Information security risks have nowhere to hide after Setsuyo Enterprise Co., Ltd. implemented X-FORT
Setsuyo Enterprise Co., Ltd. became a wholly owned subsidiary of Mitsubishi Electric Group in April 2014. In the past, information security control was only implemented through firewalls and antivirus software. However, the parent company believes that all information, documents, and business dealings involve a company’s secrets, and that financial statements and revenue are especially important. Due to the parent company’s strict supervision and standards regarding information security risks, Setsuyo needs a powerful management tool that is easy-to-use.
When Setsuyo was selecting information security software, the system solutions provider Fujitsu’s recommendation and the Company’s internal requirements evaluation all pointed to FineArt Technology’s “X-FORT electronic data monitoring system” as the most suitable product in the market for the Company’s actual requirements on information security management. Therefore, Setsuyo began purchasing X-FORT’s external storage device control, website control, cloud control, MTP control, and software/hardware management modules in 2016.
X-FORT’s data protection capabilities resolve three pain points for Setsuyo
Liu Ling-Chun, Chief of the IT Section at Setsuyo, pointed out that when they were evaluating products in the market, they found that X-FORT won the silver medal at the Taipei International Invention Show in 2014, and placed first in the information security category of the Golden Young Award in 2016, so they were naturally inclined to select a product with a good reputation. Furthermore, another reason that they favored X-FORT was that it provided a concrete solution to the management tool they needed.
Three basic information security requirements of Setsuyo
- USB flash drive, HD external storage device control:
- The use of external storage devices inside the Company is managed by requiring the serial number for login. Encrypted USB external storage devices are used outside the company, preventing access to the storage device without logging in, which will result in data leakage.
- There is a clear distinction between website browsing and cloud control in terms of Internet access, and website browsing must be strictly controlled.
- Periodic inventory count for information software and hardware products
- X-FORT allows computer assets within the Company to be accurately determined, and can take an inventory of assets at any time. This enables IT personnel to immediately detect the installation of restricted software, so they can immediately respond and handle the situation.
“Ever since the Company installed X-FORT, administrators have been able to effective IT control, and it also saved the Company considerable cost” explained Section Chief Liu Ling-Chun. Administrators can enter keywords in the X-FORT Console to access the records of multiple (or all) personnel, or screen records by personnel and dates, The records can be listed by date or records for multiple types of events can be viewed together. Also, when unknown software or programs are installed on computers, X-FORT can immediately notify IT personnel via e-mail and further remind employees to abide by the Company’s information security regulations. These applications allow IT personnel to achieve timely management and use asset reports for effective management.
X-FORT significantly improves work efficiency and provides high flexibility for information security
The greatest difference made by X-FORT after one year is that it substantially improved the efficiency of information management. Section Chief Liu Ling-Chun said that they needed to manually inspect every computer during semi-annual inventory counts of the Company’s software and hardware. It takes 10-20 minutes for each computer, so it is not hard to imagine the immense amount of time it takes to inspect hundreds of computers. However, ever since they installed X-FORT, the software and hardware of each computer was listed on the management system, and it significantly reduced the waste of work efficiency from having employees take an inventory manually.
During the initial negotiation process, X-FORT offered flexible function combinations, so Setsuyo first purchased basic functions and then gradually added other modules when it discovered new needs in management later on. Also, encrypted files can be circulated and decrypted using the software. Employees did not need to change their habits during the installation process, and the intuitive user interface removed all fear of trying to learn a difficult system. The information security policy can be configured by department or individual employee (e.g., the accounting department needs to handle financial and tax statements), so related employees can be given access rights to specific software or websites.
Setsuyo currently implements the policy to prohibit all website browsing. Information security is sometimes a double-edged sword, and being too strict may make it inconvenient for employees when searching for data. A compromise was made and restrictions can be lifted with an application. Employees submit an application via e-mail and IT personnel change settings for the applicant to be able to browse work related websites. X-FORT also provides temporary policies.For example, when the design department needs to download image files from the cloud, it can submit an application to gain access rights during specific time periods.
Long-term training shows its effects in the building of information security concepts
Before implementing X-FORT, FineArtTechnology advisescompanies on how to select a suitable package based on their existing information security policy. For example, the Company relied on a fire wall in the past, but overlooked laptops as an information security vulnerability when they connected to the Company’s domain. This is why Setsuyo subsequently purchased X-FORT’s cloud management module for its diverse information security functions.
Section Chief Liu Ling-Chun mentioned that after Granstar implemented X-FORT, FineArt Technology provided a full day of product training for the IT department on how to use functions of X-FORT, during which it demonstrated how to use the software’s detailed functions. When Granstar encountered related issues later on, FineArt Technology’s customer services could remotely connect to computer and immediately and quickly resolve various issues.
The Company’s information security measures not only include software blocking, but also building employees’ awareness of information security. Setsuyo began organizing information security seminars every year since 2014, including information security regulations, how to avoid virus infections during routine operations, and even having the IT department send e-mails every Monday reminding employees of information security matters. The effects of information security training in recent years can not only be seen in the active response of employees to information security situations, but also the comprehensive information security management achieved by Setsuyo with the assistance of X-FORT.