Roll No 02 Nitin Sindwani
-
Upload
nitin-sindwani -
Category
Documents
-
view
216 -
download
0
Transcript of Roll No 02 Nitin Sindwani
-
8/3/2019 Roll No 02 Nitin Sindwani
1/33
TERM PAPER
OF
COMPUTER NETWORKS
Project TOPIC
On
Information security management in Organizations
SUBMITED TO: SUBMITTED BY:
SAHIL RAMPAL NITIN SINDWANI
Roll no 02
REG NO: 11010424
MBA- IT
SESSION 2010 2012
LOVELY PROFESSIONAL UNIVERSITY
PHAGWARA(GT ROAD) PUNJAB
-
8/3/2019 Roll No 02 Nitin Sindwani
2/33
ACKNOWLEDGEMENT
I express my profound sense of gratitude to my faculty guide Mr
SAHIL RAMPAL, faculty member, Department of Business
Administration, lovely professional university, and my teacher of Computer
network, for his systematic guidance throughout this term paper. I would
also like to thank him for giving such a topic for term paper which helped
me to develop a practical insight of whatever I had learnt in the class.
I would also like to express my heartfelt thanks to my familymembers and my friends, who extended all kinds of co-operation to me
throughout the course of this work.
2
-
8/3/2019 Roll No 02 Nitin Sindwani
3/33
CONTENTS
1. Introduction
2. Information Management Cycle
3. Scope of Information security Management
4. Topology used for security
5. Pre SAP Scenario-------------------------------------------------------------
5
6. The IT Infrastructure--------------------------------------------------------6
7. Enterprise Application-------------------------------------------------------7
8. Supplier & Customer Relationship Management-----------------------9
9. eHR Implementation-------------------------------------------------------11
10. Information & IT security management--------------------------------12
11. Benefits to HHML----------------------------------------------------------20
12. Bottlenecks-------------------------------------------------------------------22
13. Snapshots of IT setup at HHML-----------------------------------------23
14. Summary--------------------------------------------------------------------24
3
-
8/3/2019 Roll No 02 Nitin Sindwani
4/33
15. Bibliography-----------------------------------------------------------------25
INTRODUCTION
The Intelligent Organization
An organization behaves as an open system that takes in
information, material and energy from the external environment, transforms
these resources into knowledge, processes, and structures that produce goods or
services which are then consumed in the environment. The relationship
between organizations and environment is thus both circular and critical:
organizations depend on the environment for resources and for the justificationof their continued existence. Because the environment is growing in complexity
and volatility, continuing to be viable requires organizations to learn enough
about the current and likely future conditions of the environment, andto to use
this knowledge to change their own behavior in a timely way (Choo 1991,
Choo and Auster 1993).
An organization works with three classes of knowledge: tacit knowledge, rule-
based knowledge, and background knowledge (Table 1).Tacit
knowledge consists of the hands-on skills, special know-how, heuristics,
intuitions, and the like that people develop as they immerse in the flow of theirwork activities. Tacit knowledge is deeply rooted in action and comes from the
simultaneous engagement of mind and body in task performance. Tacit
knowledge is personal knowledge that is hard to formalize or articulate
(Polanyi 1966, 1973). The transfer of tacit knowledge is by tradition and shared
experience, through for example, apprenticeship or on-the-job training.
4
-
8/3/2019 Roll No 02 Nitin Sindwani
5/33
5
-
8/3/2019 Roll No 02 Nitin Sindwani
6/33
Scope of Information security Management
The basic goal of information management is to harness the
information resources and information capabilities of the organization in order
to enable the organization to learn and adapt to its changing environment (Choo1995, Auster and Choo 1995). Information creation, acquisition, storage,
analysis and use therefore provide the intellectual latticework that supports the
growth and development of the intelligent organization. The central actors in
information management must be the information users themselves, working in
partnership with a cast that includes information specialists and information
technologists. Information management must address the social and situational
contexts of information use -- information is given meaning and purpose
through the sharing of mental and affective energies among a group of
participants engaged in solving problems or making sense of unclear situations.
Conceptually, information management may be thought of as a set of processesthat support and are symmetrical with the organization's learning activities. Six
distinct but related information management processes may be discerned (Fig.
2): identifying information needs, acquiring information, organizing and storing
information, developing information products and services, distributing
information, and using information (Davenport 1993, McGee and Prusak
1993).
Information Management Cycle
6
-
8/3/2019 Roll No 02 Nitin Sindwani
7/33
Which type of Information Needs
The identification of information needs should be sufficiently rich and
complete in representing and elaborating users' true needs. Since information
use usually takes place in the context of a task or problem situation, it is helpfulto recognize that information needs consist of two inseparable parts An
accurate description of information requirements is a prerequisite for effective
information management. Ironically, system designers often take this for
granted and assume that information requirements can be quickly determined
by examining existing paperflows and data flows. Similarly, senior managers
believe that it is the information specialist's job to identify their information
needs, and do not assume the `information responsibility' of defining in detail
what information they require (Drucker 1994). In reality, particular information
needs will have to be elicited from individuals. Unveiling information needs is
a complex, fuzzy communication process. Most people find it difficult toexpress their information needs to their own satisfaction. Personal information
needs have to be understood by placing them in the real-world context in which
the person experiences the need, and to the ways in which the person will use
the information to make sense of her environment and so take action.
Information Acquisition
Information acquisition has become a critical but increasingly complex
function in information management. Information acquisition seeks to balance
two opposing demands. On the one hand, the organization's information needsare wide-ranging, reflecting the breadth and diversity of its concerns about
changes and events in the external environment. On the other hand, human
attention and cognitive capacity is limited so that the organization is necessarily
selective about the messages it examines. The first corollary is therefore that
the range of sources used to monitor the environment should be sufficiently
numerous and varied as to reflect the span and sweep of the organization's
interests. While this suggests that the organization would activate the available
human, textual, and online sources; in order to avoid information saturation,
this information variety must be controlled and managed.
Information Organization and Storage
Organizing and storing information may be facilitated with the application of
information technology. Traditional data processing technologies were first
used to raise work efficiency, whether on the office floor or the shop floor. The
operational use of computers generated an abundance of detailed information
7
-
8/3/2019 Roll No 02 Nitin Sindwani
8/33
about transactions, customers, service calls, resource utilization, and so on.
While such systems are tuned to provide high throughput performance, they are
inefficient at and sometimes incapable of retrieving the information that
decision makers need to have for planning and problem solving.
Topology used for security
Fig. 3. A Topology of Information Products and Services
Users want information not just to give answers to questions (`What is
happening here?') but also to lead to solutions for problems (`What can we do
about this?'). Moving from questions to problems means moving from asubject-based orientation in which knowing is a sufficient end state to an action
orientation in which information is being used to formulate decisions and
behaviors. To be relevant and consequential, information products and services
should therefore be designed to address not only the subject matter of the
problem but also the specific contingencies that affect the resolution of each
problem or each class of problems.
8
-
8/3/2019 Roll No 02 Nitin Sindwani
9/33
Information Distribution
The purpose of distributing information is to encourage the sharing of
information. A wider distribution of information promotes more widespreadand more frequent learning, makes the retrieval of relevant information more
likely, and allows new insights to be created by relating disparate items of
information. The delivery of information should be done through vehicles and
in formats that dovetail well with the work habits and preferences of the users.
The separation between information provider and information user should be
dissolved: both ought to collaborate as partners in the dissemination and value-
adding of information to help ensure that the best information is seen by the
right persons in the organization. To encourage users to be active participants,
it should be made easy for them to comment on, evaluate, and re-direct the
information they have received.
One of the biggest success stories in the Indian two wheeler segment, Hero
Honda is a household name today. Whats not so well known is the fact thatthe company has successfully used IT to help it reach the top.
What started out as a Joint Venture between Hero Group and the
Honda Motor Company of Japan, has today become the worlds single
largest two-wheeler Company. Coming into existence on January 19, 1984,
Hero Honda Motors Limited (HHML) gave India nothing less than a
revolution on two-wheels, made even more famous by the Fill it - Shut it -
Forget it campaign. Driven by the trust of over 5 million customers, the
Hero Honda product range today commands a market share of 48% making
it a veritable giant in the industry. Add technological excellence, an
expansive dealer network, and reliable after sales service to that and we have
one of the most customer- friendly companies. Customer satisfaction, a high
quality product, coupled with the strength of Honda technology and the Hero
groups dynamism has helped HHML scale new frontiers and exceedslimits.
For New Delhibased Hero Honda, success has brought significant
rewards and some daunting challenges. The company, established in 1985
as a joint venture between Hero Group of India and Honda of Japan, holds a
50% market share in India and has grown to become the worlds largest two-
wheeler manufacturer. In the last six years Hero Hondas sales volume grew
9
-
8/3/2019 Roll No 02 Nitin Sindwani
10/33
by 400%, and this year the company expects to manufacture and sell more
than 3 million motorcycles. Its no wonder that Hero Honda has won
accolades in the New Delhi business press. In fact, in 2001 Hero Hondas
chairman Brijmohan Lall Munjal received the Ernst & Young Entrepreneur
of the Year award for India, and in 2005 he was presented with the Padma
Bhushan, a prestigious award from the Indian government. But growth has
brought unique challenges, too. Hero Honda now supplies motorcycles
through more than 500 dealers and 700 service points, institutions, and
overseas customers. In addition, the company calls on more than 240
suppliers for its parts and subassemblies. The challenge for Hero Honda: cut
time and waste out of its supply chain and add more flexibility in meeting
the fast-changing dynamics of the modern market in India
Hero Honda is a leader in the two wheeler segment in the country, and even
claims to be the worlds largest two wheeler company in its advertising. Toreach the heights that it has, Hero Honda has successfully leveraged the IT
advantage, especially in recent times.
PRE SAP SCENARIO
The company has a highly efficient and reliable network today. But till 1998
Hero Honda depended on legacy systems, which had a high failure rate. The
set up was not in a position to cater to the expansion that Hero Honda went
through and was not suitably updated. Because it was obsolete, themanagement decided to revamp the entire IT set up according to S R
Balasubramanian, vice president, Information Systems, Hero Honda Motors.
HHML had legacy systems working on different platforms, which were
developed in-house and tailor-made to their method of working. Since the
legacy systems took care of data processing, only some operational reports
got generated by the system. Real MIS resided on Excel sheets along with
different kinds of analysis. Information, therefore, was fragmented and the
authenticity was questionable. Over a period of time, the systems underwent
changes and represented a patchwork of several additions and modifications.They were loosely integrated across functional areas. There was duplication
and information inconsistency as happens with most legacy applications. It
was therefore important to migrate from this platform to something more
stable and futuristic.
MOTIVATION FOR CHANGE
10
-
8/3/2019 Roll No 02 Nitin Sindwani
11/33
At that point of time the management perception about IT was also changing
and they decided IT would be part and parcel of Hero Honda. This helped in
modernising the information systems at the company. Apart from this,
competition in business and deployment of bandwidth hungry applications
forced the company to migrate from a slower legacy network to the new
faster and more reliable network. The managements vision was to align IT
with business. IT was to be used as a strategic business tool rather than for a
limited purpose of data processing. An information systems plan was drawn
up, which besides other things, stated that the organisation would go for
common systems across the organisation. It would also achieve integration
between all systems; emphasis would be on improving business processes,
to adopt best practices and to cover the entire supply chain. HHML wanted
to consider only state-of-the-art systems and one which had a clear road map
for the future including conduct of business over the net. Tired of in-housedeveloped systems, they wanted a standard solution and in particular, an
ERP. Their idea was to partner with a technology vendor capable of taking
them forward as the business expectations increase.
THE IT INFRASTRUCTURE
The IT infrastructure of the company is connected over three major Local
Area Networks (LANs). These connect the corporate office in New Delhi
with two manufacturing plants (Gurgaon and Dharuhera), and other zonal
and marketing offices. 21 locations are connected through its Wide Area
Network (WAN) set-up. Most of these locations are connected with the
corporate office through VPNs, leased lines, and at few places through
VSAT connectivity. The motorbike major has a total of seven TDM/TDMA
VSATs and two PAMA VSATs. As far as the VPN set-up is concerned, it is
still a closed-user group. For connectivity between its Dharuhera and
Gurgaon facilities the company uses a very fast radio link. The company has
installed the PAMA VSATs from Comsat Max as a backup facility. The
Hero Honda network spans 750 nodes across the country.
Hero Honda uses 10/100 Mbps Ethernet switched technology for data
transmission and is connected with both optic fibre and Cat 5 cables. Optic
11
-
8/3/2019 Roll No 02 Nitin Sindwani
12/33
fibre is used for the backbone, which will also solve the future bandwidth
requirements of the company. The company has three Cisco routers. The
company also uses a mix of switches from three vendors: Cisco, IBM and
3Com. For non-critical applications, the company has opted for 3Com
switches. As IBM switches are cheaper than Cisco ones, we will be going
in for more and more IBM switches in the future, says Balasubramanian.
All the switches and hubs at the company are managed devices. Apart from
this the company also uses an IBM RS 6000 server for running SAP
applications, and other midrange servers for running Ingres and Oracle. For
Lotus Notes applications the company has opted for IBMs Netfinity
servers. As far as other networking hardware is concerned, the Gurgaon
plant has two Cisco routers, which are connected to an IBM LAN Route
Switch, and the storage box is connected to the RS 6000 server. The
company is also using a tape library, which works as a backup device.
One of the key features of Hero Hondas networks is that most sites enjoy
excellent backup facilities. For instance, Dharuhera is connected directly to
Comsat Maxs PAMA VSAT main hub. The IT facilities at Gurgaon are
connected with two electrical sources, two MCBs, and two UPSes. The
company has also installed an extra server as a backup. It possesses a
Network Attached Storage system, with plans to shift to a Storage Area
Network. For this Hero Honda has gone in for an IBM Trivoli solution. The
whole idea was that information systems should be able to cater to 99
percent of availability. Even if a LAN or a switch fails it should just take 10
minutes to switch to another LAN or switch.
12
-
8/3/2019 Roll No 02 Nitin Sindwani
13/33
ENTERPRISEAPPLICATIONS
A good and reliable messaging system was a long-standing need at Hero
Honda. When they first introduced messaging, it took off very well. To
ensure its success the management arranged training programmes at all thethree major areas and also invited the regional offices to join in. The success
of the messaging system was so good that people started overlooking the
VSAT network. The company messaging set up evolved around Lotus
Notes. They evaluated both Microsoft Exchange and Lotus Notes, and
finally decided to go in for Lotus Notes. The Lotus Notes application at
Hero Honda evolved around those applications that users are familiar with.
This is done as a part of the information systems plan along with the
business plan to integrate information systems in the organisation, integrate
all the departments. As the management knew that the implementation ofERP would take some time, they wanted to use that time to introduce an
IT culture in the company.
After the successful implementation of this system, the IT set-up faced some
problems during the first Diwali after the introduction of the messaging
system. This happened because of huge number of greeting messages and
card attachments. This prompted the company to introduce a new greetings
system on the lines of Bluemountain.com. They opened up a car4.809 cmds
library system and asked the users to go to the card library and select a card
and send it across. By this, no attachment would go, but only the link. Afterthis they were able to avoid a considerable amount of traffic. And users were
quite excited about having a card application. People started enjoying the
use of IT applications. Subsequently, the company put up an intranet and
workflow applications.
ERP IMPLEMENTATION
The next move was to implement ERP in order to integrate various functions
and control its operations. The company went live with SAP R3 on February
1, 2001. It uses modules like production, materials, finance, marketing,
assets, quality sales and distribution. Siemens Information Systems was the
implementation partner for this rollout. The ERP implementation presented a
high level of data integration. ERP has helped the company immensely.
Today nobody asks any other department for information. One can log in
and see reports online, says Mukesh Malhotra, deputy general manager,
13
-
8/3/2019 Roll No 02 Nitin Sindwani
14/33
Hero Honda Motors. They were able to implement better cost control
measures. This had helped them in calculating the cost of consumables, tool
inventory cost, power and fuel costs, and plant overheads. Because of this
they also became ready for future SCM and CRM implementations.
SAPS ROLE
HHML evaluated BAaN and Oracle. The overwhelming presence of SAP in
the automotive sector was one of the important reasons for selection. The
customer references spoke strongly about SAPs ability to address the needs.
The project took off with a great start. It imparted one-day awareness
training sessions to around 135 managers and key users explaining the
project and roles of core team members and users.There were hiccups in between because of staff turnover at the
implementation partners end because of which the project had to be
extended by a month. However, they kept various activities on schedule.
They were one week behind at the last stage of Go-Live preparation but
made that up in the last month. The Steering Committee played a useful role
and wherever some policy issues could not be decided, the CEO intervened
to resolve. End users were involved at various stages and hence they adapted
to the new systems well. The first few days saw several problems but the
help desk (available 24 hrs) attended to them promptly. Every day thereafter
saw lesser problems and the operations got streamlined in 15 days. The
yearly closing ended on the 31st March 2001, (2 months from Go Live) and
was completed in 24 days. Year closing for the following
year was achieved in 11 days and HHML was the second company in India
to declare results. This indicated the stability of systems and the efficiencies
achieved.
IMPLEMENTATION PARTNERS
Siemens Information Systems Ltd (SISL) were the implementation partners.They imparted initial training to the users and core team members. They also
helped in redefining various processes based on their experience. They gave
valuable suggestions for improvement at various stages. In the Steering
Committee meetings they clarified various issues and helped in convincing
the management to make various changes.
14
-
8/3/2019 Roll No 02 Nitin Sindwani
15/33
RECORD-BREAKING IMPLEMENTATION TIME
Hero Honda also profited from services delivered remotely by SAP
consultants in Singapore and software developers in Walldorf, Germany.
This international approach ensured that any issues were dealt with rapidly
and effectively. The speed with which technical issues were resolved was
impressing. In some cases, SAPs German developers found answers
overnight. Thanks to close collaboration between SAP and Hero Honda, the
project was completed in a record three months. Implementing the latest
mySAP SRM and mySAP CRM capabilities in such a tight time frame was
an ambitious goal
SUPPLIER & CUSTOMER RELATIONSHIP MANAGEMENT
Automotive Motorcycles
Processing Orders Manually
They have a large supply chain and they needed accuracy and speed in the
deliveries of raw material and components. Their suppliers were given a
plan for the month but changes are often necessitated by market conditions
like changes in the mix of models and colors. And there could also be
increase or decrease in demand. They wanted the ability to respond to these
changes by aligning the production plan, supply schedule of components,
and other resources to handle this efficiently. Hero Honda had already been
using the mySAP ERP solution for its core applications but until January
of 2004, the company continued to enter its customer orders manually
using a portal to communicate with suppliers. They used to receive orders
from dealers in the form of spreadsheets, e-mail, and phone calls. It took a
few days to bring in the customer orders and consolidate them. Then they
would get our material requirements plan from the ERP [enterprise resource
planning] system and post the information on their portal. This was done
through periodic updates twice a day and hence did not consistently give
the latest information to their partners. They had no visibility of materials intransit and a lot of time was wasted on follow-ups. They also had to deal
with incorrect deliveries from vendors when they sent either less or more
than the scheduled quantity. For example, they might have ordered 100 units
but the supplier delivered 110. This kind of error would slow down the
receiving station while their people would seek approval for receiving the
extra quantity. Also, mismatches like this meant that either they carried
15
-
8/3/2019 Roll No 02 Nitin Sindwani
16/33
more inventory than needed or caused production holdups if the quantity
supplied was less than ordered.
Automating Supplier Transactions
In February 2004, Hero Honda began a pilot test, bringing in mySAP
Supplier Relationship Management (mySAP SRM) as well as mySAP
Customer Relationship Management (mySAP CRM), both solutions in the
mySAP Business Suite family of business solutions. For the rollout of its
supplier portal, Hero Honda chose its top 125 suppliers together, they
account for 95% of the companys supplies. Most of these suppliers now
perform their transactions with Hero Honda through the Web-based self-
service portal, in real time. Suppliers can now see the status of their orders,
shipments, and invoices, and they can see new delivery schedules as soon as
theyre processed by the Hero Honda production plan. They can also use theportal to make confirmations along the way for example, to confirm that
they can handle a certain variation and to confirm that theyll meet the
delivery schedule.
SAP Consulting
It took three months to complete the rollout. Helping Hero Honda speed up
the process and helping implement some of the newest features in mySAP
SRM was SAP Consulting. mySAP SRM experts, from both the Asia-
Pacific region and SAP headquarters in Walldorf, Germany, worked on the
project and helped Hero Honda develop some of its most complicated direct
materials processes. They assisted them during the entire implementation
process and transferred knowledge to them. Also, they unlocked some
software features that were not known even to be existing by people at
HHML. For instance, they helped them implement instant messaging, which
was helpful in contacting the suppliers quickly in the event of a production
scheduling change say, one that might occur because of an upcoming
holiday. SAP Consulting and the Asia-Pacific solutions team also helped
Hero Honda integrate a bar code reading function into the system,according to Balasubramanian. The bar code feature is used by those local
suppliers who make just-in-time deliveries several times each day. For them,
its faster and easier to process their deliveries via a bar code reader on the
delivery dock than it is to make constant updates to the self-service portal.
16
-
8/3/2019 Roll No 02 Nitin Sindwani
17/33
End-to-End Process Integration
Hero Honda also implemented a customer portal, as a feature of mySAP
CRM. With the two portals now in place, the company benefits from end-to-
end process integration. Our dealers place their orders once a month, he
says. Typically, a dealer might order several hundred motorcycles, as well
as spare parts. So every Friday we get our orders in, we consolidate them on
Saturday, and on Monday morning our suppliers are all receiving our
delivery schedules, directly from our production planning system.
Because the ordering process is now fully automated, Hero Honda saves
approximately three days over the time it used to take to complete this
process. That translates into an inventory savings of about 10%, which in
turn translates into a substantial cost savings. The automation also increases
Hero Hondas own ability to be responsive to its dealers. Even thoughdealers normally place their orders on a monthly basis, there are many times
when they want to revise an order thats already in process. They might do
this to account for a sudden change in customer demand for instance, their
customers might start asking for a new color or a different model. For these
revisions, we can get the change in on Friday and be pretty sure that the
entire shipment will go out, as scheduled, the following week, says
Balasubramanian. The customers appreciate this kind of responsiveness and
its just what they, and they, need in order to continue to take advantage of
this fast growing market. The systems end-to-end integration pays
dividends in maximizing order accuracy, as well. Theyve greatly reduced
the chances of mismatched orders too. For one thing, its easier for suppliers
to check their orders on the portal and they know that the portals
information is both accurate and up to the minute. Since the advance
shipping notification created by the supplier is derived from the purchase
order, the chance of a delivery mismatch with the order is almost zero.
eHR IMPLEMENTATION
With technology touching all aspects of todays business, there is increasing
usage of IT and Internet technologies in a companys HR department.
Suddenly HR managers are finding themselves in a whirlwind of
technological changes, with adoption of IT (both as process and tool)
becoming a necessity for them. The past one year has seen IT playing a key
17
-
8/3/2019 Roll No 02 Nitin Sindwani
18/33
-
8/3/2019 Roll No 02 Nitin Sindwani
19/33
what type of information was there, who should access it and who should
not in order to ensure complete data integrity
Along with business growth, Hero Honda has also grown on all fronts. It has
set up two manufacturing facilities at Dharuhera and Gurgaon in Haryana.
These facilities now churn out over 3.5 million motorbikes per year. This
growth is also applicable to the companys employees and their business
needs. As is the case with any other large organization, Hero Honda has
nearly 1,600 desktop users. E-mail is a backbone of todays business and
justifying that the company has created approximately 2,000 email ids for its
users.
Security set-up so far
The year 1999 was the inflection point for the entire IT set-up at HeroHonda, including information security. The company undertook a complete
revamp of its IT infrastructure with a new architecture, expansion of its
network, IT assets and applications. The security approach has been
evolutionary, in line with these growing requirements. Connecting the entire
organisation during 1999, the company put its mailing system into place.
This, however also led to the import of viruses into the system, thereby
warranting the need for a complete anti-virus solution. Before this, there was
anti-virus software installed only on a few desktops. The company chose
McAfee for its comprehensive features and good installed base. Hero Honda
has now implemented the complete suite, covering the desktop, servers andmail gateway.
The company first deployed the Total Virus Defence (TVD) system, which
was later upgraded to the Active Virus Defence (AVD) system around two
years ago. Under AVD, Hero Honda is using Group Shield for Lotus Notes
mailing system, Netshield for NT and Window 2000 servers and Virus Scan
for end-user desktops. The AVD works under the ePolicy Orchestrator
agent, which is an agent installed on each and every desktop and delivers the
means to control the anti-virus applications. According to Balasubramanian,
it gives the company power to enforce its anti-virus policy, to update the
policy on end-user desktops and to monitor update progress through
graphical reports. ePolicy has made it easier to enforce any anti-virus policy
in the company in just two hours in all the offices.
19
-
8/3/2019 Roll No 02 Nitin Sindwani
20/33
As part of the AVD architecture, Hero Honda has three AVD servers at the
head office in Delhi, and the Gurgaon and Dharuhera plant. The AVD server
at Delhi takes care of all head office-based servers, desktops and all zonal
and area office desktops. Likewise, with the Gurgaon and the Dharuhera
AVD servers. All the three servers are connected to the McAfee Internet site
through the Net. As a result, whenever McAfee releases any new anti-virus
DAT files, all three AVD servers get synchronised with McAfee server and
download the DAT file (incremented) immediately, which are then
distributed to all the servers and desktops. In case of a virus attack on any of
the servers and desktops, the ePolicy agent updates the AVD server about
this new virus.
CORE CRISIS
Messaging systems form the frontline for any organization. The externalmail server forwards corporate mail to the internal mail server that is
deployed on our LAN over SMTP. The internal mail server is a central mail
repository from where all the employees pop their individual mails. All the
employees based in New Delhi, Dharuhera and Gurgaon plant, POP their
mails from the local mail server. They have ISP level security which
consists of a firewall, spam filter and anti-virus. However, they soon realized
that ISP level security was inadequate for the task at hand.
The company was facing difficulties vis--vis messaging and there were
Internet access and security issues related to spam, online and spam-relatedmalware attacks and choked bandwidth. Moreover, the company wanted to
filter Web access.
The company receives an average of 26,000 e-mail messages per day, which
translates to almost 1 GB of storage space. Of these at least 70 percent were
spam. That used to work out to around 18,500 pieces of spam per day. The
ISP was able to filter out about 50 percent of this. Still, almost 9,000
messages hit our internal mail server everyday. They tried out a few
standalone, software-based spam filters with little success.
Apart from a vast number of employees, HHML also has a vast chain of
dealers and service stations spread across the country. So mails exchanged
between these offices often got lost in the maze of spam and the business
suffered. Often business correspondence was incorrectly classified as spam,
a case of false positives, and deleted while spam continued to pour in.
20
-
8/3/2019 Roll No 02 Nitin Sindwani
21/33
Mailboxes were clogged with spam. Having close to 9,000 spam messages
hitting the local mail server on a daily basis was something that was not
acceptable as, downloading legitimate mail along with the torrent of spam
that dodged the ISPs filters from the external mail server to the local one
was a painfully slow and, quite often, frustrating process.
Emphasizing another side of this crisis, Bandwidth consumption did not just
increase, it shot through the roof and to keep adding bandwidth was not a
viable solution. Once the messages reached an individuals mailboxes, they
had to be checked and deleted manually. Many a times the recipients were
tempted to read the spam and the mail processing time kept increasing at the
cost of productivity. Legitimate e-mail messages were often lost in the maze
of spam.
The management began questioning the IT department regarding the extentof spam, which was mostly unanswerable, despite the IT teams best efforts.
Employees stationed at remote locations such as Gurgaon and Dharuhera
were worst hit. For them, the mail was first downloaded to the local mail
server and then had to be POPped to their remote individual mail boxes. The
download time of an individual message was very high and this was
particularly frustrating since at least 50 percent of the mail was spam.
21
-
8/3/2019 Roll No 02 Nitin Sindwani
22/33
IT experts are the most prominent group in today's technology-dominatedenvironment. The management of information technology has remained in the
media's spotlight for many years now, with no signs of diminishing interest.
Academics, businesses, consultants, and government all continue to extol the
strategic application of information technology. IT experts have indeed become
proficient at fashioning computer-based information systems that dramatically
increase operational efficiency and task productivity.
Information experts, the librarians and specialists who work in corporate
libraries or information centers, the records managers, the archivists, and so on,have long been regarded as part of the support staff of the organization,
working quietly in the background, often uninvolved in any of the critical
functions of the organization. Yet as the individuals who have the skills that are
most needed to effectively acquire, organize, and distribute information, the
intelligent organization cannot afford to do without their contribution and
22
-
8/3/2019 Roll No 02 Nitin Sindwani
23/33
participation in its strategic activities. Information experts have to break out of
their cocoons and recast their roles
THESE STEPS USING FOR MANAGING SECURITY IN
ORAGANIZATIONS
Need for firewall
The need for further beefing up the security set-up beyond an anti-virus
solution was felt as the company further opened up its systems to external
access. Around a year-and-a-half ago, apart from providing Internet access
through the proxy server, the company also decided to provide connectivity
with dealers and vendors for information sharing, i.e. they could directly log
in to the Web server. This required the deployment of a firewall to guard the
systems from possible hackers and virus attacks. This was the first time that
they were really connected to their partners. Earlier they only had a mail
gateway through which they exchanged mail. So, there really wasnt a need
for a firewall at that time. But now, since they are allowing people to log in
and with people accessing the Internet there is the need for a firewall.
Firewalls deployed at Comsat Max: Hero Honda has a perimeter firewall
that serves as the Internet gateway for both the plants and head office. It has
chosen Checkpoint as its firewall, which runs on a Nokia box and is
managed and monitored by the service provider, Comsat Max. The
companys IT security architecture divides the network into zones, based on
the function of the infrastructure contained therein. The zones created are:
DMZ zone
Third-party zone
Application servers zone Critical servers zone
Security management zone
Network and system management zone
LAN & WAN zone
23
-
8/3/2019 Roll No 02 Nitin Sindwani
24/33
Unauthorised Internet access
Restriction of access to unauthorised sites is taken care through the proxy
server, which was deployed around two years ago for Internet access tointernal users. The rules for access control have been defined in the server
itself. It defines factors like which PCs have access to the Internet, the sites
that can be accessed, time period during which only certain users can access
the Internet, etc.
The company has taken various measures to ensure data integrity during
internal access as well. It has deployed PGP software on the critical desktops
and notebooks within the organisation for encrypting data. While the
software was deployed around two-and-a-half years ago, it keeps onidentifying and adding critical notebooks and desktops. The information on
the desktops and notebooks is kept in a folder and is encrypted, which
requires a user name and password to access it.
Furthermore, Hero Honda has built in integrity in the application itself,
which is well documented with profiles for each user. Depending on his/her
profile, the user gets the rights for accessing the data. The authentication is
done through passwords.
And the answer was
The spam included a good smidgen of Phishing which slipped through the
primary security layer at the ISPs end. Malware entering through the
messages and Internet browsing was also a major source of concern. Several
messages contained a malicious payload of viruses, spyware and Trojans.
Once these entered the network, they promptly began consuming bandwidth
and causing system crashes. Unprotected and unrestricted Internet browsing
also left gaping security holes. The lack of filters on browsing left the
organization wide open to attack from malware, tracking cookies, spyware
and keyloggers.
Digvijaysinh Chudasama, Vice President, Sales, Cyberoam said that
Enterprises are replacing best-of-breed security solutions in their networks
with Unified Threat Management solutions. Cyberoams all-in-one security
platform aids the transition without compromising the feature granularity of
standalone solutions. Cyberoams identity-based security empowers
24
-
8/3/2019 Roll No 02 Nitin Sindwani
25/33
administrators to proactively defend the enterprise network against both
internal and external threats.
While considering the core problem and sensitivity of the issue for Hero
Honda, Tarak Technologies, business partner of Cyberoam, suggested a plan
to secure the companys e-mail. Jose Kurian, COO of Tarak Technologies
said after examining the problem they understood that response time was
crucial. The messaging application cannot go down for a long period of time
at a company such as Hero Honda. They offered them Cyberoams anti-
spam software. Rather than going out for point-to-point solutions we
suggested that the company go in for Unified Threat Management (UTM).
Kurian added that the Cyberoam UTM solution sits at the gateway level. It is
an appliance through which mail gets routed, filtered and forwarded to the
local mail server. In the absence of Web filtering and access accountability,the little bandwidth that was left was consumed through unrestricted surfing.
This proved detrimental to organizational productivity. Lack of Internet
usage accountability led to malicious sites being surfed, which in turn
infected the network with a host of spyware.
As a remedy to slow browsing and other bandwidth problems, the company
was forced to upgrade its initial 64 Kbps Internet connection to a 4 Mbps
pipe. Yet, the complaints persisted even after this quantum leap in
bandwidth availability. They purchased four Cyberoam appliances, three
250is and one 100i. One 250i appliance is deployed at our corporate officein New Delhi, and one each at production plants in Dharuhera and Gurgaon.
A 100i appliance is deployed at their upcoming facility at Haridwar. All
Cyberoam appliances have been deployed in bridge mode. The entire mail
and Web traffic passes through Cyberoam.
The changed scenario
Post-implementation, Internet access is productively focused. This is amply
reflected in the bandwidth usage. Once insufficient, bandwidth availability is
now quite satisfactory. Total bandwidth consumption fell sharply and the
ISP bills also took a nose dive. A clean network, safe and responsible
surfing and spam free mail boxes have all culminated in a drastic reduction
in calls to the IT helpdesk.
25
-
8/3/2019 Roll No 02 Nitin Sindwani
26/33
Information security policy
While the company had some documented policies relating to various
aspects, including IT security post-1999, they were not comprehensive
enough to cover all areas. Increasingly expanding connectivity warranted the
need for a complete policy, defining the security issues both from within and
outside the organisation. The companys plans for connectivity with
business partners included rolling out the second phase of its supply chain
solution, allowing dealers and vendors to interactively do transactions with
the company on the Net. (It already provides dealers and vendors one-way
access to the Web server). Furthermore, it is also trying to allow employees
access to applications like instant messaging and SAP, especially for field
staff and mobile workers. In such a scenario, which required opening up its
systems to partners, the need for a robust policy was imminent.
A few months ago, Hero Honda started working on its new information
security policy with HCL Comnet as the consultant. The policy broadly
covers around 17 domains. These domains include networking and
telecommunication, back-up, software purchase, use and maintenance,
incident management, e-mail, Internet, access control, password
control, anti-virus, notebooks, information disposal, acceptable use,
system development, desktop, information classification, training and
physical security. HCL Comnet carried out the vulnerability assessments
and outlined the areas requiring improvement. These included
recommendations for patch upgradation on various operating systems andfor networking devices as well as physical securityspecifically for the
server room. The consultant also recommended the removal of modems
provided to users for directly accessing the Net from their PCs. Though the
connections had been removed, the modems were left behind, which, the
consultants pointed out, created vulnerability as the users could plug them in
and start using them. According to Balasubramanian, based on the
recommendations of the consultants, the company fixed up the loopholes in
its security set-up, including some recommendations regarding the firewalls
and the protection of servers. The company has already carried out pre-vulnerability assessments, fixed the vulnerabilities and then conducted post-
vulnerability assessments.
On the other side, Hero Honda also worked on the information classification
part of its information security policy, which didnt exist earlier. This
involves participation from the top management with user representation
26
-
8/3/2019 Roll No 02 Nitin Sindwani
27/33
from all the functional areas. The present exercise of classification of
information is being done depending on confidentiality, criticality and
availability. Apart from information classification, the access rights to
various classes of people are also being defined in the policy. The functional
heads are made responsible for their departments and endorse the
classification of information being done.
The RoI Factor
According to Avnesh Jain, The Cyberoam UTM has maximized return on
investment. It exceeded our expectations before the implementation. The
anti-spam feature effectively stops around 9,000 bits of spam each and every
day. Employees were pleasantly surprised to find spam-free inboxes.However, we also saved time and our legitimate e-mail was no longer buried
under.
As spam disappeared, inter-office connectivity benefited greatly. Employees
at the remote site no longer have to wait indefinitely for their e-mail to be
downloaded. Bandwidth used to connect remote offices was also saved.
Cyberoams anti-spam solution not only blocked spam, but also proved
effective against any type of mail-based threat. The solution used Recurrent
Pattern Detection technology. It is content-agnostic and equally effective
against image based spam. Pattern detection technology ensured a minimalwindow of vulnerability, providing zero hour protection to the HHML
network.
The cost involved in getting Cyberoams UTM solution at Hero Honda was
around Rs 12 lakhs. It took almost a year to deploy this solution at all
locations because they went in for a pilot and gradually scaled up from there.
However, the actual deployment time was very less.
Cyberoams anti-virus solution scans SMTP, IMAP, POP3 mail traffic and
HTTP and FTP activity as well, leaving no security gaps unattended. As allthe Web-based traffic is scanned for spyware and malware, clean and secure
Web surfing has become a reality. Cyberoams identity-based Web filtering
ensures employee accountability, which in turn leads to a reduction in
unproductive surfing. The IT department has created groups and assigned
Internet access rights based on their business profile in HHML. Cyberoams
HTTP client is used to authenticate the user. As the Web filtering rules are
27
-
8/3/2019 Roll No 02 Nitin Sindwani
28/33
implemented on the users identity and not just on the IP address, IP
spoofing has been curbed.
FUTURE PLANS
Now that Hero Honda is readying itself for the second phase of its supplychain initiative of connecting with dealers and vendors, it is planning to
build more components on top of its existing security set-up. While in the
first phase, the company had allowed dealers and vendors only one-way
access, in the second phase it will allow them to interactively do transactions
with the company on the Net. Once the second phase starts rolling out in
April next year, the company plans to deploy additional features like an
intrusion detection system, user authentication and single-user sign-on.
As part of the new information security policy, the company will beoutsourcing the monitoring of all its external access, hacking and intrusions
to third-party service providers with SLAs. We will outsource primarily
because the third-party service providers have the expertise and resources to
monitor 24x7, explains Balasubramanian. Also, as a policy, Hero Honda
will initiate regular half-yearly audits to check compliance with the security
policy and also to check whether the policy needs a change.
BENEFITS TO HHML
ERP helped in improving quality, access and usage of transactional data and
suitably eliminated multiple entries. Besides, there was no need for manual
reconciliation any more and operational processes were improved at various
stages. Order processing was Standardized across all functions. And real-
time information on product cost, profitability analysis, and dispatch and
production status was made available too.
One of the main reasons for the success of their SAP project was that the
project was perceived as a business project, and not as an IT project. Anddifferent functional heads and module leaders were also involved in the
project. Apart from this, the deployment of relational databases like Oracle
and Ingres helped in consolidating data at one place and made it accessible
to all authorised users
28
-
8/3/2019 Roll No 02 Nitin Sindwani
29/33
GREATER RESPONSIVENESS, FEWER ERRORS
Following go-live in June 2004, Hero Honda immediately saw marked
improvements. On-line interaction enhanced order execution efficiency
thereby improving the responsiveness. Their old sales orders process was
very time-consuming. Now dealers enter orders directly into the system.
This accelerates deliveries preventing loss of business due to delays. Hero
Honda has also streamlined its transactions with suppliers, making for better
inventory planning and reduced inventory carrying costs. Improved
information exchange guarantees that the right goods are delivered at the
right time. The company has also significantly reduced error-prone, manual
data entry. Suppliers now create advanced shipping notifications in the
system, and when the shipment reaches Hero Honda, the companys
employees simply have to confirm receipt.
AMBITIOUS PLANS FOR THE FUTURE
Building on the success of the project, Hero Honda is now planning a range
of new SAP initiatives. These include adding additional mySAP SRM and
mySAP CRM functionality, implementing the SAP Strategic Enterprise
Management application of mySAP ERP Financials and integrating it with
SAP Business Information Warehouse (SAP BW), and rolling out SAP
Enterprise Portal (SAP EP) to all users. The SAP BW component is
provided in SAP Business Intelligence (SAP BI). SAP BI and SAP EP are
components of the SAP NetWeaver platform. Our new SAP solutions
have enhanced our competitive edge. We are confident that were on the
right track for continued success, concludes Bala. HHML is in the process
of making continuous improvements and changing configuration to add
more functionality to the existing systems. They have implemented the
Plant Maintenance module in Sept, 2002 and are implementing the
Human Resource (including India Payroll) module. The Supply Chain
Management project is about to take off too. Proposed future applications
are CRM, BW, SAP Portals and ESS. HHML has upgraded from 4.6 B to
4.6 C. They are also putting in organised archiving of data on SAP anddeploying live reorganization of database using a Quest tool. They have
implemented the Solution Manager and are now looking for certification as a
customer competence center.
29
-
8/3/2019 Roll No 02 Nitin Sindwani
30/33
Coming Next: Improved Collaboration, Analytics
As valuable as Hero Hondas supply chain automation is, in many ways the
new system represents only the tip of a much larger iceberg. They have just
upgraded to a later version of mySAP SRM and this will usher in added
functionality. Itll help them to do more strategic sourcing by evaluating the
suppliers and forming strategic partnerships. Theyll also implement self-
service procurement for indirect materials and will extend the supplier portal
by implementing a vendor-managed inventory function, as well as improved
analytics through the data warehousing capabilities of SAP Business
Intelligence. Hero Honda expects steady growth in motorcycle demand in
the future, as well as a steady increase in the complexities of manufacturing
the two-wheelers. The motorcycle market in India continues to be strong.
For one thing, many people who used to ride scooters now prefer
motorcycles. For another, that the economy is strong and financing is readilyavailable. Balasubramanian points out that the spectrum of motorcycle
models and colors is also growing. His company averages about three new
models each year and, with the current selection of models and colors, Hero
Honda is responsible for producing about 150 variations of motorcycle not
including accessories. But now theyre well equipped to handle the growing
market and product mix and at the same time, theyre more responsive than
ever before to dealers and other customers, thanks to mySAP SRM and
mySAP CRM.
BOTTLENECKS
Till date, the IS department has not faced any major bottlenecks. With a
proper plan and proper implementation of those plans, we have overcome all
hurdles, comments Balasubramanian. The only major problem the IS team
has faced till date was management perception of ERP. They were of the
opinion that ERP implementations were mainly failures. Many felt that
instead of going in for ERP they should implement an e-business solution.Balasubramanian had to tell the management that one could not run e-
business without a stable information systems structure within the
organisation.
Today, IT has taken off very well, especially with support from
management. There has also been very good user support, which helped us
30
-
8/3/2019 Roll No 02 Nitin Sindwani
31/33
in experimenting with new technologies, says Balasubramanian. Thanks to
the stable IT infrastructure the companys business analysis has become very
sound and credible, he adds. The company is now one of the reference sites
for SAP, and only one of ten companies in the Asia Pacific region selected
by SAP for this honour.
Snapshot of Hero Hondas IT set-up
Number of servers Over 35 servers (All IBM)
Proxy server For providing Internet access to internal users.
Web server For providing access to dealers and vendors.
Wide Area Network
Between Gurgaon plant and Dharuhera plant Primary link is a 2 Mbps
leased line from Bharti with RF and VSAT being secondary back-up links.
Between Gurgaon plant and Delhi head office 2 Mbps leased line as a
primary link. Another 2 Mbps link from Gurgaon plant to Comsat Max and
then to the head office is a secondary link.
Connectivity for marketing offices with plants and head offices
VPN connectivity between 20 locations through 64 Kbps leased line
with ISDN as a back-up.
Internet connectivity through leased line from Comsat Max
31
-
8/3/2019 Roll No 02 Nitin Sindwani
32/33
SUMMARY
Faced with growing market demand and inefficiencies in its supplier order
processes, Hero Honda the worlds largest two-wheeler manufacturer
chose the mySAP Supplier Relationship Management (mySAP SRM)
solution to integrate and automate its large and complex supply chain.
Key Challenges
Supplier order processing not well synchronized with production planning
Proprietary supplier portal provided no transactions, only information
Project Objectives
Speed up and automate supplier order processing Synchronize customer orders with supplier schedules
Solutions and Services
mySAP SRM
mySAP Customer Relationship
Management (mySAP CRM) solution
Why SAP Solution
Ability to integrate the new supplier portal with the existing mySAP ERP
Solution
AT A GLANCEImplementation Highlights
Three-month initial rollout covered 15 of the top 125 strategic suppliers;
over 50 suppliers have since been covered
Implementation included training Hero Honda suppliers as well as buyers
Key Benefits
Faster supply chain order processing cut three days from old schedule
Improved accuracy of deliveries from 98% to 100%
Better responsiveness to customer changes
Online communication with suppliers integrated and traceable
Inventory planning improved 10% reduction in inventory carrying cost Transaction costs reduced because of fewer discrepancies to handle
Overall lower process and transaction costs
Implementation Partner: SAP Consulting
Existing Environment: mySAP ERP
Database: Oracle
Hardware: IBM
32
-
8/3/2019 Roll No 02 Nitin Sindwani
33/33
Operating System: AIX
BIBLIOGRAPHY
WEBSITE ADDRESS
http://www.expresscomputeronline.com/20031124/appsspecial10.shtml
http://www.networkmagazineindia.com/200412/coverstory04.shtml
http://www.networkmagazineindia.com/200410/coverstory01.shtml
http://www.expressitpeople.com/20020415/cover1.shtml
http://www.expresscomputeronline.com/20070917/managment01.shtml
http://www.tceworld.co.in/index_files/tmm/kma/hr/pm/HR_pm0511.hmhttp://www.expresscomputeronline.com/20020701/ebiz2.shtml
Research papers & Articles :-
Auster, Ethel and Chun Wei Choo, ed. 1995. Managing Information for theCompetitive Edge. New York, NY: Neal Schuman. (In press.)
Bates, Mary Ellen and Kimberly Allen. 1994. Lotus Notes In Action: Meeting
Corporate Information Needs.Database 17, no. 4 (Aug 1994): 27-38.
Birks, Grant. 1995. Value-added Information Services: The Art of Being
Synchronous with Your Corporation. Bulletin of the American Society for
Information Science 21, no. 2 (Dec/Jan 1995): 23-25.