Fallstudie

ZF Friedrichshafen AG sichert Wireless Manufacturing mit Entrust nShield HSMs

Lesen Sie in der Fallstudie, wie eine führender Hersteller Entrust nShield® HSMs nutzt, um geschäftskritische Prozesse zu schützen und gesetzliche Bestimmungen einzuhalten.

Kontakt

Einführung

With more than 130,000 employees, ZF Friedrichshafen is one of the world’s leading manufacturers of automotive chassis and driveline technology. The company’s network of 230 manufacturing facilities stretches across 40 countries, producing the innovative transmissions, steering systems, axels, and chassis components that the world’s top vehicle makers need. ZF’s primary focus is on continuing its tradition of quality and innovation, but it realizes that today success requires reliance on advanced technology systems to power manufacturing and core business processes. To secure its systems from internal and external threats, ZF relies on Microsoft Windows Server PKI (public key infrastructure) technology and Entrust nShield hardware security modules (HSMs).

“Entrust nShield HSMs give us auditable key protection for the computers that conduct our office-based processes, and they enable more cost-effective and scalable security for the technology that drives our production lines,” says Jürgen Paulmichl, information technology security manager for ZF.

Implementing Entrust nShield HSMs has proven to be a smart move, as they have allowed us to easily meet the escalating security expectations of auditors, governments, and company leaders.

Jürgen Paulmichl
Information Technology Security Manager, ZF Friedrichshafen AG

Die Herausforderung

Decentralized Security Expensive to Maintain

For several years ZF used PKIs to protect individual processes. Within the company’s PKIs, various certificate authorities (CAs) issued digital certificates to machines, such as servers and desktop computers, in the company’s network. Using digital certificates, systems could be uniquely identified and authorized to access business systems, such as ZF’s SAP accounting applications.

As ZF operated these PKIs, the company realized that they presented two challenges. Managing thousands of certificates without a centralized process was time-consuming and inefficient, especially when it came to tracking and updating expiring certificates. And importantly from a security perspective, its PKIs were not completely secure or recoverable because the private keys underlying the certificate issuing process were not protected in a scalable, hardwarebased environment.

ZF subsequently decided to establish an enterprise-wide PKI. Paulmichl says, “With an enterprise PKI, we can manage certificates more efficiently. We chose to use Entrust nShield HSMs to secure our PKI and to enable a more reliable CA key storage environment. Implementing HSMs has proven to be a smart move, as they have allowed us to easily meet the escalating security expectations of auditors, governments, and company leaders.”

DIE LÖSUNG

Proven Technology

To issue certificates and manage its PKI, ZF decided to implement the PKI provided with Microsoft Windows Server. ZF undertook an extensive evaluation process for the HSMs securing the PKI, and it solicited proposals from four leading HSM vendors. The company was looking for seamless integration with Microsoft Windows Server, FIPS certification, and support for 64-bit Windows. Of the HSMs that met those basic requirements, Entrust nShield HSM stood out thanks to its remote management capabilities and proven ability to integrate with Microsoft Windows Server.

“Only Entrust had reference customers available to confirm ease of integration of its Entrust nShield HSMs with Microsoft Windows Server,” explains Paulmichl. “We were also impressed with the fact that we could manage HSMs remotely. It’s a capability that fits well with ZF’s global reach, allowing us to place HSMs as far away as Brazil while managing them from Germany. Being able to manage HSMs remotely cuts travel and management costs.

Nahtlose Integration

After receiving training from the Entrust professional services team, ZF was able to integrate its Entrust nShield HSMs into its PKI environment using in-house resources. “Entrust provided all the insight we needed to manage our HSMs securely and remotely,” says Paulmichl. “When we do need to administer the HSMs, we do so using smartcards, which enforce separation of duties for added security and compliance validation.”

Today, ZF manages tens of thousands of machine certificates with its PKI, and it secures the CA issuing keys protecting each certificate with Entrust nShield HSMs. Perhaps most crucially, the certificates serve to authenticate all of the machines involved in producing its products. Its machines are connected to each other over wireless networks, and the certificates ensure that no unauthorized machine can interfere with or eavesdrop on ZF’s manufacturing processes.

“Thanks to our Entrust nShield HSMs, no one can issue, forge, or duplicate a certificate with our PKI. That is important to us from business perspective and to our auditors who must sign off on our processes,” explains Paulmichl.

You expect security from HSMs. Entrust nShield HSMs also provide the superior performance, scalability, and reliability needed to protect our global manufacturing processes.

Jürgen Paulmichl
Information Technology Security Manager, ZF Friedrichshafen AG

Ready for Changing Regulations

In an effort to fight tax evasion and smuggling, the government of Brazil implemented regulations – called nota fiscal electronica – requiring that manufacturers produce electronic bills of lading “stamped” with a digital signature.

The regulations mandate the use of HSMs to store and protect the time stamping certificates. While many manufacturers scrambled to implement compliant systems, ZF was ready. The company simply integrated its PKI with the SAP system it used to generate bills of lading.

“Brazil’s nota fiscal electronica is a good example of how regulations can require HSMs,” says Paulmichl. “Because our processes were already protected by HSMs, it was easy for us to comply. We are able to easily manage our HSMs in Brazil from Germany.”

Performance, Scalability, and Reliability Delivered by Entrust

When a process reengineering effort required that ZF update certificates for tens of thousands of machines in a 24 hour period, its IT security staff was pleased that the company’s Entrust nShield HSMs were more than up to the task. Paulmichl explains, “We rolled out certificates to all clients all over the world in one day. No location reported any errors. Our Entrust nShield HSMs performed perfectly. You expect security from HSMs. Entrust nShield HSMs also provide the superior performance, scalability, and reliability needed to protect our global manufacturing processes.”

Benefits with Entrust

Reducing IT costs with enterprise-class e-security

Meeting the expectations of auditors and regulators

Managing HSMs remotely and cost-effectively

Protecting manufacturing processes from unauthorized access

Weitere Ressourcen

Kontakt

Fill out the form to have one of our experts contact you to discuss how nShield HSMs can enable your digital security.

Vorname

Nachname

Unternehmens-E-Mail

Name des Unternehmens

Telefonnummer

Tätigkeitsbereich

Verantwortungsebene

Land

Staat

Provinz

Welcher Code ist in dem Bild enthalten?

Geben Sie die im Bild gezeigten Zeichen ein.

Marketing-Zustimmung

Telemarketing-Zustimmung

Company Profile

Headquartered in Friedrichshafen, Germany, ZF develops and manufactures driveline and chassis components for the global automotive industry. The company is best known for its innovative transmissions, including the world’s first 8-speed transmission.

To learn more about ZF Friedrichshafen, visit www.zf.com