Application of X-FORT in the information security policy
Located in the southern part of Akita Prefecture next to Akita City, Yokote City has a population of 100,000, making it the second largest city by population in Akita Prefecture. The old Yokote City and seven villages and townships of the old Hiraka District were merged to form the new Yokote City in October 2005. For many years Yokote City has been dedicated to passing down the various folk activities, which are based on the traditional culture of “kamakura”, that have given it the name “hometown of snow”. Yokote City has dedicated efforts to protecting the natural environment for many years, developing a new city that is a “new local city that flexibly utilizes nature and history”. Furthermore, the local cuisine “Yokote Stir-fried Noodles” have become famous nationwide in recent years.
Q: Why did you begin to evaluate the information security system X-FORT?
Mr. Murata: Information is handled in a number of ways in the city hall and must be managed. Actually, the prevention of data leakage was not implemented at the time due to budget issues. Several of data leakage incidents occurred in succession at the time and forced us to implement an information security policy as soon as possible. This is why we began to evaluate the implementation of the information security system.
Q: Did the city and townships that were merged into Yokote City have any information security measures?
Mr. Murata: None of the city, villages, and townships had an information security system before being merged. At the time, measures only included promoting “Please implement information management”. The eight city/village/township had significantly different information management concepts, and the concepts of units with relaxed data management and units with strict data management were widely apart. For example, matters that were important warning signs to units with strict management were not considered that serious to units with relaxed management. Under these circumstances, it is necessary to raise the overall awareness of crisis management. Due to time constraints, however, we decided to first adopt an information security system to protect our information, especially since the information we have belongs to citizens. We absolutely cannot let data leakage incidents occur.
Q: When the city and townships have different understanding of information management, how is the information security policy implemented?
Mr. Murata: It is possible that the policy will not be properly executed if it were decided based on a consensus. Hence, we first decided the responsible unit, and then the unit selected the most suitable solution for Yokote City, which was approved by high level officials before deciding to introduce the product.
Q: There is a wide variety of data security products in the market, why did you choose X-FORT?
Mr. Murata: Yokote City Hall basically does not allow data to be brought out. Hence, when we were searching for an information security product to prevent information from be brought out without permission, we found that it was simpler to prohibit all information from being brought out, but this made it inconvenient for work. This is why we searched for a product that enabled “transparency” when bringing out information, meaning that the information security system requires approval and the supervisor can see what information was brought out. It was not necessary to add functions one after another after using the system because it met all of our requirements at the beginning. X-FORT had the advantage because it offered all of the functions we needed and more.
Yokote City Hall has two systems, one for processing the information of residents and the other for general affairs. The city hall has 90 locations outside the office building. We plan to use an information security system for all locations, and whether or not the network architecture of each location could operate normally under different environments was a key point in product selection. This made it very difficult to select a product at the time. X-FORT can operate normally in all environments, so we had a very high opinion of it.
Summary of implementation
Q: What is the scale of equipment and network for implementing X-FORT?
Mr. Takahashi: X-FORT has currently been implemented in 10 offices in the city. Furthermore, of the 120 locations with 2-3 computers, including activity centers, libraries, and hospitals (parts that exchange information with Yokote City), 90 locations have implemented X-FORT; there are a total of 1,300 clients.
Q: What are the advantages of X-FORT?
Mr. Murata: A system is very appealing when it can not only control and access records, but also be used for asset management. From our perspective, X-FORT has all of the functions we want, and it is also very thoughtful from users’ perspective. To control data that is written to external storage devices, there are detailed settings to prohibit writing data or allow exceptions. This function was designed very well. If the only choices were to prohibit or allow writing data, any request to write data would have to be allowed if there were no reason to prohibit it, but X-FORT provides other settings for more flexibility.
X-FORT has many advantages, but I think the most practical function is the supervisor review function. It can require approval from the supervisor to copy information to an external storage device when the information needs to be brought out. This control method allows the supervisor to correctly manage what information is brought out by employees. If the same tasks are performed on paper, the work will become extremely complex and become a burden on managers. X-FORT can automatically record information on the applicant, the reviewer, and the information that is about to be brought out. The review process is completed imperceptibly and approval is naturally completed. This is our most important goal and we are very satisfied with X-FORT for being able to achieve it.
Benefits of implementation
Q: What are the effects of implementing X-FORT?
Mr. Murata: It strengthens employees’ information security awareness. When we first implemented X-FORT, employees said it was extremely troublesome and inconvenient to their work, but we explained to them to not copy files if possible, and only bring out data that must be copied. We also explained that the data they bring out, the files they rename or delete will be recorded, so they should think carefully before acting. As information security awarenessis gradually put into practice, users develop the mentality to refrain from certain behavior. X-FORT does indeed bring great benefits. Even though we do not prohibit employees from browsing websites, and we do not monitor and record the contents viewed by employees, our employees do not often visit websites unrelated to work.
In terms of IT understanding, government agencies are 10 years behind private enterprises, so most supervisors are not familiar with IT and do not really understand what young employees are doing. However, supervisors are now able to review what information is brought out by their subordinates without any extra burden. X-FORT achieves a transparent process of bringing out information.