Daimler-Chrysler IT Infrastructure Strategy
Daimler-Chrysler IT Infrastructure Strategy
The Chrysler Corporation has continuously recorded growth, expansion and profits for over a century. Operating mainly in the American setting, Chrysler rose from a company that produced vans, light trucks and sedans to a conglomerate that ventured into affordable, fuel-saving and safe vehicles globally. However, compared to other vehicle manufacturing companies, Chrysler was still operating below its standards and required intervention. Consequently, Daimler-Benz was a German company that was undergoing problems with the production and sale of automobiles. Therefore, the possibility of a merger between two of the top vehicle manufacturers was seen as an opportunity to speed up the growth and increase the profit margin. However, the $38 billion transaction that brought together the two dynamic car companies resulted in several financial and structural failures that resulted in the collapse of the company (Dhillon, 2007).
Summary of Technological and Security Issues
One of the key factors that presented a technological concern in the merger was the cultural differences that existed between the two companies. The cultural gap between the American and German ways of conducting business, making transactions and setting and achieving targets exposed the merger to different security threats that eventually caught up with the coalition. While the Daimler side of the merger contributed German experiences and traditions, they were more efficient, conservative and preferred to operate in safe quarters. Conversely, the Chrysler side of the merger reflected a more aggressive, innovative and diverse approach towards producing and marketing automobiles. These differences were maximized in their daily operations.
Despite efforts by the joint human resource teams to come up with integration programs, the deep-seated differences in management approach and business practices remained unsolved. From the in-house fighting among top executives on the quality, affordability and consumer preference for their initial brands, it was evident that the merger had failed to fuse the two dominant cultures. American side Chrysler focused on promoting catchy vehicles with excessive innovations such as high power and fuel consumption, while the Daimler team preferred safe and fuel-efficient vehicles. Initially, the proposal intended for Chrysler to build vehicles using German parts, vehicle design, engineers and achieve reduced production costs. This proposal was not implemented fully when the Daimler side refused to offer their full assistance and technology leading to the production of faulty and inefficient vehicles. Therefore, there were serious technological issues within the company that were responsible for the failure of the merger.
The security threats in Daimler Chrysler were numerous and highly risky putting in mind that the merger resulted in the fusion of two foreign IT systems. A clear illustration of the extent of this threat is the 2005 incident where a security intrusion caused massive damage and losses. The invasion of the Zotob worm into the IT system of Daimler Chrysler’s 13 automobile plants caused a widespread shutdown that wasted precious working hours (Trc?ek, 2003). The initial invasion happened in the control system, in one plant and rapidly spread to the other plants. The exact estimate of the losses amounted to $14 million. This was a perfect example of the vulnerabilities, and it paved the way for an infallible strategy to counter such problems.
Technological and Security Strategy Plan
The purpose of the security plan is to develop recommendations for solving the security issues that plague Daimler Chrysler. The following security and technology strategy document is aimed at providing recommendations that will guide the implementation of security measures within Daimler Chrysler. The manner in which these proposals will be applied will determine how effective they are in ensuring that the company is safe from hackers and their intrusive malware, as well as solving its integrity issues. Virtualization of security offers a workable and cheap solution towards consolidation of several network hardware boxes (Spagnoletti, Paolo & Resca, 2008). These hardware boxes control are responsible for controlling the internet traffic within Daimler Chrysler and account for about 70% of the total security threats. The advantage with virtual security devices is that they are fashioned to protect virtual components. Conventional security is based on physical devices that are established on the periphery of the data center. Traditional physical devices work by inspecting the network, and they, therefore, fail to recognize considerable security-related lapses within virtual infrastructure. The concept behind virtual storage is that the software converts multiple hard drives into one massive virtual drive. Virtual networking works in the same way. Using the assistance of virtual local area networks, Daimler Chrysler can stop remote users from accessing sensitive data without the necessary security protocols.
Other security risks are caused by the employees and their policies. Training the employees to adopt safety promotion behaviors and formulating regulations for maintaining a secure setting will be extremely essential in improving Daimler Chrysler’s overall security position. The formulation and execution of successful security policies, programs, and processes need the mutual efforts and contribution of actors in different departments in Daimler Chrysler. Appointing a senior director to manage and lead the efforts, with the power to make and implement directives at each level increases the probability of success. Employees in all levels within Daimler Chrysler are awarded the duty of contributing towards developing or implementing security procedures and policies. Distinct duties and tasks will simplify the decision-making ability and liability at each stage, together with anticipated behavior in policy execution. Establishing a multidisciplinary supervisory commission makes certain that all players are represented.
Process gaps exposes the company’s IT infrastructure to threats from hackers and malware. For example, failure to carry out a vulnerability evaluation of Daimler Chrysler’s IT infrastructure when establishing new functionality may create security weaknesses that may go unnoticed. By performing a regular assessment on the risks and mitigation processes that may include threat analysis, Daimler Chrysler can effectively maintain a current report on the efficacy of the company’s security controls. Daimler Chrysler can monitor, coordinate and make reports of all the sensitive assets. The organization can also ensure that, in the process of disposing any sensitive cyber assets, care must be taken to ensure that the activity does not unconsciously expose private data to unauthorized parties. Apart from solving cyber issues, Daimler Chrysler can also ensure that their IT infrastructure is prepared to react quickly and solve any incidents or threats that affect the organization.
All major companies need to possess secure software, and this is only possible when the development process is done securely. If Daimler Chrysler develops software using internal resources, there is a high probability that the company employees will have access to the equipment, resources and controls making them a high security risk to the company. The company will need to make accurate records of any misuse of the company’s IT infrastructure and come up with methods of developing protection. Developing a threat model is an excellent way to enumerate the different methods that hackers and intruders can invade the Daimler Chrysler IT system. In this way, the organization can pinpoint the weaknesses and come up with workable solutions before the actual attacks occur (Layton, 2007). The next section provides the timeline for the implementation of the security plan.
IT infrastructure employees and their policies
The role played by employees is very significant making the recommendation an important element in the security plan. This evaluation of the employees needs to take place on a monthly basis and complimented with an annual appraisal of all employees. This aspect of the IT system is perhaps the most crucial as it exposes the whole organization to threats and intrusion from outside parties. Human employees are prone to make technical errors due to oversights, fatigue or carelessness. Therefore, human flaws are the most prominent problems in the IT system making it necessary for employees to be evaluated continuously.
The inspection and upgrading of the system software should be done on a weekly basis. In the upgrade, the security measures will be revised to ensure that they remain secure. The software is also constantly used by the IT staff and this makes it similarly vital to Daimler Chrysler. Software development is categorized as a long-term project for Daimler Chrysler, and this means that it will be carried out throughout the year. The organization will also require the services of third-party developers to provide external expertise and advice.
Process inspection and review are carried out after every three months. Daimler Chrysler has several processes that run the organization. Some of these processes occur daily while others take place intermittently. However, it is evident that these processes are fundamental, and their inspection and review need to be carried out.
Virtualization of security
Virtualization is a long-term process and takes about three years to be completed. During these three years, the infrastructure and equipment necessary for the virtualization process will be acquired and installed.
Dhillon, G. (2007). Principles of information systems security: Text and cases. Hoboken, NJ: John Wiley & Sons.
Layton, T. P. (2007). Information security: Design, implementation, measurement, and compliance. Boca Raton: Auerbach Publications.
Spagnoletti, Paolo and Resca, A. (2008). The duality of Information Security Management: fighting against predictable and unpredictable threats. Journal of Information System Security, 4 (3). p. 46-62.
Trc?ek, D. (2003). An integral framework for information systems security management. Computers & Security, 22, 337-359.