. JBOSS is a registered Mark of the JBOSS Inc.

4avis®, 4classification®, 4everything®, 4invoice®, 4invoice WEBflow®, 4order®, BIS:explore®, BIS:open®, BIS:open UX®, BIS:pdx®, BIS:plm®, FAX2XML®,

Free Form Interpreter Kontierung Dialog Workflow®, FreeFormation®, FreiForm®, iMartOne®, Paper2ERP®, SEEBURGER®, SEEBURGER Business-Integration-

Server®, SEEBURGER DocumentSuite®, SEEBURGER Logistic Solution Professional®, SEEBURGER Web Supplier Hub®, SEEBURGER Workflow®,

SEEBURGER-CASEengine®, SEEBURGER-invoiceCONSOLE®, SEEBURGER-WEBflow®, SmartRetailConnector®, TRAVELinvoice®, WebVERA®, WinELKE®

and other products or services of SEEBURGER which appear in this document as well as the according logos are marks or registered marks of the SEEBURGER AG

in Germany and of other countries worldwide.

All other products and services names are marks of the mentioned companies. All contents of the present document are noncommittal and have a mere information

intention. Produkts and services may be country-specific designed.

All other mentioned company and software designations are trade marks or unregistered trade marks of the respective organisations and are liable to the

corresponding legal regulations.

The information in this document is proprietary to SEEBURGER. No part of this document may be reproduced, copied, or transmitted in any form or purpose without

the express prior written permission of SEEBURGER AG.

This document is a preliminary version and not subject to your license agreement or any other agreement with SEEBURGER. This document contains only intended

strategies, developments, and functionalities of the SEEBURGER product and is not intended to be binding upon SEEBURGER to any particular course of

business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SEEBURGER at any time without

notice.

SEEBURGER assumes no responsibility for errors or omissions in this document. SEEBURGER does not warrant the accuracy or completeness of the information,

text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but

not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

SEEBURGER shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the

use of these materials. This limitation shall not apply in cases of intent or gross negligence.

The statutory liability for personal injury and defective products is not affected. SEEBURGER has no control over the information that you may access through the

use of hot links contained in these materials and does not endorse your use of third-party web pages nor provide any warranty whatsoever relating to third-party

web pages.


Additional support slides for targeted users


Complete, End-to-End File Transfer Solution with Governance

Specialty/legacy Apps

BW

ERP

HR

SEE LINK

SEE LINK

Fire

wa

ll

Comprehensive Visibility

PI

SEE MFT

B2B

secure eMail,

large files

AS2

FTPs, SFTP

HTTPs


SEEBURGER MFT Helps You Become Compliant

Dual Control and Role-Based Access Controls

Secure Login (SSL) and Unique Session Token

Password Strength and Expiry Enforcement

Alerting and Event Notification

Event Auditing and Log Aggregation (SYSLOG)

Protected Data in Motion (AS2 and Secure FTP)

Protected Data at Rest (PGP and File Encryption Adapter)

Protected Application Metadata (Database and Files)

SQL and JavaScript Injection Prevention

Modular Design Fits Secure Network Model

Secure File Transfer via Email

ICAP Interface Compatible with Spam Blocker and DLP

Core compliance aspects met with SEEBURGER Managed File Transfer solutions:

PII/PHI


SEEBURGER streamlines business process while reducing infrastructure costs by providing

our customers with comprehensive integration and secure Managed File Transfer (MFT)

solutions.

These solutions provide visibility to the farthest edges of the supply chain to maximize your

ERP‟s effectiveness and innovate your business.

SEEBURGER customers continue to lower total cost of ownership and reduce implementation

time with our unified platform that we‟ve precision-engineered from the ground up.

Protecting Your Information Assets from Security Breaches ...

Documents

Transcript of Protecting Your Information Assets from Security Breaches ...