Transparency, administrative assistance, cost cutting, and improved quality in logging administrative processes with automated reporting – these are the objectives that VDI/VDE Innovation + Technik GmbH plans to accomplish by standardising IT processes. This way, rights management, access control and vulnerabilities can be understood easily, rapidly and reliably, while meeting the requirements of VDI/VDE customers for a certified Information Security Management System (ISO 27001:2013). Regulating the assignment and management of rights is a key component, which becomes increasingly complex once a certain number of employees are involved. The leading service provider in innovation and technology has placed its trust in the 8MAN rights managementsolution. This solution by Protected Networks GmbH has now been deployed with customers: As a long-standing Berlin-based company with over 30 years of experience, VDI/VDE IT advises on the analysis, promotion and organisation of technology and innovation at every stage of the innovation process. A broad national and international customer base from politics, research, industry and finance has relied on it for years.
This customer base is as diverse as the company's options. Clients of VDI/VDE IT include federal and state ministries, the European Commission, non-European governments, banks and holding companies as well as industrial companies, research institutions and universities. Its portfolio therefore includes scientific services as much as the management of technology and innovation policy grants as a project sponsor.
The wide range of tasks reflects the service company's bundled expertise. Its concentrated knowledge is collected, stored and processed in data each and every day. This often involves internal information that may not be made public at any cost. The data – for example, knowledge of innovations, research and more – is therefore subject to strict security provisions that rigorously prevent the abuse or theft of data. However, the valuable information is at risk both internally and externally. Related scenarios include attacks such as social engineering, which can result in a major risk from within the company's own ranks.
"IT security needs to be something companies can take for granted. However, that is easier said than done if you don't know all possible ways to attack or else they are so diverse you cannot possibly give equal attention to all of them. In our case, the high number of customers that are government agencies means that we are required to observe tight regulations and strict provisions on IT security. Naturally, we pass these requirements on directly to our subcontractors," says Markus Nagel, Department Manager for Information Management and Data Processing at VDI/VDE IT GmbH. The rights management technology 8MAN is a product that, as one of its strengths, has undertaken to implement the ISO 27001:2013 – Information Security Management standard. "It is even better: 8MAN delivers results that go beyond the standard," Nagel praises.
Among the most relevant aspects of the service provided by the data processing unit at VDI/VDE IT are processes and rulebooks, as they are the only way to guarantee IT security. "Our primary objective when deploying a rights management technology was and is regulation, and thus auditability," confirms Andrej Stein, computer scientist at VDI/VDE Innovation + Technik GmbH. "We needed the ability to log administrative processes in a manner that is controlled, transparent and secure to meet our customers' requirements. It helps us enormously that we are able to access the required reports automatically, instead of having to locate them all laboriously by hand," Stein remarks. The computer scientist initiated the call for a rights management technology. The overriding objective was to satisfy the international standard ISO 27001. It specifies security mechanisms within an Information Security Management System.
One of the strengths of 8MAN is that it passes the standard's test. The test looks at the scope and quality in which a company has implemented relevant requirements from regulations and standards such as BSI IT-Grundschutz or ISO 2700x. IT security, data protection and compliance officers can use 8MAN to create reports on the existing rights situation for the test.
This is a relevant product in every way, for those directives and structures form the basis of companies. It is evident just how relevant these standards are: the lack of structure often leads to enormous gaps in data security. If gaps are not closed in time, the consequences can be extremely painful for all involved. They can range from a tarnished company image to dizzying economic losses or personal liability that may even be punished with a prison sentence.
8MAN has achieved its objective of certified control. At the end of 2014, the high quality of VDI/VDE IT was confirmed with the certification audit for an Information Security Management System (ISMS) in accordance with ISO 27001. VDI/VDE IT was certified for processes performed as a project sponsor for German federal ministries. The certifying body is TÜV NORD CERT GmbH.
"8MAN has made this certification very easy for us. The technology was installed virtually overnight. We introduced 8MAN in just one afternoon, and after a short briefing, everyone who needs to work with 8MAN was able to use the technology," computer scientist Stein relates from experience. "Even the auditors were very pleased," he adds. Since then, Protected Networks and VDI/VDE IT have ensured cooperative and reliable security transparently and rapidly.
Not only does 8MAN perform tests according to legal standards, but the technology also visualises who has access to which data when, and where the access situation has changed. This makes it possible to document which actions were performed and when.
The overview is accessible on File and Exchange servers, in Active Directory, SharePoint and VMware vSphere. In addition to automation, creating groups is easy and quick. Nagel was particularly impressed by the automated documentation made possible by 8MAN. "The reports are a little painful, initially. It's the first time you see spelled out just how much work there is still to do. On the other hand, we now have a guarantee for our security. And if issues do arise, we'll just ask Susi Support – that's the name of the flexible and fast IT helpline at 8MAN", Nagel grins.
Industry: Service provider and project sponsor for the organisation and management of innovation and engineering.
Registered office: Berlin, Germany