"Thanks to 8MAN, we have a single point of administration and control. We always know who is accessing which data and resources, and from where."
First Sensor AG develops and produces standardized and customized sensor solutions for applications in the industrial, medical and mobility growth markets. Customers of the Berlin-based world leader in the provision of sensor technology include renowned industrial corporations and research institutes. What for customers of First Sensor is a treasure trove of expertise and skills from a single source had become a security nightmare for its IT department. The reasons stem from the group's diversity: "Different departments possess special industry skills in different locations. That means knowledge and expertise is spread across different companies worldwide. These first-rate skills result in data that is continually processed, communicated and stored again. The biggest challenge is to ensure that all the information is as secure as if it were in a safe," notes Sebastian Melchert, Director of IT at First Sensor AG.
All data that First Sensor AG creates, processes and uses is highly sensitive: after all, its remit includes sensor solutions for the health care industry and the development of sensors to assist process chains that will be automated in future. These achievements are of interest, and not only to competitors: risks also lurk in the company's own ranks. This is due to the fact that until now, it has been difficult for the IT staff at First Sensor AG to identify who had internal access to which data. There was no standardized system to reliably map and verify existing access rights or to assign them in a logical and structured manner. Little transparency was available on data access and undesired manipulation, creating a risk to the safekeeping of corporate data. This gave rise to another issue, the obligation to provide documentation and proof could only be achieved with a lot of manual work.
"We were not using a unified system to assist us in the structured assignment of data access rights, let alone in supplying an overview of the existing rights structure. We did everything by hand," Melchert says of the previous IT management. Authorization requests required a lot of work to process. In addition, audits had to be performed manually without the benefit of a system to provide assistance and structure. "Of course our customers have high data security standards. Monitoring the internal rights situation in line with compliance requirements was an absolutely necessary but highly laborious challenge", Melchert remarked.
In order to reduce the labor input of the IT department and ensure the smooth operation of the IT infrastructure, First Sensor AG put the purchase of an access rights management technology out to tender. However, many systems failed to meet the group's high standards. Automated documentation was a vital requirement that only the 8MAN access management technology was capable of satisfying. The system was developed by Protected Networks GmbH based in Berlin.
"We're delighted with the 8MAN access management technology," Melchert says. First Sensor AG has been using it since May 2014. Previously, access rights were assigned according to a standardized system, but this was still done by hand. "Before 8MAN, we didn't have an automated data summary or a way to obtain a transparent audit. 8MAN does all of that for us now. However, the first and foremost priority of the new system is to reduce the workload. That includes visualizing our authorizations clearly, documenting all user activities and movements on resources in real-time, and thereby fulfilling our obligation of proof. 8MAN does just that."
The access management technology "made in Germany" visualizes the access rights assigned to each employee for internal corporate data, and breaks down the result into a graphical overview. The IT structure of an entire employee group is visible at a glance. Access rights can be assigned by a simple drag and drop procedure. The automated documentation of all changes to these access rights is important, particularly where sensitive data is involved, as in the present case. This provides much-needed relief to administrators, not least because the technology reliably satisfies security requirements from guidelines and standards such as BSI IT-Grundschutz (German Federal Office of Information Security IT Basic Protection) and ISO 2700x.
Reducing the workload for its IT department remains a top priority for First Sensor. Melchert has already taken a step toward achieving this objective by introducing the 8MATE GrantMA. GrantMA (Grant Me Access) provides a web-based order platform for internal access rights applications. This means that in the future, specialist departments will be able to request access rights to data and approve these requests themselves. "We want to efficiently manage access rights for 500 employees. Systems like GrantMA help with this task enormously, because they enable each specialist department to decide quickly and at their own discretion who needs access to which data in order to do their job. Four staff are sufficient to safely manage the IT of 500 employees," Melchert states. Combined with the new flexibility enabled by GrantMA, First Sensor can continue to operate its site-specific corporate structure successfully without restrictions to its security concept.
8MAN is already in use at three First Sensor sites. The objective is to roll out 8MAN to all other sites in the near future. This will bring about a substantial workload reduction for the IT department while maintaining control of access rights. Alongside further additions that ensure an optimal customer experience, IT expert Mechert suggests small improvements, but generally praises the system's advantages:
"Overall it's a great product."
Industry: Sensor solutions provider
Registered office: Berlin, Germany