The visit by the IT security consultants from Konica Minolta IT Solutions was the first time that medium-sized company Fried had ever had experts on site to highlight the importance of IT security. Based on the analysis, Fried was able to quickly identify weaknesses and establish a security concept. Beside the implementation of a modern firewall, many proposed best practice measures that did not require any additional investment also proved very helpful.
As a successful SME, Fried Kunststofftechnik employs around 250 people in the manufacture of technical precision parts and assemblies from plastic for use in the medical engineering, mechanical engineering and automotive sectors. IT systems that have grown and matured over decades support both administration and production operations. “In terms of IT security, we implemented the standard systems, i.e. installed antivirus software and operated a firewall,” reports Johannes Thomas, Head of IT and Controlling at Fried Kunststofftechnik. However, company management still did not feel fully protected, as Thomas describes: “Since our IT security had never really been subjected to a proper end-to-end check until now, there was doubt as to whether our IT processes were actually secure from a technical and organisational perspective.”
A security presentation attended by company boss Gerhard Fried during a corporate event provided the impetus to take a closer look at IT security. With the objectives of establishing a clear IT security concept, sensitising employees, implementing guidelines and potentially also offering useful software and hardware additions, Fried therefore invited Konica Minolta IT Solutions to attend an exchange-of-information meeting at the company.
During the on-site meeting, the experts from Konica Minolta IT Solutions spoke in detail with the managing directors and IT managers from Fried about the history of IT security and the current situation at the company. The security specialists then explained how they could help further by using the Top 10 analysis, which forms the basis for the security consulting offer of Konica Minolta IT Solutions.
Among other things, the concept is oriented to standards and guidelines, such as those of the German Federal Office for Information Security (BSI IT-Grundschutz), recommendations from analysts such as IDC, Gartner and Forrester, as well as the expertise gained from many IT security projects. It contains ten topic areas, including encryption, authorisations and log management, which are investigated in detail. “We were impressed by the whole concept, as it has the structure of an audit and we had to take responsibility for our IT security as a company. This is precisely what we were looking for, a focused and critical outside view of our IT systems without any risk of operational blindness,” stresses Thomas.
The one-day kick-off workshop and the audit meetings then took place three months later. “During the analysis, the level of detail in the questions really surprised us in a positive way. Things were addressed that we may never even have considered,” comments Thomas. For example, questions were asked as to whether certain firewall ports are enabled and various network protocols are activated.
Just one week later, the final presentation was held and the detailed plan delivered. Among other things, the documentation contains clearly structured graphic evaluation elements of the queried subject areas, as well as evaluations based on the traffic light system – Fried initially had a lot of red areas. In addition to this, the SME received a schedule and recommendations as to how the security loopholes could be closed.
The experts from Konica Minolta IT Solutions then performed a re-evaluation of the security situation during a review meeting seven months later. This showed that many improvements had already been achieved and that numerous weak points had been completely eliminated. In several key areas, additional investments were not even needed, as Thomas describes: “Without having to spend any money, we were able to change the handling of our employees’ passwords, as well as access rules for external service providers, for example. In addition, we also control user access authorisation to various folders and documents far more restrictively than before.”
Although financial costs were accrued for the procurement of a high-performance firewall, the Head of IT and Controlling considers the capital expenditure entirely appropriate for the new security concept. Neither the costs for the security consulting services nor for the additional hardware and software exceeded the budget. The benefits, on the other hand, cannot be overestimated.