DNP Develops Gateway Management System
Will prevent internal fraud
Dai Nippon Printing Co., Ltd. (DNP) has developed a gateway management system that includes up to date HR data on access permission granted to employees in any given company premises. The Company has already introduced the new system on an in-house basis, and has confirmed its effective operation, and will now put efforts into external sales in conjunction with Nihon Unisys, Ltd., a company with which DNP maintains a capital and business alliance.
In recent years, there have been numerous occurrences of personal and corporate data leaks as a result of internal fraud. When aiming to prevent internal fraud-based data leaks, it is considered effective to subdivide and minimize privileges for individual employees to the greatest possible extent. In addition to access to information systems, it is also important to properly control access to factories, offices, server rooms and archives in line with employee attributes. And following transfers, it is further necessary to remove access privileges to offices previously accessible in the line of work, while granting access to premises that correspond to the employee’s new duties in a proper and timely manner. In particular, as there is no end to instances of retired employees removing mission critical data from the premises, it further becomes necessary to remove access privileges to archives storing mission critical data for employees that have submitted resignation papers, and erase all access privileges from the actual date of resignation. With many existing gateway systems, however, employee access privileges are managed on a site-by-site basis, and it is necessary to register employee IDs at each site. As a result, at companies with many employees or those with frequent transfers, such registrations often get delayed, and there is the fear that security holes may be generated during the period until access privileges are properly established.
In order to overcome these challenges, DNP has developed a server system that acts as a relay between HR systems and gateway management systems. In cases where HR data is renewed, access privileges are automatically reset for each gateway in a detailed match to the attributes of the corresponding employee, including department and rank.
The system receives HR data updates from the HR system, automatically sets access privileges on an employee basis, and automatically forwards these to the gateway management system.
The system facilitates automatic setting of access privileges in line with the diverse needs of each company, including AND settings (belonging to A department, AND of the rank of department chief or above), or alternatively, OR settings, (belonging to A department, OR B department).
In cases where automatic access setting is not possible based on HR data, for example in the case of special projects, the newly developed system makes it possible to update individual access data on a manual basis.
When updating HR data, existing HR systems generally output all cases or those that have been updated only, but the newly developed system can respond to either format. Gateway systems also tend to be divided into whitelist gatekeepers that register only the IDs of those with access privileges, and blacklist gatekeepers that register only the IDs of those banned from entering. The newly developed system can respond to either format.
In order to prevent internal fraud perpetrated by the system manager, the newly developed system makes it possible to confirm operation history, and restrict functions according to user IDs.
It is possible to automatically prevent the use of cards with expired validity dates. (The gateway system itself may not include this function).
Depending on client requirements, it is also possible to adapt the new system so as to make links with approved groupware workflows.
Cross site gateway management is also feasible. For example, in instances of relocation, the newly developed system makes it possible to totally erase all access privileges at the previous worksite at the same time as granting access privileges to the new worksite.
It is possible to reflect access privilege settings in an Active Directory that unitarily manages employee network accounts. As a result, it becomes possible to reflect changes in access privileges as a result of HR data alterations in both the gateway management system and the information system, including copiers and printers, in a simultaneous manner.
And in order to respond to needs for unitary management of information system IDs and passwords based on security reasons, it is also possible to log in to the new system using Active Directory authentication functions.
Pricing and Order Targets
Licensing pricing for the newly developed system is 5 million yen per year.
Connection set up costs with HR systems and gateway management systems began from 10 million yen.
DNP aims for the newly developed system to be adopted by 20 companies over the next 3-years.