Gränges, a leading global supplier of rolled products for brazed aluminum heat exchangers, prides itself on meeting the growing demand from the international automotive industry for lighter and more efficient heat exchangers that help reduce fuel consumption and emissions. Because Gränges relies on research and development to stay a leader, data security is a high priority. That’s why the Swedish manufacturer turned to Microsoft Enterprise Mobility + Security (EMS), in particular Azure Information Protection (AIP).
If you’re a world leader in manufacturing high-end aluminum products, chances are one of the things keeping your chief information officer awake at night is concern about a data security breach. That is certainly true for Swedish manufacturer Gränges, a company known globally for its rolled products for brazed aluminum heat exchangers.
Gränges has manufacturing locations in Sweden, China, and now the United States. Gränges offers a complete range of clad and unclad rolled aluminium products in various widths, gauges, and tempers that are used for brazed heat exchangers. The variety of its offerings works well for customized solutions, especially in the automotive and the HVAC&R industries.
“This position can only be achieved by extensive R&D and production know-how. Our products are a result of R&D with advanced knowledge about metallurgy and the production process, meaning a data breach is of special concern”, Chebaro says.
What if it really was a breach?
Although no data breach had happened, that possibility was something he Chebaro could not ignore. So he called Olov Norman, Service Delivery Manager at Lumagate, an IT consultancy company operating in the Nordics and U.S., focusing on Microsoft technology in the fields of cloud computing, automation, mobile user experience, identity, and strategy. Norman suggested an Microsoft Enterprise Mobility + Security (EMS) project to lock down the company’s PCs, with a particular focus on Azure Information Protection to improve the security of sensitive data. He also suggested putting in place an infrastructure that would let Gränges secure its mobile devices with Intune when the company is ready.
The immediate focus was on the AIP portion of the project. Even though there was no incident regarding a proven breach, Chebaro wanted to know for certain moving forward whenever a breach occurred, and in the meantime he wanted to be certain that all R&D files were secure, and that a good, solid business process was in place for how to categorize the data appropriately.
And the next time there is a call about a potential breach, Chebaro says, Gränges will have access to much more information to identify and address any concerns. AIP allows you to classify, label, and protect data at the time of creation or modification, by using policies to classify and label data in intuitive ways based on the source, context, and content of the data. Beyond that, AIP enables persistent protection that travels with your data, ensuring data is protected at all times, regardless of where it is stored, with whom it is shared, or what the device is running. By delivering visibility and control over shared data, AIP allows IT to use logging and reporting to monitor, analyze, and reason over shared data.
In a sense, the timing of the possible breach, and the immediate efforts to shore up security, were somewhat fortuitous, given that Chebaro and his company have even larger plans that need a well-secured base. “We have started a pre-study where we decided on implementing a common business platform, because we had two plants, one in Sweden and one in China, in Shanghai,” Chebaro says. “And these two plants run two different systems.” And then last summer, Gränges acquired a large business in the US, one that doubled the size of the company.
The company has started to implement a common business platform in Sweden, using Oracle eBS and Fusion Cloud, a product that helps organizations do business across locations and countries by standardizing processes and helping to simplify compliance. And beyond that, Gränges has even started to implement a common Manufacturing Execution Systems (MES) using a standard soltion from PSI Metals. Office 365 was one of the first common software implemented across the company.
Explore Enterprise Mobility + Security solutions.
"We sleep better at night knowing that the information is not accessible for parties who shouldn't access it. It's important for us to be sure that we can secure business critical data that we don't want to share with everybody else."
-Bilal Chebaro: Chief Information Officer, Gränges
Data security implementations going well
But for now, the AIP implementation is going well: it’s complete in Shanghai, and the next steps are similar implementations in Sweden and then the US. “ I feel quite secure about it,” Chebaro said.
One of the highlights of the AIP implementation is its seamlessness. “When the employees pick up the documents, they don't even know that they are encrypted,” Norman says. “But if they take one with them and they end up leaving the company, they're not able to read them.”
And that is worth quite a bit to Chebaro. “I mean, we will probably sleep better at night knowing that the information is not accessible for parties who shouldn't access it, and our R&D, basically it's important in every organization, and it's important for us to be sure that we can secure all the secret stuff that we don't want to share with everybody else,” he said. “I think it's one of the most important areas actually to protect, because it's a lot of intellectual property that we really want to keep inside the company.”
"With Azure Information Protection, when employees pick up the documents, they don't even know that they are encrypted. But if they take one with them and they end up leaving the company, they're not able to read them."
-Olov Norman: Service Delivery Manager, Lumagate
More security without big changes
For most Gränges employees, nothing much has changed. Chebaro says, “I mean, we're basically doing the same thing as we were doing before, but it's done in a more secure way. So that's the difference, I think in my opinion.”
It might have gone differently, though, with different decisions. “The easiest, quickest and most common way that many companies choose to resolve it is to secure all of the USB ports and do all this hardware kind of security. And this is when I thought that AIP is a better way going forward”, Chebaro says.
“We're not making life more difficult for our users by stopping them from using technology; we're just making it seamless and secure,” he adds.
That’s a compelling point, according to Norman, who says, “Since earlier in the day you protected those hardware devices. Now it's about the identity. So if you have a person in R&D and that person decides to leave the company, you will be confident that they are not able to share any documents or knowledge with other people. Just because they can copy it to 17 USB memories, it doesn't matter. Once we have disabled their AD accounts, they're not able to take that intellectual property with them.”
The solution might even drive change elsewhere in the industry, at least in the region.
“Here in Sweden we have several companies we are talking the same solution with. These are big companies spread all over the world,” Norman said. “They want to stay up with these kind of solutions as well. So I think for the whole industry, it's like this is a new way of thinking of protecting yourself. So it's a great step moving forward for the industry in that matter to protect in new ways.”
"We're not making life more difficult for our users by stopping them from using technology; we're just making it seamless and secure."
-Bilal Chebaro: Chief Information Officer, Gränges