ZF deploys Thales hardware security modules to protect mission-critical businesss and manufacturing processes

(16/03/2010)

With about 60,000 employees and a network of 125 manufacturing facilities across 26 countries, ZF develops and manufactures innovative transmissions, steering systems, axels and chassis components for the world’s top vehicle makers. ZF has deployed Thales hardware security modules (HSMs) to protect mission-critical business and manufacturing processes and help meet regulatory requirements.

To secure its systems from internal and external threat, ZF deployed a Public Key Infrastructure (PKI) utilizing Microsoft Windows Server 2008 together with Thales HSMs from the nCipher product line, providing a standardized enterprise-wide global infrastructure for certificate-based authentication. Every machine involved in the production of ZF products, be it a server or desktop computer, is authenticated using the digital certificates generated and stored by Thales HSMs. Everything from production to accounting to intellectual property is safeguarded against unauthorized access and no unauthorized machine can eavesdrop on ZF’s manufacturing process.

Using Microsoft Windows Server 2008, digital certificates are issued to every machine on ZF’s network so that each system can be uniquely identified and authorized to access business systems – such as ZF’s SAP accounting platform. This amounts to many thousands of keys and Thales HSMs provide a reliable, auditable and secure hardware key storage environment, underpinning the certificate issuing process. Thales HSMs also provide centralized key management for the many thousands of certificates issued, replacing time-consuming, inefficient manual processes for tracking and updating expiring certificates.

The ability to remotely and therefore cost-effectively manage an HSM provides ZF with further benefit. In an effort to fight tax evasion and smuggling, the government of Brazil recently implemented regulations — called Nota Fiscal Eletrônica — requiring that manufacturers produce electronic bills of lading stamped with a digital signature. The regulations mandate the use of HSMs to store and protect time stamping certificates. While many manufacturers scrambled to implement compliant systems, ZF was ready. The company integrated its PKI with the SAP system it used to generate bills of lading. In addition, ZF located HSMs in Brazil, which they managed from Germany, as part of a cluster for enhanced global redundancy of its key storage process.

“Protecting our business against unauthorized access, from production to accounting to intellectual property, is of paramount importance”, says Jürgen Paulmichl, information technology security manager for ZF. “Thales HSMs give us auditable key protection for the computers that conduct our office-based processes, and they enable more cost-effective and scalable security for the technology that drives our production lines. Only Thales had reference customers available to confirm ease of integration with Microsoft Windows Server 2008. Deploying Thales HSMs has allowed us to easily meet the escalating security expectations of auditors, governments, and company leaders.”

“ZF’s security architecture is a great example of how successfully Thales products integrate with leading-edge operating systems and applications such as Microsoft Windows Server to provide effective key management solutions,” says Franck Greverie, Vice President and Managing Director for the Information Technology Security activities of Thales. “We are delighted that ZF has chosen Thales products for their specific and demanding security concerns. This implementation illustrates the advantages of a versatile platform that securely and cost-effectively protects data and business process and establishes a coherent and well-enforced security policy that complies with industry regulations”.

Related topics:  Authentication and identity management   Network Security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources