About The Customer
A global semiconductor design and manufacturing leader faced the challenge of adhering to export control policies. With facilities worldwide, it relied on the expertise and collaboration of a global employee base. However, individual components within their products fell under the requirements of the International Traffic of Arms Regulations (ITAR) where penalties for non-compliance can be severe.
The Business Challenge
ITAR compliance means that only US citizens can view the layout of export-controlled components. This requirement forced physical segmentation of the company’s workforce, increasing cost and reducing productivity. Designs from overseas were shipped to a separate US facility, where US citizens could integrate the work into the design and build process.
The semiconductor market is highly competitive; rapid time-to-market is critical and these restrictions hampered the company’s development process and their ability to compete. Engineers accessed designs through several different applications. The classification of data varied, often within individual documents, some components were viewable by all users, while others were subject to ITAR restrictions. Classifying an entire design in a least-privilege manner wouldn’t work.
The manufacturer needed a solution that could apply policies to the individual components within a design document. To improve its competitiveness, the customer required secure collaboration between users at any of their locations, while protecting ITAR-regulated components from disclosure to foreign national.
Critical Success Factors
- Any user must be able to access design data, while having the appropriate policy applied to individual components
- Visibility into data movement and forensic trails for ITAR compliance
- Enforcement of controls on foreign nationals must not break the functionality of design software and simulation applications
- Allow internet access to the manufacturer’s full resources within each facility, but control use as needed
The Solution
Using Fortra™’s Digital Guardian®’s deep contextual awareness, classification and policy identification software, the company could automatically classify, and report on the presence of ITAR restricted components residing on servers, desktops, and laptops across their enterprise. Once data was properly classified, a masking policy could obfuscate ITAR-regulated components from foreign nationals while allowing complete visibility of other fields. The policy also recognized users who were US citizens, to allow for full component viewing.
Prior to deploying Digital Guardian, internet access was denied to employees working on sensitive designs due to security concerns, as a result, collaboration between facilities suffered. Digital Guardian worked with the organization to create policies allowing controlled internet access through the company’s virtual private network (VPN). Since Digital Guardian can distinguish a public from a private network, remote employees could still access the internet. This allowed users to reach a login page for a private network (such as a hotel’s network), but then required the user to connect to the company’s VPN to reach any other URL, giving the company the ability to monitor and log all data activity.
The Results
Productivity gains were quickly visible. Masking policies eliminated the need for duplicate infrastructure and physically segmenting employees, saving the company an estimated $4M annually. Further proving its value, DG provided alerts when an employee attempted to steal data on behalf of a competitor. The company successfully prevented the theft and prosecuted the individual.