Manufacturing companies have a unique set of challenges around cybersecurity – both technological and organizational. Up until a few years ago, it was often difficult to engage manufacturing companies in serious board-level discussions about cybersecurity. Many executives in this sector made the assumption that manufacturers simply were not vulnerable in the same ways that financial services or healthcare companies are. After all, financial services and healthcare organizations house large amounts of highly sensitive data, including personal health information (PHI), personal identifiable information (PII), and sometimes even payment information like credit card numbers (PCI) and bank account data. But manufacturers are quickly learning that their data is also vulnerable.
2017 came around and we all witnessed the infamous ransomware attacks of Wannacry and NotPetya, where many manufacturing companies became victims. At that time, manufacturing organizations actually suffered considerable losses due to these attacks. Merck pharmaceuticals experienced “disruption of its worldwide operations, including manufacturing, research and sales operations” in its SEC filings. They cited a $260 million loss in sales for 2017 and expected further losses of $200 million for 2018.
With product designs, manufacturing specifications, and supplier contracts housed in manufacturing companies, there’s a huge risk in potentially exposing intellectual property, among other sensitive data. And with multiple stakeholders, shifting production schedules, and a global supply chain, it becomes even more difficult to balance collaboration without losing control over how that data is accessed and used.
One of Vera’s customers, a large footwear and apparel manufacturer (“the Company”), headquartered in the United States, had these exact challenges. The Company is global, with over 50,000 employees worldwide, all of which work in a highly collaborative, agile environment, on different platforms. They use a multitude of file types, including Adobe Illustrator, making data security a potentially complicated and challenging endeavor. The Company’s security teams must balance between two competing demands: securing intellectual property and enabling employee collaboration, as well as high-speed production efficiency. This blog (and case study) outlines specific use cases describing how the Company currently uses VERA to secure highly sensitive design and product schematics and intellectual property.
Secure Cloud Collaboration
One of the user requirements was that the file security solution chosen by the Company must integrate easily with Box. Cloud collaboration often enables productivity improvements and convenience and greatly facilitates information-sharing with internal and external users. However, these modern collaboration technologies can present security risks that the Company’s teams knew they needed to address.
If data ever leaks or is downloaded from Box, Vera’s security sticks to the file anywhere it goes, making sure only authorized parties are working with the Company’s information. From a technical standpoint, VERA decouples the keys from the cloud collaboration tool vendor and provides optionality for key location to be hosted in the VERA service or on-premise. This ensures that the cloud collaboration tool vendor’s employees cannot access sensitive files. This also protects against being unaware that sensitive files have been accessed as the result of a subpoena.
As the Company progressed and saw immediate success in their deployments, they decided to upgrade to enterprise licenses and leverage the VERA SDK/API. This was done to weave and build data security into their home-grown and custom applications. With the VERA SDK, machine-generated files and custom designs uploaded and shared from home-grown systems or third-party apps are automatically secured – which gives the Company a powerful data security fabric for their entire ecosystem and extended enterprise.
If the Company needed to send images to retailers in advance of new releases and campaigns, it was important that those images never show up prematurely online or in any other unauthorized way. With Vera, the Company is able to watermark, and prevent screenshots of their designs, as well as control the actions users can take on those files, such as view, edit, print, and copy/paste.
We highlight these use cases and others in the full case study. Be sure to download it and learn more about the Company’s deployment and journey with Vera. Check it out!
Director, Product Marketing