GDPR-Compliant Storage with AES 256-bit Encryption
Keihin Seiki Manufacturing, the predecessor to today’s Keihin Corporation, was founded in 1956 in Kawasaki, Japan. With more than 22,000 employees worldwide, the company aimed to develop more efficient components, primarily for automobiles and motorbikes, by investing in new technologies and research.
The subsidiary in Germany was founded in 2007 as Keihin Sales and Development Europe GmbH, hereinafter referred to as “KSE,” and now has three offices, two of which are in Ismaning and one in Wolfsburg. Customers include renowned Japanese manufacturers, such as Honda, Mazda, Mitsubishi, Subaru, Suzuki, and Yamaha, as well as many international heavyweights, among them Daimler, Ford, Volkswagen Group, KTM AG, Piaggio, and Triumph.
KSE processes data in three locations with an additional Windows File Server acting as a domain controller, and a Cloud service with Active Directory. The company data is stored locally on a Windows File Server and also on a separate Cloud service. Sensitive data is given additional protection using encryption software – not least to ensure that employee data is stored securely and in accordance with the GDPR. Although it is possible to store data in the Cloud, many employees still prefer to work with the local server, as it is often quicker and easier to use. The company had settled into this setup until one of the servers with the domain controller broke down, providing an incentive for implementing a new and better solution.
In each of the three offices in Germany, KSE has a Buffalo TeraStation 5410DN with 8 terabytes of hard-drive storage space for local data storage. These are all connected via a virtual private network (VPN). The hard drive arrays are arranged in the RAID 5 array, which ensures a good compromise with regard to redundancy, transfer rate, and memory. As an additional failover solution, every night an incremental backup of the two other network memories is saved on each of the three NAS in the VPN. The equipment is kept in a locked room in order to secure the data against theft and to comply with the General Data Protection Regulation (GDPR). The Buffalo TeraStation 5410 also supports encryption in line with the AES standard with key lengths up to 256 bits, which makes thirdparty software for the encryption of sensitive data redundant and which played an important role in helping KSE decide which solution to choose. Even if unauthorized users gain physical access to the hard drives, the data saved there cannot be read by other devices.
Buffalo offers an intuitive admin interface for assigning user access rights, ensuring that employees are granted access to the data they need. Instead of the Cloud solution, KSE is currently using a local storage solution that ensures the company has full control over its own data. However, if they should ever return to using a Cloud service, the TeraStation 5410DN has the option of introducing a Hybrid Cloud. In this case, all or selected data can be automatically synchronized with user accounts in Microsoft Azure, Microsoft OneDrive, Dropbox, or Amazon S3. Furthermore, the NAS currently run in a 1 GbE network environment. The devices offer the option of integration into 10 GbE networks and also for bundling two 1 GbE strands. KSE is not currently planning to use this option, as most employees are connected via WLAN and would not benefit from higher data rates, but it means the network structure is fit for the future.
"Buffalo customer service representatives are always friendly, fast, and competent whenever we have a question. Being in direct contact allowed us to set up the NAS system ourselves without hiring any IT service providers to do it for us.”
The TeraStation 5410DN supports automatic data encryption with AES 256 bits. In case of theft, the hard drives cannot be read – not even on other TeraStations. Data transfer via HTTPS is also encrypted. SFTP (SSH File Transfer Protocol) is also supported, which enables the secure exchange of data between host computers. This ensures high security standards that not only protect the company from cyber attacks and industrial espionage, but also allow sensitive, personal data to be stored in accordance with the GDPR, which came into effect in 2018. Third-party encryption software is not necessary, which saves money and simplifies the work carried out by IT administrators.
If security measures are inadequate, a virus can easily spread to other devices in the same network and can have devastating consequences. To prevent this from happening, Buffalo works together with Trend Micro, which provides anti-virus software for NAS systems as an expansion package for the TeraStation 5410DN – something that KSE is using too. If infected files are transferred to the NAS, the software detects them and either removes or quarantines the affected files, depending on the settings, to protect other systems in the network and prevent a system-wide infection.
Cloud services usually incur license and subscription fees, depending on the period of use and data volumes. The cost calculations carried out by KSE showed that, as well as having other advantages, a NAS results in lower costs for storage solutions in the long term.
"We are particularly pleased not to have to set aside any additional energy or budget for encrypting our data. This is now carried out automatically by NAS without the need for third-party software.”