Proactive Compliance (cont.)

Mazda's European IT operations prepare for Japan's Sarbox regulations as part of a broader information protection strategy

There's also a clear compliance benefit here. If, for instance, regulators visit the company's European operations and request specific information--such as email exchanges between specific employees on specific dates--the e-discovery functionality in Enterprise Vault would allow Laeremans to fulfill that request.

Protecting PCs

MMLE's information protection strategy extends well beyond servers to desktops and notebooks, where its security efforts start with some basic requirements. Each user who logs into a MMLE system must have complex passwords that need to be changed every 90 days, according to J-SOX requirements. Notebooks and PCs containing mission-critical information--such as accounting data-require higher levels of security. "In the case of accounting information, we have to encrypt the data in order to comply with J-SOX," says Laeremans.

Now, for the challenge: Many encryption technologies have considerable overhead and therefore slow down the performance of a PC, notebook, or server. "We've seen that first-hand," concedes Laeremans. "So we're looking at a few solutions at the moment and doing some proof-of-concept work to determine the best encryption option for us."

Meanwhile, MMLE has to maintain a delicate balancing act with its dealers. On the one hand, the company has to fully safeguard its network. But on the other, dealers need timely, comprehensive access to the automaker's portals. "When it comes to our dealers, the only way they can access our dealer portal is through virtual private network connections," says Laeremans.

When those remote systems attempt to connect to MMLE's portal, the network checks the remote PC to ensure it has the appropriate antivirus and antimalware software in place. The network also checks the remote PCs to verify that they are, indeed, Mazda-approved systems. "If the remote system isn't fully up-to-date, we can provide limited access or no access at all, depending on the scenario," says Laeremans.

Coordinated defense

Like an engine that fires on all cylinders, Laeremans works with several peer departments to ensure MMLE's security strategy is implemented effectively.

Naturally, he reaches out to Mazda's headquarters in Japan for guidance, and his counterparts in Asia also seek ideas from time to time. For instance, MMLE was the first division within the company to use HP-UX, which required it to embrace UNIX-oriented backup and recovery technology as well. But that wasn't a big challenge, because of Symantec's commitment to cross-platform support. "When we introduced HP-UX into Mazda a few years ago, the Japanese team came over for a couple of weeks to look at it and determine if it might be a fit for them as well," recalls Laermans. "A couple of months later, they started down the road with HP-UX."

Looking ahead, Mazda Europe only has a few more months to ensure its systems comply with the March 2008 J-SOX deadline. But Laeremans isn't worried. "We'll be ready," he says. "With help from Symantec, J-SOX is something we're well prepared to address."