DNP Develops System to Prevent Information Leaks by Company Staff
Detects unauthorized terminal operations in secure areas and prohibits exit
Dai Nippon Printing Co., Ltd. (DNP) developed a system to prevent information leaks by company staff with access authority to critical data, and sales were launched in October 2014.
[System Development Background]
In recent years, problems have arisen in companies involving in-house crime by privileged users granted access authority to information on a broad basis. The issue particularly concerns system maintenance managers, and has been related to leaks of critical data, such as personal information.
The following methods can be used in order to prevent internal crime by privileged users.
- By restricting privileged users to staff members, and not outsourcing system maintenance to external venders.
- By having internal tasks carried out by multiple staff members, who monitor each other.
- When such tasks have been completed, by having managers confirm that no discrepancies exist between previously reported task contents and the operations log.
- In addition to restricting the authority of privileged users to the minimum scope possible, by only granting that authority so as to match the timing of applications and approvals, and terminating authority in a timely manner once the necessary tasks have been completed.
- By performing regular monitoring of systems operation logs.
While the aforementioned operational methods can be considered effective to prevent internal crime, challenges have emerged given the significant scale of the required operation task. Also, when confirming the systems operation log, as malpractice is only discovered after the event, it is difficult to prevent information leaks.
This most recent system development is linked to a gateway management system that temporarily prohibits privileged users from exiting secure areas in instances of unauthorized operation of terminals with access to critical information where there are fears of information leaks. As a result, it is possible to prevent information leaks without having to rely on workers to monitor each other.
The newly developed system is composed of the following components.
1. Anti-Information Leak System (CWAT System) Customized Version
CWAT is a security software developed and marketed by DNP subsidiary Intelligent Wave Inc. Apart from constantly monitoring computer operations, and accumulating operations log data, in cases of operations pre-registered as malpractice, the system blocks the process and notifies managers via e-mail. And with the customized version, in cases of malpractice, a function has been added that allows for the inclusion in IC cards, set in card readers attached to computers, of an exit prohibition flag.
2. Gateway Management System Using Contactless IC Cards
Card readers located at both entrances and exits from secure areas authenticate IC cards on entry and exit. As a result of collaboration with multiple gateway management system vendors, the gateway management system used in the newly developed security system includes an additional function that will not release an electronic lock in instances where IC cards containing an exit prohibition flag are waved over the card reader when attempting to exit secure areas.
The operational flow of the newly developed system is as follows.
- Privileged users wave IC cards over IC card readers located at the doors to secure areas when entering and exiting and perform user authentication.
- When operating computers in secure areas, IC cards are set in card readers attached to computers at all times. (CWAT installed on computers constantly monitors whether IC cards are set in card readers, and deactivates the keyboard in instances when the card is removed).
- While not possible to include in prohibition settings (the setting of process blocking with CWAT) in instances of operations with fears of information leaks, CWAT writes an exit prohibition flag into the IC card. At the same time, CWAT also sets off an alarm by sending e-mails to system managers and security personnel and causes beacon lights to flash.
- As privileged users are temporarily unable to exit secure areas, it is possible for system managers or security personnel to rush to the scene, and confirm operational contents with privileged users and/or question them. Once it has been confirmed that there are no problems, the exit prohibition flag can be cancelled using the managers system.
[Pricing and Future Developments]
Adoption costs for the newly developed system start from 3 million yen for the minimum configuration. Costs for card readers etc. will be quoted on a separate basis. In order to boost the effect of the newly developed system, it is necessary to visualize in advance, how much critical data exists, from which terminals this data can be accessed, and who has been granted privileged status. DNP plans to offer a consulting service in order to enhance this process.
DNP forecasts sales of 500 million yen over the next year including the newly developed system and peripheral consulting services.
* Product price, specification and service content listed in this news release are current on the date of the announcement. This data may change without notice. We apologize for any inconvenience.