EDAG Engineering + Design AG: Securing the integrated supply chain in the automotive industry

• Customer Profile: Automotive industry; 4,000 employees on five continents; private corporation
• Goals: Secure communications with key customer
• Solution: PGP Universal™ Gateway Email encrypts confidential communications
• Deployment: Low cost of operation; no user interaction required
• Benefits: Security; business enabler with customers

EDAG chose PGP Universal Gateway Email to protect its intellectual property and other confidential communications with its customer, Audi AG.

With a closed-loop production process chain, EDAG covers all requirements for automotive development and production plants. The company has established a leading position as an engineering partner for the automotive industry. EDAG offers resources and international project management from its many worldwide locations.

The Challenge

EDAG Engineering + Design AG (EDAG) is an automotive supplier known for the expertise of its highly qualified employees in the specialized areas of vehicle development, production plant engineering, and tooling as well as turnkey projects. The company uses simulation and virtual reality to reduce development cycle times and costs and to improve parts maturity and quality at product launch. EDAG's reference customers include Audi, Bentley, DaimlerChrysler, Ford, GM, Honda, Porsche, Volvo, and other world-class auto manufacturers.

Audi required secure email. As is common practice in the automotive industry, EDAG is tightly integrated into Audi AG's supply chain. Audi requires that all suppliers encrypt sensitive information to protect its intellectual property and to ensure that new designs, technical blueprints, price negotiations with suppliers, and other proprietary data is not disclosed.

Transparent encryption. Tomas Diegmüller, EDAG's head of network technology, remembers how the project started: "We had demands across all business units to encrypt email to and from Audi. Although the emails are transmitted using leased lines, they also had to be encrypted to ensure confidential data was not breached. We were looking for an easy, transparent way to encrypt emails without user interaction."

Benefits for supplier and customers. Diegmüller says the project was important primarily because the automotive business is highly competitive. "Audi is a prestigious customer, so there was no question about whether we should comply with its requirement to protect sensitive information," he explains. "Aside from Audi's requirement, it was equally important that we prevent competitors from taking advantage of our technical expertise."

The Solution

"Because we wanted as little user interaction as possible, we decided to encrypt emails automatically at the gateway," says Diegmüller. EDAG considered solutions from PGP Corporation and from another vendor that would meet these requirements: "In the end, we chose PGP Universal Gateway Email because we see it's the industry standard in this sector."

Comprehensive solution. According to Diegmüller, "PGP Universal Gateway Email offers an integrated keyserver, easy-to-use key management, and Web Messenger functionality, which allows us to communicate securely with recipients that have no key or encryption solution. It offers everything we need and more-right out of the box."

Alternatives provided no synergies. Diegmüller felt the tight integration of PGP® solutions offered significant advantages: "We already had a hard disk encryption solution in place, so we first looked at the gateway solution offered by the same vendor. We found that no real synergy resulted from using multiple products from this vendor, however, and its gateway solution wasn't as comprehensive as PGP Universal Gateway Email. We also discovered that PGP® solutions are better integrated because they share the same keys, policy, and user management. They're also based on a unified encryption platform, so economies of scale are much better when using more than one PGP solution."

Low cost of operation. Diegmüller explains that these synergies are so important because the cost of operation is more important than the licensing price of a particular solution: "We closely look at how much maintenance a product needs. The operational cost of PGP Universal Gateway Email is minimal, and introducing a second solution based on the PGP® Encryption Platform means we can leverage its capabilities to reduce costs and speed deployment."

The Results

PGP Universal Gateway Email is now an integrated part of EDAG's security strategy. The solution was sold through and installed by a PGP reseller. As Diegmüller recalls, "We found that our PGP® reseller was very knowledgeable about PGP solutions and about IT security in general. The reseller installed the solution on-site and also carried out the training for our administrators."

No user interaction required. EDAG has configured the policies on PGP Universal Gateway Email so that all emails to Audi are automatically encrypted. "It was important that users didn't need to know anything about encryption to be able to communicate securely," says Diegmüller. "PGP Universal Gateway Email went beyond our requirements because the solution is so transparent our users don't even notice that encryption takes place."

Assured security. Diegmüller also appreciates the policy-based encryption for another reason: "When you rely on the user to decide whether information needs to be encrypted, you can never be sure all sensitive information is protected. PGP Universal Gateway Email ensures that all our communications with Audi are secured because emails are automatically encrypted based on the policies we've previously established."

Summary

Diegmüller summarizes the positive experience with the PGP solution: "We've had no problems with PGP Universal Gateway Email since we introduced it. It's very easy to maintain and requires little attention."

Consolidating security. Diegmüller says EDAG will consider leveraging the synergies of the PGP® Encryption Platform: "Based on our experience with PGP Universal Gateway Email and the synergies we'd have by introducing another PGP solution based on the PGP Encryption Platform, we're thinking about switching to PGP® Whole Disk Encryption for our laptop protection. This move would lower the operational cost for both products because they share a common management architecture."

Business enabler. Diegmüller sees the email encryption solution as a prerequisite to doing business: "PGP Universal Gateway Email ensured that we could continue to do business with Audi, one of our most important customers. Other auto manufacturers have introduced secure email solutions, and we'll probably be required to securely communicate with other customers in the future. Because PGP Universal Gateway Email is standards-based, we're sure we can meet future demands with the same solution."

The PGP Encryption Platform. The PGP Encryption Platform reduces the complexities of protecting business data by enabling organizations to deploy and manage multiple encryption applications cost-effectively from a single management console. Deployed with the first encryption application, the PGP Encryption Platform makes installing a separate or additional infrastructure unnecessary when the organization needs other encryption applications. The PGP Encryption Platform supports the broadest range of integrated applications to secure email, laptops, desktops, instant messaging (IM), PDAs, network storage, FTP or bulk data transfers, and backups.