All-In-One Compliance Packages protect your data
digitronic computersysteme GmbH
Category
Data Security/Compliance Project of the Year
Entry Description
As the world embraces new technologies, it must also accept and prepare for complex challanges, most notably, personal data theft and cyber attacks. In 2016, the European Commission released a new regulation on data protection that overrode the existing national laws oft he 28 EU member states. This new regulation supports what is known as GDPR that ains to fortify data protection.
There is a pressing need for organizations to assess their current enviroment and implement the revised data framework if they aim to GDPR compliant.

real life: HQM Induserv GmbH is a subsidiary of the HQM Group. Their know-how consists of four core areas: quality service, container management and parts cleaning, metrology, calibration, job measurement and materials technology. The customers of HQM Induserv GmbH come from the plant and mechanical engineering, the automotive sector and medical technology. Customers value HQM induserv GmbH for its innovative strength and technological leadership.
The growing demands of the market and the rapid technical progress - including the automotive supplier sector - a consistent quality assurance for all, so that the HQM Induserv GmbH attaches great importance to compliance with the highest safety and security guidelines in the field of IT infrastructure.

Challenges:
How can the confidentiality of sensitive data be guaranteed? What options exist for providing easy and efficient authentication for a system at the same time? How can one meet these requirements in an effectively managed IT-infrastructure without being depended on expensive and often highly inflexible package solutions?
The access to sensitive data is often only handled via existing authorisation concepts. However, external service providers, the administrators of said authorisation concepts and attackers who impersonate those administrators can get access to this sensitive data as well, even if the data was encrypted.
Logging onto an IT-system by using a password suffers from its own divergent requirements: on the one hand a high-level of complexity for the password (secret) is necessary so that it can’t be found out through simple spying techniques; on the other hand, that level of complexity cannot be so high that the user is unable to remember his or her own password. Since security is most often given the highest priority, complex password policies lead to the infamous scribbled note hidden under the keyboard or to extremely time-consuming support efforts on the part of the administrators, due to the work involved in re-setting forgotten passwords or those that were incorrectly typed in several times over.

real life: HQM induserv GmbH was looking for security solutions for 2-factor authentication and encryption. During these discussions, digitronic® was given expert knowledge on the security issues 2- factor authentication and encryption during the audit in accordance with ISO 27001 and the new legal requirement of the EU General Data Protection Regulation (EU GDPR). After experiencing digitronic® live, it was no longer difficult for HQM induserv GmbH to decide on the product All-In-One Compliance Package.
HQM induserv GmbH was particularly impressed by the integration possibilities into the existing environment.

Innovative aspects:
The solution to this problem is the encryption of sensitive data in combination with a user administration that is separate from the existing authorisation concept, which helps to regulate the access to the sensitive data. With this separation, administrators are freed from the suspicion of willingly or unwillingly accessing sensitive data. Authorised users, on the other hand, are able to work with the encrypted data as they are used to. This way, the necessary acceptance of the solution by the user can be achieved.
With HiCrypt™ 2.0, the access key to sensitive data is back in the hands of the people who are responsible for its confidentiality. IT administrators provide the infrastructure, yet they do not give out the keys.
HiCrypt™ 2.0 combines this guarantee of owning the only key with a comfortable use, ingenious simplicity and a flexible adaptation to your protection needs.
To increase security, HiCrypt™ 2.0 supports the authentication of authorised users on the encrypted network drive with the help of a two-factor authentication.
SecureLogon 2.0 is 2-factor-authentication in which a highly complex secret is stored on a secure Token and unblocked by typing in a simpler PIN. The high level of security is a result of the fact that now 2 factors are necessary for successful authentication: the secure Token with the secret (possession) and the PIN (knowledge) required for unblocking.

real life: HQM induserv GmbH convinced the key argument in favor of digitronic® that the All-In-One Compliance package is a completely reliable security package that scores with a host of great features and intuitive operation. Particularly noteworthy is the on-site installation, which ran extremely professionally and without complications during operation. The excellent support with a guaranteed response time of less than 24 h can also only be rated as positive.