Can You Improve Your Security and Maintain Employee Productivity Levels?
Manufacturing companies are creating staggering volumes of data. Product specs, manuals, inventory reports, sales quotes, catalogs, contracts, invoices — all are the lifeblood of the manufacturer. And the days of keeping all that information locked away in the basement data center, available only to employees who sit behind the firewall, are long gone.
Maximizing productivity requires that authorized employees and partners worldwide have easy and secure access to these documents, from any location on any device. That necessitates overcoming several obstacles, including working with disparate IT systems that don’t “talk” to each other, sharing large files with remote employees and partners, maintaining governance over regulated data to meet compliance requirements, and preventing breaches by cyber thieves who covet intellectual property and other sensitive information.
You’ve likely heard the term “big data” used to describe the amount of information companies create, collect and analyze to improve business processes and drive growth. To give you a sense of just how much information, consider this statistic from research firm IDC: By 2025, the global datasphere will grow by 163ZB — a trillion gigabytes, 10 times the 16.1ZB of data generated last year!
Manufacturing companies are among the top data producers, particularly as more embrace robotics, artificial intelligence (AI) and Industrial Internet of Things (IIoT) devices. IDC expects that by 2019, 75% of large manufacturers will update their operations and operating models with IoT and analytics-based situational awareness to mitigate risk and speed time-to-market. In other words, manufacturing companies are embracing cutting-edge technologies that create more data than ever.
For example, a single Siemens manufactured locomotive uses data that its 900 sensors generate to understand why a piece of equipment fails. This information enables Siemens to predict failures, helping its customers address potential problems before they happen. Sharing this data with Amtrak helped it reduce the number of delays by 33%.
This underscores why information sharing with external partners and customers has become business-critical. The challenge then becomes how to ensure all those parties have access to that data without it falling into the wrong hands.
The manufacturing sector is a prime target for cyber thieves. The 2017 IBM X-Force Threat Intelligence Index report places manufacturing third behind financial services and healthcare on its list of the most frequently hacked industries. There’s good news and bad news in IBM’s analysis.
First, the good news. In 2016, the manufacturing sector saw a 12% decrease in attacks from 2015. The bad news is that the proportion of “security incidents” — those attacks to which IBM gives its most serious classification — was almost 40% higher than the average across all industries. For that reason, IBM’s researchers believe the number of attacks and resulting data breaches were higher.
The IBM report states that, “the fact that very few manufacturing sector incidents were disclosed publicly in 2016 leads IBM X-Force researchers to suspect some underreporting.”
The responsibility for securing sensitive information like IP falls squarely on the manufacturer. A data breach requires spending enormous amounts of money and time to mitigate the damage, and can result in long-term damage to the brand’s reputation.
The trouble is that attempting to harden a company’s security posture can make file sharing and collaboration more difficult for users. That increases the risk that a data breach occurs due to the actions of an employee.
Manufacturers have deployed a variety of security solutions to identify and thwart threats from external hackers, malicious insiders or employees who make innocent mistakes that exposes data. But security can be the enemy of business agility. Notifications from security solutions disrupt user workflows and hurt their productivity, while complex tools further slow them down. Research finds that more people now simply ignore those alerts, and even work around information security policies.
So, what do they do? They take the initiative and start using consumer-oriented solutions like downloading files to USB thumb drives, or uploading them to a cloud-based service like Dropbox or Google Drive. This is not unique to the manufacturing industry, and has given rise to the so-called “Shadow IT” phenomenon because they’re using technologies that IT has not approved (or is even aware that they’re using).
These solutions are typically less secure than the systems where the content was originally generated, and are also not subject to the enterprise’s overall security monitoring. Furthermore, they do not provide IT sufficient visibility over the movement of files across the network, limiting what IT knows about who has accessed a file, and how it was shared. In the event of a data breach, that information is critical to identifying the cause and which files may have been exposed.
That is why manufacturers are increasingly deploying secure content collaboration solutions to strike a balance between improving user productivity and reassuring the CISO (and auditors) that sensitive data is shared securely. The better solutions can make the IT team’s job easier by tying in with the company’s existing network architecture and avoid the need to “rip-and-replace” on-premises systems, or make changes to private/hybrid/public cloud configurations.
An effective content-collaboration solution should play an instrumental role in an organization’s strategic information management policy. Ideally, this solution should address four key areas:
- Information Governance: You must implement the controls necessary to demonstrate compliance with internal policies and industry regulations like SOX, HIPAA, PCI, etc. This requires providing IT with full visibility into all file activity and, in the event of a security incident, the ability to supply that information in an auditable format to internal auditors, government regulators, or legal teams.
- Security: Leverage technologies that secure information as it moves among employees and outside your network. This includes encryption of content in transit and at rest, DLP and antivirus capabilities, and multi-factor authentication. Also, hold regular employee trainings on security policies and best practices, not just once as part of a new hire on-boarding process.
- Flexible Access: Enable your employees and partners to work whenever they want and wherever they are. That means providing access to files, wherever they are stored (on-premises and in the cloud) and enabling collaboration via email, on their computer/laptop browsers and on their mobile devices.
- Systems Integration: Provide employees access to all the content they need, even if it’s stored in multiple and disparate systems, via a single user interface. Ensure that changes to content are automatically synchronized in real-time for all users. This may require leveraging connectors that provide consistent access to all your content.
By establishing a secure governance perimeter around your most sensitive content, you can protect your information from prying eyes, enable employees to securely access and share files, and provide the IT and risk management/compliance teams with the controls and auditing and reporting capabilities they need to demonstrate compliance.
Yaron Galant is the chief product officer at Accellion, which he joined earlier this year with 25 years of experience in product strategy, management, and development. A pioneer in security and analytics, he has played a leading role in the creation of the Web Application Security space and has taken several products/organizations from early stage to commercially-deployed, scalable solutions. Before joining Accellion, he was CEO and Founder of Vieu Labs, where he led the creation of new modalities for interacting and collaborating through video, and chief product officer at Quantifind, where he helped transform raw technology into a predictive analytics solution for marketing executives. He has filed 16 patents.