A Report on

Management Information System of Hero MotoCorp

Submitted To: Dr. Susheel Chhabra DATE OF SUBMISSION: November 25, 2011

SUBMITTED BY: Group 11 Section B SONAM AHUJA 104/11 ANKITA AGARWAL 106/11 KUMAR SOMIL 108/11 N.VENKATA RAMANA REDDY 110/11 NISHANT SRIVASTAVA 112/11 MANISH THAKUR 114/11

Lal Bahadur Shastri Institute of Management, Delhi

Table of Contents
S.No. 1 2 3 4 Topics Acknowledgement Research Methodology Introduction Company Profile Supplier and Customer Relationship Management 5 6 7 8 10 11 12 13 eHR Implementation TPS and MIS Decision Support System Expert support System System Analysis and Design Virtual Private Network Information and IT Security Management Bibliography Pg. No. 3 4 5 6 12 15 16 18 19 21 22 23 31

ACKNOWLEDGEMENT

We would like to express our deepest sense of gratitude to our project guide Dr. Susheel Chhabra for his invaluable guidance, inspiration and encouragement that we received from him throughout the project. Our efforts in accomplishing this project are a result of constant motivation and invaluable learning imparted by him.

Group 11/ Section B Trimester II

RESEARCH METHODOLOGY
The project entitled as management information system at HERO MOTOCORP was undertaken and the research was conducted in two phases:

1. Primary survey 2. Secondary survey

Secondary survey: - We have collected some literature reviews and also some kind of relevant data for the project through internet and by using some books.

Primary survey: - Primary survey was conducted by visiting the company. We asked about their management information system.

The data provided by them was analysed by us.

INTRODUCTION
Management Information Systems (MIS) is the term given to the discipline focused on the integration of computer systems with the aims and objectives on an organization. The development and management of information technology tools assists executives and the general workforce in performing any tasks related to the processing of information. MIS and business systems are especially useful in the collection of business data and the production of reports to be used as tools for decision making. Deconstructing the term MIS enables us to define each word in a business context: Management - being managed or people managing a business. Over recent years management has become more scientific and system-oriented. Information - knowledge made available to people within an organization. Systems - sets of connected things or parts within an organization which tie the planning and control by managers to the various operations.

COMPANY PROFILE
One of the biggest success stories in the Indian two wheeler segment, Hero MotoCorp is a household name today. Whats not so well known is the fact that the company has successfully used IT to help it reach the top. Hero MotoCorp formerly Hero Honda is a motorcycle and scooter manufacturer based in India. Hero Honda started in 1984 as a joint venture between Hero Cycles of India and Honda of Japan. The company is the largest two wheeler manufacturer in India. In 2010, When Honda decided to move out of the joint venture, Hero Group bought the shares held by Honda. Subsequently, in August 2011 the company was renamed Hero MotoCorp with a new corporate identity.

For New Delhibased Hero MotoCorp, success has brought significant rewards and some daunting challenges. The company, established in 1985 as a joint venture between Hero Group of India and Honda of Japan, holds a 57% market share in India and has grown to become the worlds largest two-wheeler manufacturer. In the last six years Hero MotoCorps sales volume grew by 400%, and this year the company expects to manufacture and sell more than 3 million motorcycles. Its no wonder that Hero MotoCorp has won accolades in the New Delhi business press. In fact, in 2001 Hero MotoCorps chairman Brijmohan Lall Munjal received the Ernst & Young Entrepreneur of the Year award for India, and in 2005 he was presented with the Padma Bhushan, a prestigious award from the Indian government. But growth has brought unique challenges, too. Hero MotoCorp now supplies motorcycles through more than 500 dealers and 700 service points, institutions, and overseas customers. In addition, the company calls on more than 240 suppliers for its parts and subassemblies. The challenge for Hero MotoCorp: cut time and waste out of its supply chain and add more flexibility in meeting the fast-changing dynamics of the modern market in India Hero MotoCorp is a leader in the two wheeler segment in the country, and even claims to be the worlds largest two wheeler company in its advertising. To reach the heights that it has, Hero MotoCorp has successfully leveraged the IT advantage, especially in recent times.

PRE SAP SCENARIO

The company has a highly efficient and reliable network today. But till 1998 Hero MotoCorp depended on legacy systems, which had a high failure rate. The set up was not in a position to cater to the expansion that Hero MotoCorp went through and was not suitably updated. Because it was obsolete, the management decided to revamp the entire IT set up according to S R Balasubramanian, vice president, Information Systems, Hero MotoCorp. MotoCorp had legacy systems working on different platforms, which were developed in-house and tailor-made to their method of working. Since the legacy systems took care of data processing, only some operational reports got generated by the system. Real MIS resided on Excel sheets along with different kinds of analysis. Information, therefore, was fragmented and the authenticity was questionable. Over a period of time, the systems underwent changes and represented a patchwork of several additions and modifications. They were loosely integrated across functional areas. There was duplication and information inconsistency as happens with most legacy applications. It was therefore important to migrate from this platform to something more stable and futuristic.

MOTIVATION FOR CHANGE

At that point of time the management perception about IT was also changing and they decided IT would be part and parcel of Hero MotoCorp. This helped in modernizing the information systems at the company. Apart from this, competition in business and deployment of bandwidth hungry applications forced the company to migrate from a slower legacy network to the new faster and more reliable network. The managements vision was to align IT with business. IT was to be used as a strategic business tool rather than for a limited purpose of data processing. An information systems plan was drawn up, which besides other things, stated that the organization would go for common systems across the organization. It would also achieve integration between all systems; emphasis would be on improving business processes, to adopt best practices and to cover the entire supply chain. MotoCorp wanted to consider only state-ofthe-art systems and one which had a clear road map for the future including conduct of business over the net. Tired of in-house developed systems, they wanted a standard solution and in particular, an ERP. Their idea was to partner with a technology vendor capable of taking them forward as the business expectations increase.

THE IT INFRASTRUCTURE
The IT infrastructure of the company is connected over three major Local Area Networks (LANs). These connect the corporate office in New Delhi with three manufacturing plants (Gurgaon, Dharuhera and Haridwar), and other zonal and marketing offices. 21 locations are connected through its Wide Area Network (WAN) set-up. Most of these locations are connected with the corporate office through VPNs, leased lines, and at few places through VSAT connectivity. The motorbike major has a total of seven TDM/TDMA VSATs and two PAMA VSATs. As far as the VPN set-up is concerned, it is still a closed-user group. For connectivity between its Dharuhera, Gurgaon and Haridwar facilities the company uses a very fast radio link. The company has installed the PAMA VSATs from Comsat Max as a backup facility. The Hero MotoCorp network spans 750 nodes across the country. Hero MotoCorp uses 10/100 Mbps Ethernet switched technology for data transmission and is connected with both optic fiber and Cat 5 cables. Optic fiber is used for the backbone, which will also solve the future bandwidth requirements of the company. The company has three Cisco routers. The company also uses a mix of switches from three vendors: Cisco, IBM and 3Com. For non-critical applications, the company has opted for 3Com switches. As IBM switches are cheaper than Cisco ones, we will be going in for more and more IBM switches in the future, says Balasubramanian. All the switches and hubs at the company are managed devices. Apart from this the company also uses an IBM RS 6000 server for running SAP applications, and other midrange servers for running Ingres and Oracle. For Lotus Notes applications the company has opted for IBMs Netfinity servers. As far as other networking hardware is concerned, the Gurgaon plant has two Cisco routers, which are connected to an IBM LAN Route Switch, and the storage box is connected to the RS 6000 server. The company is also using a tape library, which works as a backup device. One of the key features of Hero MotoCorps networks is that most sites enjoy excellent backup facilities. For instance, Dharuhera is connected directly to Comsat Maxs PAMA VSAT main hub. The IT facilities at Gurgaon are connected with two electrical sources, two MCBs, and two UPSes. The company has also installed an extra server as a backup. It possesses a Network Attached Storage system, with plans to shift to a Storage Area Network. For this Hero MotoCorp has gone in for an IBM Trivoli solution. The whole idea was that information systems should be 8

able to cater to 99 percent of availability. Even if a LAN or a switch fails it should just take 10 minutes to switch to another LAN or switch.

ENTERPRISE APPLICATIONS
A good and reliable messaging system was a long-standing need at Hero MotoCorp. When they first introduced messaging, it took off very well. To ensure its success the management arranged training programmes at all the three major areas and also invited the regional offices to join in. The success of the messaging system was so good that people started overlooking the VSAT network. The company messaging set up evolved around Lotus Notes. They evaluated both Microsoft Exchange and Lotus Notes, and finally decided to go in for Lotus Notes. The Lotus Notes application at Hero MotoCorp evolved around those applications that users are familiar with. This is done as a part of the information systems plan along with the business plan to integrate information systems in the organization, integrate all the departments. As the management knew that the implementation of ERP would take some time, they wanted to use that time to introduce an IT culture in the company. After the successful implementation of this system, the IT set-up faced some problems during the first Diwali after the introduction of the messaging system. This happened because of huge number of greeting messages and card attachments. This prompted the company to introduce a new greetings system on the lines of Bluemountain.com. They opened up a car4.809 cmds library system and asked the users to go to the card library and select a card and send it across. By this, no attachment would go, but only the link. After this they were able to avoid a considerable amount of traffic. And users were quite excited about having a card application. People started enjoying the use of IT applications. Subsequently, the company put up an intranet and workflow applications.

ERP IMPLEMENTATION
The next move was to implement ERP in order to integrate various functions and control its operations. The company went live with SAP R3 on February 1, 2001. It uses modules like production, materials, finance, marketing, assets, quality sales and distribution. Siemens Information Systems was the implementation partner for this rollout. The ERP implementation 9

presented a high level of data integration. ERP has helped the company immensely. Today nobody asks any other department for information. One can log in and see reports online, says Mukesh Malhotra, deputy general manager, Hero MotoCorp. They were able to implement better cost control measures. This had helped them in calculating the cost of consumables, tool inventory cost, power and fuel costs, and plant overheads. Because of this they also became ready for future SCM and CRM implementations.

SAPS ROLE
Hero MotoCorp evaluated BAaN and Oracle. The overwhelming presence of SAP in the automotive sector was one of the important reasons for selection. The customer references spoke strongly about SAPs ability to address the needs. The project took off with a great start. It imparted one-day awareness training sessions to around 135 managers and key users explaining the project and roles of core team members and users. There were hiccups in between because of staff turnover at the implementation partners end because of which the project had to be extended by a month. However, they kept various activities on schedule. They were one week behind at the last stage of Go-Live preparation but made that up in the last month. The Steering Committee played a useful role and wherever some policy issues could not be decided, the CEO intervened to resolve. End users were involved at various stages and hence they adapted to the new systems well. The first few days saw several problems but the help desk (available 24 hrs) attended to them promptly. Every day thereafter saw lesser problems and the operations got streamlined in 15 days. The yearly closing ended on the 31st March 2001, (2 months from Go Live) and was completed in 24 days. Year closing for the following year was achieved in 11 days and Hero MotoCorp was the second company in India to declare results. This indicated the stability of systems and the efficiencies achieved.

IMPLEMENTATION PARTNERS

Siemens Information Systems Ltd (SISL) was the implementation partners. They imparted initial training to the users and core team members. They also helped in redefining various processes based on their experience. They gave valuable suggestions for improvement at various

10

stages. In the Steering Committee meetings they clarified various issues and helped in convincing the management to make various changes.

RECORD-BREAKING IMPLEMENTATION TIME

Hero MotoCorp also profited from services delivered remotely by SAP consultants in Singapore and software developers in Walldorf, Germany. This international approach ensured that any issues were dealt with rapidly and effectively. The speed with which technical issues were resolved was impressing. In some cases, SAPs German developers found answers overnight. Thanks to close collaboration between SAP and Hero MotoCorp, the project was completed in a record three months. Implementing the latest mySAP SRM and mySAP CRM capabilities in such a tight time frame was an ambitious goal.

11

SUPPLIER & CUSTOMER RELATIONSHIP MANAGEMENT Automotive Motorcycles Processing Orders Manually
They have a large supply chain and they needed accuracy and speed in the deliveries of raw material and components. Their suppliers were given a plan for the month but changes are often necessitated by market conditions like changes in the mix of models and colors. And there could also be increase or decrease in demand. They wanted the ability to respond to these changes by aligning the production plan, supply schedule of components, and other resources to handle this efficiently. Hero MotoCorp had already been using the mySAP ERP solution for its core applications but until January of 2004, the company continued to enter its customer orders manually using a portal to communicate with suppliers. They used to receive orders from dealers in the form of spreadsheets, e-mail, and phone calls. It took a few days to bring in the customer orders and consolidate them. Then they would get our material requirements plan from the ERP [enterprise resource planning] system and post the information on their portal. This was done through periodic updates twice a day and hence did not consistently give the latest information to their partners. They had no visibility of materials in transit and a lot of time was wasted on follow-ups. They also had to deal with incorrect deliveries from vendors when they sent either less or more than the scheduled quantity. For example, they might have ordered 100 units but the supplier delivered 110. This kind of error would slow down the receiving station while their people would seek approval for receiving the extra quantity. Also, mismatches like this meant that either they carried more inventory than needed or caused production holdups if the quantity supplied was less than ordered.

Automating Supplier Transactions

In February 2004, Hero MotoCorp began a pilot test, bringing in mySAP Supplier Relationship Management (mySAP SRM) as well as mySAP Customer Relationship Management (mySAP CRM), both solutions in the mySAP Business Suite family of business solutions. For the rollout of its supplier portal, Hero MotoCorp chose its top 125 suppliers together, they account for 95% of the companys supplies. Most of these suppliers now perform their transactions with Hero MotoCorp through the Web-based self-service portal, in real time. Suppliers can now see the status of their orders, shipments, and invoices, and they can see new delivery schedules as 12

soon as theyre processed by the Hero MotoCorp production plan. They can also use the portal to make confirmations along the way for example, to confirm that they can handle a certain variation and to confirm that theyll meet the delivery schedule.

SAP Consulting
It took three months to complete the rollout. Helping Hero MotoCorp speed up the process and helping implement some of the newest features in mySAP SRM was SAP Consulting. mySAP SRM experts, from both the Asia-Pacific region and SAP headquarters in Walldorf, Germany, worked on the project and helped Hero MotoCorp develop some of its most complicated direct materials processes. They assisted them during the entire implementation process and transferred knowledge to them. Also, they unlocked some software features that were not known even to be existing by people at Hero MotoCorp. For instance, they helped them implement instant messaging, which was helpful in contacting the suppliers quickly in the event of a production scheduling change say, one that might occur because of an upcoming holiday. SAP Consulting and the Asia-Pacific solutions team also helped Hero MotoCorp integrate a bar code reading function into the system, according to Balasubramanian. The bar code feature is used by those local suppliers who make just-in-time deliveries several times each day. For them, its faster and easier to process their deliveries via a bar code reader on the delivery dock than it is to make constant updates to the self-service portal.

End-to-End Process Integration

Hero MotoCorp also implemented a customer portal, as a feature of mySAP CRM. With the two portals now in place, the company benefits from end-to-end process integration. Our dealers place their orders once a month, he says. Typically, a dealer might order several hundred motorcycles, as well as spare parts. So every Friday we get our orders in, we consolidate them on Saturday, and on Monday morning our suppliers are all receiving our delivery schedules, directly from our production planning system.

Because the ordering process is now fully automated, Hero MotoCorp saves approximately three days over the time it used to take to complete this process. That translates into an inventory savings of about 10%, which in turn translates into a substantial cost savings. The automation 13

also increases Hero MotoCorps own ability to be responsive to its dealers. Even though dealers normally place their orders on a monthly basis, there are many times when they want to revise an

order thats already in process. They might do this to account for a sudden change in customer demand for instance, their customers might start asking for a new color or a different model. For these revisions, we can get the change in on Friday and be pretty sure that the entire shipment will go out, as scheduled, the following week, says Balasubramanian. The customers appreciate this kind of responsiveness and its just what they, and they, need in order to continue to take advantage of this fast growing market. The systems end-to-end integration pays dividends in maximizing order accuracy, as well. Theyve greatly reduced the chances of mismatched orders too. For one thing, its easier for suppliers to check their orders on the portal and they know that the portals information is both accurate and up to the minute. Since the advance shipping notification created by the supplier is derived from the purchase order, the chance of a delivery mismatch with the order is almost zero.

14

eHR IMPLEMENTATION
With technology touching all aspects of todays business, there is increasing usage of IT and Internet technologies in a companys HR department. Suddenly HR managers are finding themselves in a whirlwind of technological changes, with adoption of IT (both as process and tool) becoming a necessity for them. The past one year has seen IT playing a key role in the Personnel/ People Development/ HR departments of companies, which are trying to make the best use of their systems for storing, organizing or disseminating information to their employees. All this has resulted in HR professionals doing away with costly, time-consuming and redundant processes and opting for IT-enabled HR systems, which according to industry experts, marks the beginning of a new era in the functioning of HR professionals Hero MotoCorp has opted for a SAP HR module. S K Balasubramaniam, vice presidentinformation systems, Hero MotoCorp, informs that the company is in the process of starting an ESS system which will enable employees to assess all information about their salary, tax, leave loan, etc. For its knowledge management requirements, the company is planning to set up a portal where employees can access information, exchange ideas freely and read articles compiled by the HR department and all employees. Later, they also plan to use the intranet for external and internal recruitment, assessment and appraisal purposes

15

TRANSACTION PROCESSING SYSTEMS (TPS)

Basic business systems that serve the operational level. A computerized system that performs and records the daily routine transactions necessary to the conduct of the business. Includes set of procedures for handling transaction activities calculation, classification, sorting, storage, summarization. High volume but similar with few exceptions.

MANAGEMENT INFORMATION SYSTEMS (MIS)

Management level Inputs: High volume transaction level data Processing: Simple models Outputs: Summary reports (Types)

Users: Middle managers for Structured & Semi-structured Decisions

16

INTERRELATIONSHIPS AMONG SYSTEMS

17

DECISION SUPPORT SYSTEM

Management level Inputs: Transaction level data & MIS Reports Processing: Interactive Outputs: Decision analysis Users: Middle & Top-Level Managers

Typical information that a decision support application might gather and present are:

inventories of information assets (including legacy and relational data sources, cubes, data warehouses, and data marts),

comparative sales figures between one period and the next, Projected revenue figures based on product sales assumptions.

18

EXECUTIVE SUPPORT SYSTEM

Supply the necessary tools to senior management. The decisions at this level of the company are usually never structured and could be described as "educated guesses. Executives rely as much, if not more so, on external data than they do on data internal to their organization. Decisions must be made in the context of the world outside the organization. The problems and situations senior executives face are very fluid, always changing, so the system must be flexible and easy to manipulate. Executives often face information overload and must be able to separate the chaff from the wheat in order to make the right decision. On the other hand, if the information they have, is not detailed enough they may not be able to make the best decision. An ESS can supply the summarized information; executives need and yet provide the opportunity to drill down to more detail if necessary.

19

DATA FLOW DIAGRAM

The below diagram shows the zero level data flow diagram of a sales department. It is made for the material procurement procedure. It also mentions all the other different entities like stores department, finance department etc. that are involved when a user placed a material purchase request.

20

SYSTEMS ANALYSIS AND DESIGN

Hero MotoCorp being a two wheeler giant follows the prototyping model for analyzing and designing the system. Considering a process of launching a new bike in the market, after identifying the target consumer section, company makes a prototype or test bike and studies its performance. The consumers give their insights and the process of design and prototyping is repeated again till the company is satisfied that it should go for mass production.

21

VIRTUAL PRIVATE NETWORK

A Virtual Private Network (VPN) uses the infrastructure of the public Internet to provide secure access to applications and corporate network resources for remote employees, trading partners, suppliers, and customers. A network that, as much as possible, acts like an extension of the private corporate network on a service provider's shared network infrastructure

The head office of Hero MotoCorp has the main server located there for VPN. This VPN is connected with the 7507 routers and two L4 switches which are protected trough firewall. Through this network they can interact with their sales and branch office through ISEC3000 devices. Through this network the company can easily come into contact with remote worker through internet.

22

INFORMATION AND IT SECURITY MANAGEMENT

Enterprise security may not be as critical in a manufacturing organization as in the banking, financial services and insurance (BFSI) sector. Nonetheless, it is important, especially when it comes to a manufacturing company like Hero MotoCorp, which is extremely dependent on its computer systems and networks for its operations. A disruption in IT infrastructure could spell disruption in business operations. Taking all this into consideration, the company has been constantly evolving its information security set-up to keep pace with its expanding IT infrastructure. Today enterprise security at Hero MotoCorp has reached one of the most critical junctures as the bike major has recently created a comprehensive information security policy. Enterprise security at Hero MotoCorp goes beyond IT security to encompass complete information security. The company identified the need for complete information security with IT security as one of the aspects within this whole concept. IT security will take care of only some intrusions. But for any organization there is a need to have a clear identification of authorizations through information classification. The need was to find out what type of information was there, who should access it and who should not in order to ensure complete data integrity Along with business growth, Hero MotoCorp has also grown on all fronts. It has set up two manufacturing facilities at Dharuhera and Gurgaon in Haryana. These facilities now churn out over 3.5 million motorbikes per year. This growth is also applicable to the companys employees and their business needs. As is the case with any other large organization, Hero MotoCorp has nearly 1,600 desktop users. E-mail is a backbone of todays business and justifying that the company has created approximately 2,000 email ids for its users.

Security set-up so far

The year 1999 was the inflection point for the entire IT set-up at Hero MotoCorp, including information security. The company undertook a complete revamp of its IT infrastructure with a new architecture, expansion of its network, IT assets and applications. The security approach has been evolutionary, in line with these growing requirements. Connecting the entire organization during 1999, the company put its mailing system into place. This, however also led to the import of viruses into the system, thereby warranting the need for a complete anti-virus solution. Before 23

this, there was anti-virus software installed only on a few desktops. The company chose McAfee for its comprehensive features and good installed base. Hero MotoCorp has now implemented the complete suite, covering the desktop, servers and mail gateway. The company first deployed the Total Virus Defence (TVD) system, which was later upgraded to the Active Virus Defence (AVD) system around two years ago. Under AVD, Hero MotoCorp is using Group Shield for Lotus Notes mailing system, Netshield for NT and Window 2000 servers and Virus Scan for end-user desktops. The AVD works under the ePolicy Orchestrator agent, which is an agent installed on each and every desktop and delivers the means to control the antivirus applications. According to Balasubramanian, it gives the company power to enforce its anti-virus policy, to update the policy on end-user desktops and to monitor update progress through graphical reports. ePolicy has made it easier to enforce any anti-virus policy in the company in just two hours in all the offices. As part of the AVD architecture, Hero MotoCorp has three AVD servers at the head office in Delhi, and the Gurgaon and Dharuhera plant. The AVD server at Delhi takes care of all head office-based servers, desktops and all zonal and area office desktops. Likewise, with the Gurgaon and the Dharuhera AVD servers. All the three servers are connected to the McAfee Internet site through the Net. As a result, whenever McAfee releases any new anti-virus DAT files, all three AVD servers get synchronized with McAfee server and download the DAT file (incremented) immediately, which are then distributed to all the servers and desktops. In case of a virus attack on any of the servers and desktops, the ePolicy agent updates the AVD server about this new virus.

CORE CRISIS
Messaging systems form the frontline for any organization. The external mail server forwards corporate mail to the internal mail server that is deployed on our LAN over SMTP. The internal mail server is a central mail repository from where all the employees pop their individual mails. All the employees based in New Delhi, Dharuhera and Gurgaon plant, POP their mails from the local mail server. They have ISP level security which consists of a firewall, spam filter and antivirus. However, they soon realized that ISP level security was inadequate for the task at hand.

24

The company was facing difficulties vis--vis messaging and there were Internet access and security issues related to spam, online and spam-related malware attacks and choked bandwidth. Moreover, the company wanted to filter Web access. The company receives an average of 26,000 e-mail messages per day, which translates to almost 1 GB of storage space. Of these at least 70 percent were spam. That used to work out to around 18,500 pieces of spam per day. The ISP was able to filter out about 50 percent of this. Still, almost 9,000 messages hit our internal mail server every day. They tried out a few standalone, software-based spam filters with little success. Apart from a vast number of employees, Hero MotoCorp also has a vast chain of dealers and service stations spread across the country. So mails exchanged between these offices often got lost in the maze of spam and the business suffered. Often business correspondence was incorrectly classified as spam, a case of false positives, and deleted while spam continued to pour in. Mailboxes were clogged with spam. Having close to 9,000 spam messages hitting the local mail server on a daily basis was something that was not acceptable as, downloading legitimate mail along with the torrent of spam that dodged the ISPs filters from the external mail server to the local one was a painfully slow and, quite often, frustrating process. Emphasizing another side of this crisis, Bandwidth consumption did not just increase, it shot through the roof and to keep adding bandwidth was not a viable solution. Once the messages reached an individuals mailboxes, they had to be checked and deleted manually. Many a times the recipients were tempted to read the spam and the mail processing time kept increasing at the cost of productivity. Legitimate e-mail messages were often lost in the maze of spam. The management began questioning the IT department regarding the extent of spam, which was mostly unanswerable, despite the IT teams best efforts. Employees stationed at remote locations such as Gurgaon and Dharuhera were worst hit. For them, the mail was first downloaded to the local mail server and then had to be POPped to their remote individual mail boxes. The download time of an individual message was very high and this was particularly frustrating since at least 50 percent of the mail was spam.

25

Need for firewall

The need for further beefing up the security set-up beyond an anti-virus solution was felt as the company further opened up its systems to external access. Around a year-and-a-half ago, apart from providing Internet access through the proxy server, the company also decided to provide connectivity with dealers and vendors for information sharing, i.e. they could directly log in to the Web server. This required the deployment of a firewall to guard the systems from possible hackers and virus attacks. This was the first time that they were really connected to their partners. Earlier they only had a mail gateway through which they exchanged mail. So, there really wasnt a need for a firewall at that time. But now, since they are allowing people to log in and with people accessing the Internet there is the need for a firewall. Firewalls deployed at Comsat Max: Hero MotoCorp has a perimeter firewall that serves as the Internet gateway for both the plants and head office. It has chosen Checkpoint as its firewall, which runs on a Nokia box and is managed and monitored by the service provider, Comsat Max. The companys IT security architecture divides the network into zones, based on the function of the infrastructure contained therein. The zones created are:

DMZ zone Third-party zone Application servers zone Critical servers zone Security management zone Network and system management zone LAN & WAN zone

Unauthorized Internet access

Restriction of access to unauthorized sites is taken care through the proxy server, which was deployed around two years ago for Internet access to internal users. The rules for access control have been defined in the server itself. It defines factors like which PCs have access to the

26

Internet, the sites that can be accessed, time period during which only certain users can access the Internet, etc. The company has taken various measures to ensure data integrity during internal access as well. It has deployed PGP software on the critical desktops and notebooks within the organization for encrypting data. While the software was deployed around two-and-a-half years ago, it keeps on identifying and adding critical notebooks and desktops. The information on the desktops and notebooks is kept in a folder and is encrypted, which requires a user name and password to access it. Furthermore, Hero MotoCorp has built in integrity in the application itself, which is well documented with profiles for each user. Depending on his/her profile, the user gets the rights for accessing the data. The authentication is done through passwords.

And the answer was

The spam included a good smidgen of Phishing which slipped through the primary security layer at the ISPs end. Malware entering through the messages and Internet browsing was also a major source of concern. Several messages contained a malicious payload of viruses, spyware and Trojans. Once these entered the network, they promptly began consuming bandwidth and causing system crashes. Unprotected and unrestricted Internet browsing also left gaping security holes. The lack of filters on browsing left the organization wide open to attack from malware, tracking cookies, spyware and key loggers. Digvijaysinh Chudasama, Vice President, Sales, Cyberoam said that Enterprises are replacing best-of-breed security solutions in their networks with Unified Threat Management solutions. Cyberoams all-in-one security platform aids the transition without compromising the feature granularity of standalone solutions. Cyberoams identity-based security empowers administrators to proactively defend the enterprise network against both internal and external threats. While considering the core problem and sensitivity of the issue for Hero MotoCorp, Tarak Technologies, business partner of Cyberoam, suggested a plan to secure the companys e-mail. Jose Kurian, COO of Tarak Technologies said after examining the problem they understood that 27

response time was crucial. The messaging application cannot go down for a long period of time at a company such as Hero MotoCorp. They offered them Cyberoams anti-spam software.

Rather than going out for point-to-point solutions we suggested that the company go in for Unified Threat Management (UTM). Kurian added that the Cyberoam UTM solution sits at the gateway level. It is an appliance through which mail gets routed, filtered and forwarded to the local mail server. In the absence of Web filtering and access accountability, the little bandwidth that was left was consumed through unrestricted surfing. This proved detrimental to organizational productivity. Lack of Internet usage accountability led to malicious sites being surfed, which in turn infected the network with a host of spyware. As a remedy to slow browsing and other bandwidth problems, the company was forced to upgrade its initial 64 Kbps Internet connection to a 4 Mbps pipe. Yet, the complaints persisted even after this quantum leap in bandwidth availability. They purchased four Cyberoam appliances, three 250is and one 100i. One 250i appliance is deployed at our corporate office in New Delhi, and one each at production plants in Dharuhera and Gurgaon. A 100i appliance is deployed at their upcoming facility at Haridwar. All Cyberoam appliances have been deployed in bridge mode. The entire mail and Web traffic passes through Cyberoam.

The changed scenario

Post-implementation, Internet access is productively focused. This is amply reflected in the bandwidth usage. Once insufficient, bandwidth availability is now quite satisfactory. Total bandwidth consumption fell sharply and the ISP bills also took a nose dive. A clean network, safe and responsible surfing and spam free mail boxes have all culminated in a drastic reduction in calls to the IT helpdesk.

28

Information security policy

While the company had some documented policies relating to various aspects, including IT security post-1999, they were not comprehensive enough to cover all areas. Increasingly expanding connectivity warranted the need for a complete policy, defining the security issues both from within and outside the organization. The companys plans for connectivity with business partners included rolling out the second phase of its supply chain solution, allowing dealers and vendors to interactively do transactions with the company on the Net. (It already provides dealers and vendors one-way access to the Web server). Furthermore, it is also trying to allow employees access to applications like instant messaging and SAP, especially for field staff and mobile workers. In such a scenario, which required opening up its systems to partners, the need for a robust policy was imminent. A few months ago, Hero MotoCorp started working on its new information security policy with HCL Comnet as the consultant. The policy broadly covers around 17 domains. These domains include networking and telecommunication, back-up, software purchase, use and maintenance, incident management, e-mail, Internet, access control, password control, anti-virus, notebooks, information disposal, acceptable use, system development, desktop, information classification, training and physical security. HCL Comnet carried out the vulnerability assessments and outlined the areas requiring improvement. These included recommendations for patch upgradation on various operating systems and for networking devices as well as physical securityspecifically for the server room. The consultant also recommended the removal of modems provided to users for directly accessing the Net from their PCs. Though the connections had been removed, the modems were left behind, which, the consultants pointed out, created vulnerability as the users could plug them in and start using them. According to Balasubramanian, based on the recommendations of the consultants, the company fixed up the loopholes in its security set-up, including some recommendations regarding the firewalls and the protection of servers. The company has already carried out pre-vulnerability assessments, fixed the vulnerabilities and then conducted post-vulnerability assessments. On the other side, Hero MotoCorp also worked on the information classification part of its information security policy, which didnt exist earlier. This involves participation from the top 29

management with user representation from all the functional areas. The present exercise of classification of information is being done depending on confidentiality, criticality and availability. Apart from information classification, the access rights to various classes of people are also being defined in the policy. The functional heads are made responsible for their departments and endorse the classification of information being done.

30

BIBLIOGRAPHY
www.wikipedia.org www.herohonda.com www.images.google.com

31