Roll No 02 Nitin Sindwani

8/3/2019 Roll No 02 Nitin Sindwani

1/33

TERM PAPER

OF

COMPUTER NETWORKS

Project TOPIC

On

Information security management in Organizations

SUBMITED TO: SUBMITTED BY:

SAHIL RAMPAL NITIN SINDWANI

Roll no 02

REG NO: 11010424

MBA- IT

SESSION 2010 2012

LOVELY PROFESSIONAL UNIVERSITY

PHAGWARA(GT ROAD) PUNJAB


2/33

ACKNOWLEDGEMENT

I express my profound sense of gratitude to my faculty guide Mr

SAHIL RAMPAL, faculty member, Department of Business

Administration, lovely professional university, and my teacher of Computer

network, for his systematic guidance throughout this term paper. I would

also like to thank him for giving such a topic for term paper which helped

me to develop a practical insight of whatever I had learnt in the class.

I would also like to express my heartfelt thanks to my familymembers and my friends, who extended all kinds of co-operation to me

throughout the course of this work.

2


3/33

CONTENTS

1. Introduction

2. Information Management Cycle

3. Scope of Information security Management

4. Topology used for security

5. Pre SAP Scenario-------------------------------------------------------------

5

6. The IT Infrastructure--------------------------------------------------------6

7. Enterprise Application-------------------------------------------------------7

8. Supplier & Customer Relationship Management-----------------------9

9. eHR Implementation-------------------------------------------------------11

10. Information & IT security management--------------------------------12

11. Benefits to HHML----------------------------------------------------------20

12. Bottlenecks-------------------------------------------------------------------22

13. Snapshots of IT setup at HHML-----------------------------------------23

14. Summary--------------------------------------------------------------------24

3


4/33

15. Bibliography-----------------------------------------------------------------25

INTRODUCTION

The Intelligent Organization

An organization behaves as an open system that takes in

information, material and energy from the external environment, transforms

these resources into knowledge, processes, and structures that produce goods or

services which are then consumed in the environment. The relationship

between organizations and environment is thus both circular and critical:

organizations depend on the environment for resources and for the justificationof their continued existence. Because the environment is growing in complexity

and volatility, continuing to be viable requires organizations to learn enough

about the current and likely future conditions of the environment, andto to use

this knowledge to change their own behavior in a timely way (Choo 1991,

Choo and Auster 1993).

An organization works with three classes of knowledge: tacit knowledge, rule-

based knowledge, and background knowledge (Table 1).Tacit

knowledge consists of the hands-on skills, special know-how, heuristics,

intuitions, and the like that people develop as they immerse in the flow of theirwork activities. Tacit knowledge is deeply rooted in action and comes from the

simultaneous engagement of mind and body in task performance. Tacit

knowledge is personal knowledge that is hard to formalize or articulate

(Polanyi 1966, 1973). The transfer of tacit knowledge is by tradition and shared

experience, through for example, apprenticeship or on-the-job training.

4


5/33

5


6/33

Scope of Information security Management

The basic goal of information management is to harness the

information resources and information capabilities of the organization in order

to enable the organization to learn and adapt to its changing environment (Choo1995, Auster and Choo 1995). Information creation, acquisition, storage,

analysis and use therefore provide the intellectual latticework that supports the

growth and development of the intelligent organization. The central actors in

information management must be the information users themselves, working in

partnership with a cast that includes information specialists and information

technologists. Information management must address the social and situational

contexts of information use -- information is given meaning and purpose

through the sharing of mental and affective energies among a group of

participants engaged in solving problems or making sense of unclear situations.

Conceptually, information management may be thought of as a set of processesthat support and are symmetrical with the organization's learning activities. Six

distinct but related information management processes may be discerned (Fig.

2): identifying information needs, acquiring information, organizing and storing

information, developing information products and services, distributing

information, and using information (Davenport 1993, McGee and Prusak

1993).

Information Management Cycle

6


7/33

Which type of Information Needs

The identification of information needs should be sufficiently rich and

complete in representing and elaborating users' true needs. Since information

use usually takes place in the context of a task or problem situation, it is helpfulto recognize that information needs consist of two inseparable parts An

accurate description of information requirements is a prerequisite for effective

information management. Ironically, system designers often take this for

granted and assume that information requirements can be quickly determined

by examining existing paperflows and data flows. Similarly, senior managers

believe that it is the information specialist's job to identify their information

needs, and do not assume the `information responsibility' of defining in detail

what information they require (Drucker 1994). In reality, particular information

needs will have to be elicited from individuals. Unveiling information needs is

a complex, fuzzy communication process. Most people find it difficult toexpress their information needs to their own satisfaction. Personal information

needs have to be understood by placing them in the real-world context in which

the person experiences the need, and to the ways in which the person will use

the information to make sense of her environment and so take action.

Information Acquisition

Information acquisition has become a critical but increasingly complex

function in information management. Information acquisition seeks to balance

two opposing demands. On the one hand, the organization's information needsare wide-ranging, reflecting the breadth and diversity of its concerns about

changes and events in the external environment. On the other hand, human

attention and cognitive capacity is limited so that the organization is necessarily

selective about the messages it examines. The first corollary is therefore that

the range of sources used to monitor the environment should be sufficiently

numerous and varied as to reflect the span and sweep of the organization's

interests. While this suggests that the organization would activate the available

human, textual, and online sources; in order to avoid information saturation,

this information variety must be controlled and managed.

Information Organization and Storage

Organizing and storing information may be facilitated with the application of

information technology. Traditional data processing technologies were first

used to raise work efficiency, whether on the office floor or the shop floor. The

operational use of computers generated an abundance of detailed information

7


8/33

about transactions, customers, service calls, resource utilization, and so on.

While such systems are tuned to provide high throughput performance, they are

inefficient at and sometimes incapable of retrieving the information that

decision makers need to have for planning and problem solving.

Topology used for security

Fig. 3. A Topology of Information Products and Services

Users want information not just to give answers to questions (`What is

happening here?') but also to lead to solutions for problems (`What can we do

about this?'). Moving from questions to problems means moving from asubject-based orientation in which knowing is a sufficient end state to an action

orientation in which information is being used to formulate decisions and

behaviors. To be relevant and consequential, information products and services

should therefore be designed to address not only the subject matter of the

problem but also the specific contingencies that affect the resolution of each

problem or each class of problems.

8


9/33

Information Distribution

The purpose of distributing information is to encourage the sharing of

information. A wider distribution of information promotes more widespreadand more frequent learning, makes the retrieval of relevant information more

likely, and allows new insights to be created by relating disparate items of

information. The delivery of information should be done through vehicles and

in formats that dovetail well with the work habits and preferences of the users.

The separation between information provider and information user should be

dissolved: both ought to collaborate as partners in the dissemination and value-

adding of information to help ensure that the best information is seen by the

right persons in the organization. To encourage users to be active participants,

it should be made easy for them to comment on, evaluate, and re-direct the

information they have received.

One of the biggest success stories in the Indian two wheeler segment, Hero

Honda is a household name today. Whats not so well known is the fact thatthe company has successfully used IT to help it reach the top.

What started out as a Joint Venture between Hero Group and the

Honda Motor Company of Japan, has today become the worlds single

largest two-wheeler Company. Coming into existence on January 19, 1984,

Hero Honda Motors Limited (HHML) gave India nothing less than a

revolution on two-wheels, made even more famous by the Fill it - Shut it -

Forget it campaign. Driven by the trust of over 5 million customers, the

Hero Honda product range today commands a market share of 48% making

it a veritable giant in the industry. Add technological excellence, an

expansive dealer network, and reliable after sales service to that and we have

one of the most customer- friendly companies. Customer satisfaction, a high

quality product, coupled with the strength of Honda technology and the Hero

groups dynamism has helped HHML scale new frontiers and exceedslimits.

For New Delhibased Hero Honda, success has brought significant

rewards and some daunting challenges. The company, established in 1985

as a joint venture between Hero Group of India and Honda of Japan, holds a

50% market share in India and has grown to become the worlds largest two-

wheeler manufacturer. In the last six years Hero Hondas sales volume grew

9


10/33

by 400%, and this year the company expects to manufacture and sell more

than 3 million motorcycles. Its no wonder that Hero Honda has won

accolades in the New Delhi business press. In fact, in 2001 Hero Hondas

chairman Brijmohan Lall Munjal received the Ernst & Young Entrepreneur

of the Year award for India, and in 2005 he was presented with the Padma

Bhushan, a prestigious award from the Indian government. But growth has

brought unique challenges, too. Hero Honda now supplies motorcycles

through more than 500 dealers and 700 service points, institutions, and

overseas customers. In addition, the company calls on more than 240

suppliers for its parts and subassemblies. The challenge for Hero Honda: cut

time and waste out of its supply chain and add more flexibility in meeting

the fast-changing dynamics of the modern market in India

Hero Honda is a leader in the two wheeler segment in the country, and even

claims to be the worlds largest two wheeler company in its advertising. Toreach the heights that it has, Hero Honda has successfully leveraged the IT

advantage, especially in recent times.

PRE SAP SCENARIO

The company has a highly efficient and reliable network today. But till 1998

Hero Honda depended on legacy systems, which had a high failure rate. The

set up was not in a position to cater to the expansion that Hero Honda went

through and was not suitably updated. Because it was obsolete, themanagement decided to revamp the entire IT set up according to S R

Balasubramanian, vice president, Information Systems, Hero Honda Motors.

HHML had legacy systems working on different platforms, which were

developed in-house and tailor-made to their method of working. Since the

legacy systems took care of data processing, only some operational reports

got generated by the system. Real MIS resided on Excel sheets along with

different kinds of analysis. Information, therefore, was fragmented and the

authenticity was questionable. Over a period of time, the systems underwent

changes and represented a patchwork of several additions and modifications.They were loosely integrated across functional areas. There was duplication

and information inconsistency as happens with most legacy applications. It

was therefore important to migrate from this platform to something more

stable and futuristic.

MOTIVATION FOR CHANGE

10


11/33

At that point of time the management perception about IT was also changing

and they decided IT would be part and parcel of Hero Honda. This helped in

modernising the information systems at the company. Apart from this,

competition in business and deployment of bandwidth hungry applications

forced the company to migrate from a slower legacy network to the new

faster and more reliable network. The managements vision was to align IT

with business. IT was to be used as a strategic business tool rather than for a

limited purpose of data processing. An information systems plan was drawn

up, which besides other things, stated that the organisation would go for

common systems across the organisation. It would also achieve integration

between all systems; emphasis would be on improving business processes,

to adopt best practices and to cover the entire supply chain. HHML wanted

to consider only state-of-the-art systems and one which had a clear road map

for the future including conduct of business over the net. Tired of in-housedeveloped systems, they wanted a standard solution and in particular, an

ERP. Their idea was to partner with a technology vendor capable of taking

them forward as the business expectations increase.

THE IT INFRASTRUCTURE

The IT infrastructure of the company is connected over three major Local

Area Networks (LANs). These connect the corporate office in New Delhi

with two manufacturing plants (Gurgaon and Dharuhera), and other zonal

and marketing offices. 21 locations are connected through its Wide Area

Network (WAN) set-up. Most of these locations are connected with the

corporate office through VPNs, leased lines, and at few places through

VSAT connectivity. The motorbike major has a total of seven TDM/TDMA

VSATs and two PAMA VSATs. As far as the VPN set-up is concerned, it is

still a closed-user group. For connectivity between its Dharuhera and

Gurgaon facilities the company uses a very fast radio link. The company has

installed the PAMA VSATs from Comsat Max as a backup facility. The

Hero Honda network spans 750 nodes across the country.

Hero Honda uses 10/100 Mbps Ethernet switched technology for data

transmission and is connected with both optic fibre and Cat 5 cables. Optic

11


12/33

fibre is used for the backbone, which will also solve the future bandwidth

requirements of the company. The company has three Cisco routers. The

company also uses a mix of switches from three vendors: Cisco, IBM and

3Com. For non-critical applications, the company has opted for 3Com

switches. As IBM switches are cheaper than Cisco ones, we will be going

in for more and more IBM switches in the future, says Balasubramanian.

All the switches and hubs at the company are managed devices. Apart from

this the company also uses an IBM RS 6000 server for running SAP

applications, and other midrange servers for running Ingres and Oracle. For

Lotus Notes applications the company has opted for IBMs Netfinity

servers. As far as other networking hardware is concerned, the Gurgaon

plant has two Cisco routers, which are connected to an IBM LAN Route

Switch, and the storage box is connected to the RS 6000 server. The

company is also using a tape library, which works as a backup device.

One of the key features of Hero Hondas networks is that most sites enjoy

excellent backup facilities. For instance, Dharuhera is connected directly to

Comsat Maxs PAMA VSAT main hub. The IT facilities at Gurgaon are

connected with two electrical sources, two MCBs, and two UPSes. The

company has also installed an extra server as a backup. It possesses a

Network Attached Storage system, with plans to shift to a Storage Area

Network. For this Hero Honda has gone in for an IBM Trivoli solution. The

whole idea was that information systems should be able to cater to 99

percent of availability. Even if a LAN or a switch fails it should just take 10

minutes to switch to another LAN or switch.

12


13/33

ENTERPRISEAPPLICATIONS

A good and reliable messaging system was a long-standing need at Hero

Honda. When they first introduced messaging, it took off very well. To

ensure its success the management arranged training programmes at all thethree major areas and also invited the regional offices to join in. The success

of the messaging system was so good that people started overlooking the

VSAT network. The company messaging set up evolved around Lotus

Notes. They evaluated both Microsoft Exchange and Lotus Notes, and

finally decided to go in for Lotus Notes. The Lotus Notes application at

Hero Honda evolved around those applications that users are familiar with.

This is done as a part of the information systems plan along with the

business plan to integrate information systems in the organisation, integrate

all the departments. As the management knew that the implementation ofERP would take some time, they wanted to use that time to introduce an

IT culture in the company.

After the successful implementation of this system, the IT set-up faced some

problems during the first Diwali after the introduction of the messaging

system. This happened because of huge number of greeting messages and

card attachments. This prompted the company to introduce a new greetings

system on the lines of Bluemountain.com. They opened up a car4.809 cmds

library system and asked the users to go to the card library and select a card

and send it across. By this, no attachment would go, but only the link. Afterthis they were able to avoid a considerable amount of traffic. And users were

quite excited about having a card application. People started enjoying the

use of IT applications. Subsequently, the company put up an intranet and

workflow applications.

ERP IMPLEMENTATION

The next move was to implement ERP in order to integrate various functions

and control its operations. The company went live with SAP R3 on February

1, 2001. It uses modules like production, materials, finance, marketing,

assets, quality sales and distribution. Siemens Information Systems was the

implementation partner for this rollout. The ERP implementation presented a

high level of data integration. ERP has helped the company immensely.

Today nobody asks any other department for information. One can log in

and see reports online, says Mukesh Malhotra, deputy general manager,

13


14/33

Hero Honda Motors. They were able to implement better cost control

measures. This had helped them in calculating the cost of consumables, tool

inventory cost, power and fuel costs, and plant overheads. Because of this

they also became ready for future SCM and CRM implementations.

SAPS ROLE

HHML evaluated BAaN and Oracle. The overwhelming presence of SAP in

the automotive sector was one of the important reasons for selection. The

customer references spoke strongly about SAPs ability to address the needs.

The project took off with a great start. It imparted one-day awareness

training sessions to around 135 managers and key users explaining the

project and roles of core team members and users.There were hiccups in between because of staff turnover at the

implementation partners end because of which the project had to be

extended by a month. However, they kept various activities on schedule.

They were one week behind at the last stage of Go-Live preparation but

made that up in the last month. The Steering Committee played a useful role

and wherever some policy issues could not be decided, the CEO intervened

to resolve. End users were involved at various stages and hence they adapted

to the new systems well. The first few days saw several problems but the

help desk (available 24 hrs) attended to them promptly. Every day thereafter

saw lesser problems and the operations got streamlined in 15 days. The

yearly closing ended on the 31st March 2001, (2 months from Go Live) and

was completed in 24 days. Year closing for the following

year was achieved in 11 days and HHML was the second company in India

to declare results. This indicated the stability of systems and the efficiencies

achieved.

IMPLEMENTATION PARTNERS

Siemens Information Systems Ltd (SISL) were the implementation partners.They imparted initial training to the users and core team members. They also

helped in redefining various processes based on their experience. They gave

valuable suggestions for improvement at various stages. In the Steering

Committee meetings they clarified various issues and helped in convincing

the management to make various changes.

14


15/33

RECORD-BREAKING IMPLEMENTATION TIME

Hero Honda also profited from services delivered remotely by SAP

consultants in Singapore and software developers in Walldorf, Germany.

This international approach ensured that any issues were dealt with rapidly

and effectively. The speed with which technical issues were resolved was

impressing. In some cases, SAPs German developers found answers

overnight. Thanks to close collaboration between SAP and Hero Honda, the

project was completed in a record three months. Implementing the latest

mySAP SRM and mySAP CRM capabilities in such a tight time frame was

an ambitious goal

SUPPLIER & CUSTOMER RELATIONSHIP MANAGEMENT

Automotive Motorcycles

Processing Orders Manually

They have a large supply chain and they needed accuracy and speed in the

deliveries of raw material and components. Their suppliers were given a

plan for the month but changes are often necessitated by market conditions

like changes in the mix of models and colors. And there could also be

increase or decrease in demand. They wanted the ability to respond to these

changes by aligning the production plan, supply schedule of components,

and other resources to handle this efficiently. Hero Honda had already been

using the mySAP ERP solution for its core applications but until January

of 2004, the company continued to enter its customer orders manually

using a portal to communicate with suppliers. They used to receive orders

from dealers in the form of spreadsheets, e-mail, and phone calls. It took a

few days to bring in the customer orders and consolidate them. Then they

would get our material requirements plan from the ERP [enterprise resource

planning] system and post the information on their portal. This was done

through periodic updates twice a day and hence did not consistently give

the latest information to their partners. They had no visibility of materials intransit and a lot of time was wasted on follow-ups. They also had to deal

with incorrect deliveries from vendors when they sent either less or more

than the scheduled quantity. For example, they might have ordered 100 units

but the supplier delivered 110. This kind of error would slow down the

receiving station while their people would seek approval for receiving the

extra quantity. Also, mismatches like this meant that either they carried

15


16/33

more inventory than needed or caused production holdups if the quantity

supplied was less than ordered.

Automating Supplier Transactions

In February 2004, Hero Honda began a pilot test, bringing in mySAP

Supplier Relationship Management (mySAP SRM) as well as mySAP

Customer Relationship Management (mySAP CRM), both solutions in the

mySAP Business Suite family of business solutions. For the rollout of its

supplier portal, Hero Honda chose its top 125 suppliers together, they

account for 95% of the companys supplies. Most of these suppliers now

perform their transactions with Hero Honda through the Web-based self-

service portal, in real time. Suppliers can now see the status of their orders,

shipments, and invoices, and they can see new delivery schedules as soon as

theyre processed by the Hero Honda production plan. They can also use theportal to make confirmations along the way for example, to confirm that

they can handle a certain variation and to confirm that theyll meet the

delivery schedule.

SAP Consulting

It took three months to complete the rollout. Helping Hero Honda speed up

the process and helping implement some of the newest features in mySAP

SRM was SAP Consulting. mySAP SRM experts, from both the Asia-

Pacific region and SAP headquarters in Walldorf, Germany, worked on the

project and helped Hero Honda develop some of its most complicated direct

materials processes. They assisted them during the entire implementation

process and transferred knowledge to them. Also, they unlocked some

software features that were not known even to be existing by people at

HHML. For instance, they helped them implement instant messaging, which

was helpful in contacting the suppliers quickly in the event of a production

scheduling change say, one that might occur because of an upcoming

holiday. SAP Consulting and the Asia-Pacific solutions team also helped

Hero Honda integrate a bar code reading function into the system,according to Balasubramanian. The bar code feature is used by those local

suppliers who make just-in-time deliveries several times each day. For them,

its faster and easier to process their deliveries via a bar code reader on the

delivery dock than it is to make constant updates to the self-service portal.

16


17/33

End-to-End Process Integration

Hero Honda also implemented a customer portal, as a feature of mySAP

CRM. With the two portals now in place, the company benefits from end-to-

end process integration. Our dealers place their orders once a month, he

says. Typically, a dealer might order several hundred motorcycles, as well

as spare parts. So every Friday we get our orders in, we consolidate them on

Saturday, and on Monday morning our suppliers are all receiving our

delivery schedules, directly from our production planning system.

Because the ordering process is now fully automated, Hero Honda saves

approximately three days over the time it used to take to complete this

process. That translates into an inventory savings of about 10%, which in

turn translates into a substantial cost savings. The automation also increases

Hero Hondas own ability to be responsive to its dealers. Even thoughdealers normally place their orders on a monthly basis, there are many times

when they want to revise an order thats already in process. They might do

this to account for a sudden change in customer demand for instance, their

customers might start asking for a new color or a different model. For these

revisions, we can get the change in on Friday and be pretty sure that the

entire shipment will go out, as scheduled, the following week, says

Balasubramanian. The customers appreciate this kind of responsiveness and

its just what they, and they, need in order to continue to take advantage of

this fast growing market. The systems end-to-end integration pays

dividends in maximizing order accuracy, as well. Theyve greatly reduced

the chances of mismatched orders too. For one thing, its easier for suppliers

to check their orders on the portal and they know that the portals

information is both accurate and up to the minute. Since the advance

shipping notification created by the supplier is derived from the purchase

order, the chance of a delivery mismatch with the order is almost zero.

eHR IMPLEMENTATION

With technology touching all aspects of todays business, there is increasing

usage of IT and Internet technologies in a companys HR department.

Suddenly HR managers are finding themselves in a whirlwind of

technological changes, with adoption of IT (both as process and tool)

becoming a necessity for them. The past one year has seen IT playing a key

17


18/33


19/33

what type of information was there, who should access it and who should

not in order to ensure complete data integrity

Along with business growth, Hero Honda has also grown on all fronts. It has

set up two manufacturing facilities at Dharuhera and Gurgaon in Haryana.

These facilities now churn out over 3.5 million motorbikes per year. This

growth is also applicable to the companys employees and their business

needs. As is the case with any other large organization, Hero Honda has

nearly 1,600 desktop users. E-mail is a backbone of todays business and

justifying that the company has created approximately 2,000 email ids for its

users.

Security set-up so far

The year 1999 was the inflection point for the entire IT set-up at HeroHonda, including information security. The company undertook a complete

revamp of its IT infrastructure with a new architecture, expansion of its

network, IT assets and applications. The security approach has been

evolutionary, in line with these growing requirements. Connecting the entire

organisation during 1999, the company put its mailing system into place.

This, however also led to the import of viruses into the system, thereby

warranting the need for a complete anti-virus solution. Before this, there was

anti-virus software installed only on a few desktops. The company chose

McAfee for its comprehensive features and good installed base. Hero Honda

has now implemented the complete suite, covering the desktop, servers andmail gateway.

The company first deployed the Total Virus Defence (TVD) system, which

was later upgraded to the Active Virus Defence (AVD) system around two

years ago. Under AVD, Hero Honda is using Group Shield for Lotus Notes

mailing system, Netshield for NT and Window 2000 servers and Virus Scan

for end-user desktops. The AVD works under the ePolicy Orchestrator

agent, which is an agent installed on each and every desktop and delivers the

means to control the anti-virus applications. According to Balasubramanian,

it gives the company power to enforce its anti-virus policy, to update the

policy on end-user desktops and to monitor update progress through

graphical reports. ePolicy has made it easier to enforce any anti-virus policy

in the company in just two hours in all the offices.

19


20/33

As part of the AVD architecture, Hero Honda has three AVD servers at the

head office in Delhi, and the Gurgaon and Dharuhera plant. The AVD server

at Delhi takes care of all head office-based servers, desktops and all zonal

and area office desktops. Likewise, with the Gurgaon and the Dharuhera

AVD servers. All the three servers are connected to the McAfee Internet site

through the Net. As a result, whenever McAfee releases any new anti-virus

DAT files, all three AVD servers get synchronised with McAfee server and

download the DAT file (incremented) immediately, which are then

distributed to all the servers and desktops. In case of a virus attack on any of

the servers and desktops, the ePolicy agent updates the AVD server about

this new virus.

CORE CRISIS

Messaging systems form the frontline for any organization. The externalmail server forwards corporate mail to the internal mail server that is

deployed on our LAN over SMTP. The internal mail server is a central mail

repository from where all the employees pop their individual mails. All the

employees based in New Delhi, Dharuhera and Gurgaon plant, POP their

mails from the local mail server. They have ISP level security which

consists of a firewall, spam filter and anti-virus. However, they soon realized

that ISP level security was inadequate for the task at hand.

The company was facing difficulties vis--vis messaging and there were

Internet access and security issues related to spam, online and spam-relatedmalware attacks and choked bandwidth. Moreover, the company wanted to

filter Web access.

The company receives an average of 26,000 e-mail messages per day, which

translates to almost 1 GB of storage space. Of these at least 70 percent were

spam. That used to work out to around 18,500 pieces of spam per day. The

ISP was able to filter out about 50 percent of this. Still, almost 9,000

messages hit our internal mail server everyday. They tried out a few

standalone, software-based spam filters with little success.

Apart from a vast number of employees, HHML also has a vast chain of

dealers and service stations spread across the country. So mails exchanged

between these offices often got lost in the maze of spam and the business

suffered. Often business correspondence was incorrectly classified as spam,

a case of false positives, and deleted while spam continued to pour in.

20


21/33

Mailboxes were clogged with spam. Having close to 9,000 spam messages

hitting the local mail server on a daily basis was something that was not

acceptable as, downloading legitimate mail along with the torrent of spam

that dodged the ISPs filters from the external mail server to the local one

was a painfully slow and, quite often, frustrating process.

Emphasizing another side of this crisis, Bandwidth consumption did not just

increase, it shot through the roof and to keep adding bandwidth was not a

viable solution. Once the messages reached an individuals mailboxes, they

had to be checked and deleted manually. Many a times the recipients were

tempted to read the spam and the mail processing time kept increasing at the

cost of productivity. Legitimate e-mail messages were often lost in the maze

of spam.

The management began questioning the IT department regarding the extentof spam, which was mostly unanswerable, despite the IT teams best efforts.

Employees stationed at remote locations such as Gurgaon and Dharuhera

were worst hit. For them, the mail was first downloaded to the local mail

server and then had to be POPped to their remote individual mail boxes. The

download time of an individual message was very high and this was

particularly frustrating since at least 50 percent of the mail was spam.

21


22/33

IT experts are the most prominent group in today's technology-dominatedenvironment. The management of information technology has remained in the

media's spotlight for many years now, with no signs of diminishing interest.

Academics, businesses, consultants, and government all continue to extol the

strategic application of information technology. IT experts have indeed become

proficient at fashioning computer-based information systems that dramatically

increase operational efficiency and task productivity.

Information experts, the librarians and specialists who work in corporate

libraries or information centers, the records managers, the archivists, and so on,have long been regarded as part of the support staff of the organization,

working quietly in the background, often uninvolved in any of the critical

functions of the organization. Yet as the individuals who have the skills that are

most needed to effectively acquire, organize, and distribute information, the

intelligent organization cannot afford to do without their contribution and

22


23/33

participation in its strategic activities. Information experts have to break out of

their cocoons and recast their roles

THESE STEPS USING FOR MANAGING SECURITY IN

ORAGANIZATIONS

Need for firewall

The need for further beefing up the security set-up beyond an anti-virus

solution was felt as the company further opened up its systems to external

access. Around a year-and-a-half ago, apart from providing Internet access

through the proxy server, the company also decided to provide connectivity

with dealers and vendors for information sharing, i.e. they could directly log

in to the Web server. This required the deployment of a firewall to guard the

systems from possible hackers and virus attacks. This was the first time that

they were really connected to their partners. Earlier they only had a mail

gateway through which they exchanged mail. So, there really wasnt a need

for a firewall at that time. But now, since they are allowing people to log in

and with people accessing the Internet there is the need for a firewall.

Firewalls deployed at Comsat Max: Hero Honda has a perimeter firewall

that serves as the Internet gateway for both the plants and head office. It has

chosen Checkpoint as its firewall, which runs on a Nokia box and is

managed and monitored by the service provider, Comsat Max. The

companys IT security architecture divides the network into zones, based on

the function of the infrastructure contained therein. The zones created are:

DMZ zone

Third-party zone

Application servers zone Critical servers zone

Security management zone

Network and system management zone

LAN & WAN zone

23


24/33

Unauthorised Internet access

Restriction of access to unauthorised sites is taken care through the proxy

server, which was deployed around two years ago for Internet access tointernal users. The rules for access control have been defined in the server

itself. It defines factors like which PCs have access to the Internet, the sites

that can be accessed, time period during which only certain users can access

the Internet, etc.

The company has taken various measures to ensure data integrity during

internal access as well. It has deployed PGP software on the critical desktops

and notebooks within the organisation for encrypting data. While the

software was deployed around two-and-a-half years ago, it keeps onidentifying and adding critical notebooks and desktops. The information on

the desktops and notebooks is kept in a folder and is encrypted, which

requires a user name and password to access it.

Furthermore, Hero Honda has built in integrity in the application itself,

which is well documented with profiles for each user. Depending on his/her

profile, the user gets the rights for accessing the data. The authentication is

done through passwords.

And the answer was

The spam included a good smidgen of Phishing which slipped through the

primary security layer at the ISPs end. Malware entering through the

messages and Internet browsing was also a major source of concern. Several

messages contained a malicious payload of viruses, spyware and Trojans.

Once these entered the network, they promptly began consuming bandwidth

and causing system crashes. Unprotected and unrestricted Internet browsing

also left gaping security holes. The lack of filters on browsing left the

organization wide open to attack from malware, tracking cookies, spyware

and keyloggers.

Digvijaysinh Chudasama, Vice President, Sales, Cyberoam said that

Enterprises are replacing best-of-breed security solutions in their networks

with Unified Threat Management solutions. Cyberoams all-in-one security

platform aids the transition without compromising the feature granularity of

standalone solutions. Cyberoams identity-based security empowers

24


25/33

administrators to proactively defend the enterprise network against both

internal and external threats.

While considering the core problem and sensitivity of the issue for Hero

Honda, Tarak Technologies, business partner of Cyberoam, suggested a plan

to secure the companys e-mail. Jose Kurian, COO of Tarak Technologies

said after examining the problem they understood that response time was

crucial. The messaging application cannot go down for a long period of time

at a company such as Hero Honda. They offered them Cyberoams anti-

spam software. Rather than going out for point-to-point solutions we

suggested that the company go in for Unified Threat Management (UTM).

Kurian added that the Cyberoam UTM solution sits at the gateway level. It is

an appliance through which mail gets routed, filtered and forwarded to the

local mail server. In the absence of Web filtering and access accountability,the little bandwidth that was left was consumed through unrestricted surfing.

This proved detrimental to organizational productivity. Lack of Internet

usage accountability led to malicious sites being surfed, which in turn

infected the network with a host of spyware.

As a remedy to slow browsing and other bandwidth problems, the company

was forced to upgrade its initial 64 Kbps Internet connection to a 4 Mbps

pipe. Yet, the complaints persisted even after this quantum leap in

bandwidth availability. They purchased four Cyberoam appliances, three

250is and one 100i. One 250i appliance is deployed at our corporate officein New Delhi, and one each at production plants in Dharuhera and Gurgaon.

A 100i appliance is deployed at their upcoming facility at Haridwar. All

Cyberoam appliances have been deployed in bridge mode. The entire mail

and Web traffic passes through Cyberoam.

The changed scenario

Post-implementation, Internet access is productively focused. This is amply

reflected in the bandwidth usage. Once insufficient, bandwidth availability is

now quite satisfactory. Total bandwidth consumption fell sharply and the

ISP bills also took a nose dive. A clean network, safe and responsible

surfing and spam free mail boxes have all culminated in a drastic reduction

in calls to the IT helpdesk.

25


26/33

Information security policy

While the company had some documented policies relating to various

aspects, including IT security post-1999, they were not comprehensive

enough to cover all areas. Increasingly expanding connectivity warranted the

need for a complete policy, defining the security issues both from within and

outside the organisation. The companys plans for connectivity with

business partners included rolling out the second phase of its supply chain

solution, allowing dealers and vendors to interactively do transactions with

the company on the Net. (It already provides dealers and vendors one-way

access to the Web server). Furthermore, it is also trying to allow employees

access to applications like instant messaging and SAP, especially for field

staff and mobile workers. In such a scenario, which required opening up its

systems to partners, the need for a robust policy was imminent.

A few months ago, Hero Honda started working on its new information

security policy with HCL Comnet as the consultant. The policy broadly

covers around 17 domains. These domains include networking and

telecommunication, back-up, software purchase, use and maintenance,

incident management, e-mail, Internet, access control, password

control, anti-virus, notebooks, information disposal, acceptable use,

system development, desktop, information classification, training and

physical security. HCL Comnet carried out the vulnerability assessments

and outlined the areas requiring improvement. These included

recommendations for patch upgradation on various operating systems andfor networking devices as well as physical securityspecifically for the

server room. The consultant also recommended the removal of modems

provided to users for directly accessing the Net from their PCs. Though the

connections had been removed, the modems were left behind, which, the

consultants pointed out, created vulnerability as the users could plug them in

and start using them. According to Balasubramanian, based on the

recommendations of the consultants, the company fixed up the loopholes in

its security set-up, including some recommendations regarding the firewalls

and the protection of servers. The company has already carried out pre-vulnerability assessments, fixed the vulnerabilities and then conducted post-

vulnerability assessments.

On the other side, Hero Honda also worked on the information classification

part of its information security policy, which didnt exist earlier. This

involves participation from the top management with user representation

26


27/33

from all the functional areas. The present exercise of classification of

information is being done depending on confidentiality, criticality and

availability. Apart from information classification, the access rights to

various classes of people are also being defined in the policy. The functional

heads are made responsible for their departments and endorse the

classification of information being done.

The RoI Factor

According to Avnesh Jain, The Cyberoam UTM has maximized return on

investment. It exceeded our expectations before the implementation. The

anti-spam feature effectively stops around 9,000 bits of spam each and every

day. Employees were pleasantly surprised to find spam-free inboxes.However, we also saved time and our legitimate e-mail was no longer buried

under.

As spam disappeared, inter-office connectivity benefited greatly. Employees

at the remote site no longer have to wait indefinitely for their e-mail to be

downloaded. Bandwidth used to connect remote offices was also saved.

Cyberoams anti-spam solution not only blocked spam, but also proved

effective against any type of mail-based threat. The solution used Recurrent

Pattern Detection technology. It is content-agnostic and equally effective

against image based spam. Pattern detection technology ensured a minimalwindow of vulnerability, providing zero hour protection to the HHML

network.

The cost involved in getting Cyberoams UTM solution at Hero Honda was

around Rs 12 lakhs. It took almost a year to deploy this solution at all

locations because they went in for a pilot and gradually scaled up from there.

However, the actual deployment time was very less.

Cyberoams anti-virus solution scans SMTP, IMAP, POP3 mail traffic and

HTTP and FTP activity as well, leaving no security gaps unattended. As allthe Web-based traffic is scanned for spyware and malware, clean and secure

Web surfing has become a reality. Cyberoams identity-based Web filtering

ensures employee accountability, which in turn leads to a reduction in

unproductive surfing. The IT department has created groups and assigned

Internet access rights based on their business profile in HHML. Cyberoams

HTTP client is used to authenticate the user. As the Web filtering rules are

27


28/33

implemented on the users identity and not just on the IP address, IP

spoofing has been curbed.

FUTURE PLANS

Now that Hero Honda is readying itself for the second phase of its supplychain initiative of connecting with dealers and vendors, it is planning to

build more components on top of its existing security set-up. While in the

first phase, the company had allowed dealers and vendors only one-way

access, in the second phase it will allow them to interactively do transactions

with the company on the Net. Once the second phase starts rolling out in

April next year, the company plans to deploy additional features like an

intrusion detection system, user authentication and single-user sign-on.

As part of the new information security policy, the company will beoutsourcing the monitoring of all its external access, hacking and intrusions

to third-party service providers with SLAs. We will outsource primarily

because the third-party service providers have the expertise and resources to

monitor 24x7, explains Balasubramanian. Also, as a policy, Hero Honda

will initiate regular half-yearly audits to check compliance with the security

policy and also to check whether the policy needs a change.

BENEFITS TO HHML

ERP helped in improving quality, access and usage of transactional data and

suitably eliminated multiple entries. Besides, there was no need for manual

reconciliation any more and operational processes were improved at various

stages. Order processing was Standardized across all functions. And real-

time information on product cost, profitability analysis, and dispatch and

production status was made available too.

One of the main reasons for the success of their SAP project was that the

project was perceived as a business project, and not as an IT project. Anddifferent functional heads and module leaders were also involved in the

project. Apart from this, the deployment of relational databases like Oracle

and Ingres helped in consolidating data at one place and made it accessible

to all authorised users

28


29/33

GREATER RESPONSIVENESS, FEWER ERRORS

Following go-live in June 2004, Hero Honda immediately saw marked

improvements. On-line interaction enhanced order execution efficiency

thereby improving the responsiveness. Their old sales orders process was

very time-consuming. Now dealers enter orders directly into the system.

This accelerates deliveries preventing loss of business due to delays. Hero

Honda has also streamlined its transactions with suppliers, making for better

inventory planning and reduced inventory carrying costs. Improved

information exchange guarantees that the right goods are delivered at the

right time. The company has also significantly reduced error-prone, manual

data entry. Suppliers now create advanced shipping notifications in the

system, and when the shipment reaches Hero Honda, the companys

employees simply have to confirm receipt.

AMBITIOUS PLANS FOR THE FUTURE

Building on the success of the project, Hero Honda is now planning a range

of new SAP initiatives. These include adding additional mySAP SRM and

mySAP CRM functionality, implementing the SAP Strategic Enterprise

Management application of mySAP ERP Financials and integrating it with

SAP Business Information Warehouse (SAP BW), and rolling out SAP

Enterprise Portal (SAP EP) to all users. The SAP BW component is

provided in SAP Business Intelligence (SAP BI). SAP BI and SAP EP are

components of the SAP NetWeaver platform. Our new SAP solutions

have enhanced our competitive edge. We are confident that were on the

right track for continued success, concludes Bala. HHML is in the process

of making continuous improvements and changing configuration to add

more functionality to the existing systems. They have implemented the

Plant Maintenance module in Sept, 2002 and are implementing the

Human Resource (including India Payroll) module. The Supply Chain

Management project is about to take off too. Proposed future applications

are CRM, BW, SAP Portals and ESS. HHML has upgraded from 4.6 B to

4.6 C. They are also putting in organised archiving of data on SAP anddeploying live reorganization of database using a Quest tool. They have

implemented the Solution Manager and are now looking for certification as a

customer competence center.

29


30/33

Coming Next: Improved Collaboration, Analytics

As valuable as Hero Hondas supply chain automation is, in many ways the

new system represents only the tip of a much larger iceberg. They have just

upgraded to a later version of mySAP SRM and this will usher in added

functionality. Itll help them to do more strategic sourcing by evaluating the

suppliers and forming strategic partnerships. Theyll also implement self-

service procurement for indirect materials and will extend the supplier portal

by implementing a vendor-managed inventory function, as well as improved

analytics through the data warehousing capabilities of SAP Business

Intelligence. Hero Honda expects steady growth in motorcycle demand in

the future, as well as a steady increase in the complexities of manufacturing

the two-wheelers. The motorcycle market in India continues to be strong.

For one thing, many people who used to ride scooters now prefer

motorcycles. For another, that the economy is strong and financing is readilyavailable. Balasubramanian points out that the spectrum of motorcycle

models and colors is also growing. His company averages about three new

models each year and, with the current selection of models and colors, Hero

Honda is responsible for producing about 150 variations of motorcycle not

including accessories. But now theyre well equipped to handle the growing

market and product mix and at the same time, theyre more responsive than

ever before to dealers and other customers, thanks to mySAP SRM and

mySAP CRM.

BOTTLENECKS

Till date, the IS department has not faced any major bottlenecks. With a

proper plan and proper implementation of those plans, we have overcome all

hurdles, comments Balasubramanian. The only major problem the IS team

has faced till date was management perception of ERP. They were of the

opinion that ERP implementations were mainly failures. Many felt that

instead of going in for ERP they should implement an e-business solution.Balasubramanian had to tell the management that one could not run e-

business without a stable information systems structure within the

organisation.

Today, IT has taken off very well, especially with support from

management. There has also been very good user support, which helped us

30


31/33

in experimenting with new technologies, says Balasubramanian. Thanks to

the stable IT infrastructure the companys business analysis has become very

sound and credible, he adds. The company is now one of the reference sites

for SAP, and only one of ten companies in the Asia Pacific region selected

by SAP for this honour.

Snapshot of Hero Hondas IT set-up

Number of servers Over 35 servers (All IBM)

Proxy server For providing Internet access to internal users.

Web server For providing access to dealers and vendors.

Wide Area Network

Between Gurgaon plant and Dharuhera plant Primary link is a 2 Mbps

leased line from Bharti with RF and VSAT being secondary back-up links.

Between Gurgaon plant and Delhi head office 2 Mbps leased line as a

primary link. Another 2 Mbps link from Gurgaon plant to Comsat Max and

then to the head office is a secondary link.

Connectivity for marketing offices with plants and head offices

VPN connectivity between 20 locations through 64 Kbps leased line

with ISDN as a back-up.

Internet connectivity through leased line from Comsat Max

31


32/33

SUMMARY

Faced with growing market demand and inefficiencies in its supplier order

processes, Hero Honda the worlds largest two-wheeler manufacturer

chose the mySAP Supplier Relationship Management (mySAP SRM)

solution to integrate and automate its large and complex supply chain.

Key Challenges

Supplier order processing not well synchronized with production planning

Proprietary supplier portal provided no transactions, only information

Project Objectives

Speed up and automate supplier order processing Synchronize customer orders with supplier schedules

Solutions and Services

mySAP SRM

mySAP Customer Relationship

Management (mySAP CRM) solution

Why SAP Solution

Ability to integrate the new supplier portal with the existing mySAP ERP

Solution

AT A GLANCEImplementation Highlights

Three-month initial rollout covered 15 of the top 125 strategic suppliers;

over 50 suppliers have since been covered

Implementation included training Hero Honda suppliers as well as buyers

Key Benefits

Faster supply chain order processing cut three days from old schedule

Improved accuracy of deliveries from 98% to 100%

Better responsiveness to customer changes

Online communication with suppliers integrated and traceable

Inventory planning improved 10% reduction in inventory carrying cost Transaction costs reduced because of fewer discrepancies to handle

Overall lower process and transaction costs

Implementation Partner: SAP Consulting

Existing Environment: mySAP ERP

Database: Oracle

Hardware: IBM

32


33/33

Operating System: AIX

BIBLIOGRAPHY

WEBSITE ADDRESS

http://www.expresscomputeronline.com/20031124/appsspecial10.shtml

http://www.networkmagazineindia.com/200412/coverstory04.shtml

http://www.networkmagazineindia.com/200410/coverstory01.shtml

http://www.expressitpeople.com/20020415/cover1.shtml

http://www.expresscomputeronline.com/20070917/managment01.shtml

http://www.tceworld.co.in/index_files/tmm/kma/hr/pm/HR_pm0511.hmhttp://www.expresscomputeronline.com/20020701/ebiz2.shtml

Research papers & Articles :-

Auster, Ethel and Chun Wei Choo, ed. 1995. Managing Information for theCompetitive Edge. New York, NY: Neal Schuman. (In press.)

Bates, Mary Ellen and Kimberly Allen. 1994. Lotus Notes In Action: Meeting

Corporate Information Needs.Database 17, no. 4 (Aug 1994): 27-38.

Birks, Grant. 1995. Value-added Information Services: The Art of Being

Synchronous with Your Corporation. Bulletin of the American Society for

Information Science 21, no. 2 (Dec/Jan 1995): 23-25.

Roll No 02 Nitin Sindwani

Documents

Transcript of Roll No 02 Nitin Sindwani