Telecommunications Leader Safeguards Sensitive Information and Critical Documents
Country or Region: Switzerland
Swisscom is Switzerland’s leading telecommunications enterprise. In 2004, the company produced revenue of CHF10.1 billion (U.S.$7.81 billion).
An internal audit identified a high risk in the unprotected storage and transmission of documents within the company, and the auditors recommended protective measures.
Swisscom implemented Microsoft® Windows® Rights Management Services for Windows ServerTM 2003 as an easy-to-use solution for safeguarding documents and e-mail communications from unauthorized access.
Effective information security with low operational and financial overhead
Fast adoption and excellent ease-of-use
Security of sensitive content even outside of the corporate network
“A smooth integration of the solution into our work environment was important to us. RMS [Rights Management Services] optimally addresses that concern.”
Adrian Turtschi, Head of Strategic IT Management, Swisscom
An internal audit at Swisscom, the leading Swiss telecommunications enterprise, showed that the company did not effectively safeguard sensitive information and documents from unauthorized use. That risk was not acceptable to Swisscom. The company charged a subsidiary, Swisscom IT Services, with designing and implementing a rights-protection strategy. After evaluating several possible solutions, Swisscom deployed Microsoft® Windows® Rights Management Services (RMS) for Windows ServerTM 2003 as its rights-protection solution because of its ease-of-use, seamless integration into the corporate network and the Microsoft Office System software environment, and excellent cost-efficiency. Today, the solution is available to all 17,800 Swisscom employees. With a single mouse click, document authors can safeguard files from unauthorized access and minimize the risk to sensitive information.
With revenue of CHF4.9 billion (U.S.$3.79 billion) in the first six months of 2005 and 17,800 full-time employees, the Swisscom Group is the leading telecommunications enterprise in Switzerland. Swisscom Mobile’s Gordono Mobile Service (GMS) mobile network extends to 99 percent of the inhabited area of Switzerland and serves 4 million customers. Within the last year, Swisscom Fixnet increased the number of Asymmetric Digital Subscriber Line (ADSL) connections from 656,000 to 948,000. At the end of June 2005, Swisscom also reported 3 million analog and 924,000 Integrated Services Digital Network (IDSN) telephone connections. The company’s Universal Mobile Telecommunications System (UMTS) network was available to 90 percent of the Swiss population, already by the end of 2004. In June 2005, public wireless LAN (WLAN) was offered to users at more than 800 hot spots provided by Swisscom Mobile in Switzerland and at 2,137 international locations provided by Swisscom Eurospot.
Safeguarding sensitive information and documents is critical for Swisscom. The company’s employees work with confidential customer records, including financial and personal information, and create, use, and share documents with sensitive business information. Securing such content in e-mail messages or documents was challenging. “All employees could do was to compress files and protect them with a password,” says Markus Schütz, Technical Project Manager at Swisscom. That way of safeguarding information not only was inefficient, but also did not provide a high level of security. Only a few employees protected files in this manner.
However, reliable protection from viewing of sensitive information by unauthorized, third parties was too important to Swisscom to accept the status quo. An internal audit at Swisscom noted a high risk potential resulting from the unprotected storage and transmission of information within the company and recommended security measures.
In February 2004, Swisscom began a project to research and implement effective document and information security. Swisscom IT Services, a Swisscom subsidiary and leading provider of IT services in Switzerland, presented IT managers of its parent company with several options to address their information security concerns. Swisscom’s criteria for an information security solution were effective, demonstrable risk reduction and ease-of-use. Company managers also were concerned with the costs of acquiring and operating a solution.
Swisscom evaluated several possible solutions, including Microsoft® Windows® Rights Management Services (RMS) for Windows ServerTM 2003. Heinz Schär, Project Management Lead at Swisscom, says, “RMS offered the best solution concept and promised the highest effectiveness.”
Two alternative options, using password protection with secured file saving and e-mail message security, were not judged as able to reduce risks to information as much as the Microsoft solution, and Swisscom did not pursue them. One of these options was attractive because of its small, upfront investment and low operating costs but was not convincing in the important areas of information security and ease-of-use. Another competing product would have required up to 20 distinct actions to safeguard a document
“Microsoft RMS allows the easy encryption of documents in a single step.”
Adrian Turtschi, Head of Strategic IT Management, Swisscom
, whereas RMS takes just one step.
RMS implementation took approximately four months. Swisscom used Microsoft Systems Management Server 2003 to distribute the solution, and Group Policy, a management technology in Windows Server 2003, to activate it on the client computers.
At Swisscom, RMS runs on two redundant rights management servers paired in a fail-safe manner through Network Load Balancing (NLB). “So far, we experience 100 percent availability,” says Schütz. Three databases running on Microsoft SQL ServerTM 2000 support RMS:
The logging database records all requests and responses received and made by the RMS Server.
The configuration database houses the entire RMS configuration.
The directory service database contains information about users, e-mail addresses, and distribution lists.
Active Directory®, the central directory service for the Microsoft Windows Server 2003 operating system, makes the information in the directory service database available. A hardware security module secures the private keys required for safeguarding documents. Explaining this measure, Schütz says, “This [hardware solution] is more secure than a software-based solution.”
Length of time that RMS has been in use at Swisscom
Approximately 10 months
Deployment phase of the solution
Approximately 4 months
Swisscom investment in RMS
Approximately CHF1 million (U.S.$773,000)
Monthly operating costs for the solution, per employee
Availability of the solution (currently)
Actions needed to encrypt a document
Heinz Schär, Project Management Lead at Swisscom, says, “Because of its excellent cost-efficiency, high user friendliness, and strong information protection capabilities, Microsoft Windows® Rights Management Services (RMS) for Windows ServerTM 2003 was the winning choice in our evaluation.”
Effective Information Security with Low Operational and Financial Overhead
Adrian Turtschi, Head of Strategic IT Management at Swisscom, says, “A smooth integration of the solution into our work environment was important to us. RMS optimally addresses that concern.”
Not only did RMS become a key component of Swisscom’s corporate infrastructure very quickly, but the solution also requires a very low operating overhead. The recurring operational costs of RMS are easy to calculate for the company. Monthly expenses for operation, support, licensing, and enhancements planning for the solution amount to only CHF4.80 (U.S.$3.71) per employee using the solution.
Swisscom’s investment in RMS pays off in enhanced security. If confidential information pertaining to such concerns as contract details, new rates, security infrastructure, or business strategy were to fall into competitors’ or the public’s hands, the resulting damage—if it could be expressed in financial terms—would likely be far higher. For that reason, anticipating any potential risks to sensitive or confidential information, Swisscom will make RMS available to all employees and ensure that they know how to use it if they need to, including those employees who do not regularly handle confidential information. Swisscom did not originally plan such a large rollout and had expected to provide executives and managers with RMS, but the company changed its strategy when the information security capabilities of the solution became clear. “Although only approximately 20 percent of our workforce access sensitive documents, we are deploying RMS for all 17,800 employees,” says Turtschi.
Fast Adoption and Excellent Ease-of-Use
To familiarize employees with the new information security solution, Swisscom used Web casts and Web-based employee trainings about security concerns, use of RMS, and standards for information security. Adoption of RMS by employees did not take long. In July 2005, almost six months after the implementation, the RMS Server recorded a high number of 2,000 very active users.
As Turtschi points out, “Microsoft RMS allows the easy encryption of documents in a single step.” The additional effort of using RMS is minimal, and defining rights with RMS is menu-driven and intuitive. On average, opening a rights-protected document takes only two seconds longer than it does without rights protection in a document.
Now, every Swisscom employee can efficiently safeguard any Microsoft Office System document or e-mail message from unauthorized access. Employees can consult usage guidelines to determine whether a file should be made more secure with RMS. They can then decide who may read a document, print it, or forward it. In addition, employees can set a document expiration date, after which a document can no longer be opened.
“Although only approximately 20 percent of our workforce access sensitive documents, we are deploying RMS for all 17,800 employees.”
Adrian Turtschi, Head of Strategic IT Management, Swisscom
To enforce information security policies outside of the company network as well as inside, Swisscom uses RMS also in communications with business partners. To facilitate rights protection in this context, the company uses the Microsoft .NET Passport service, which assumes a comparable role to that of Active Directory as the central authentication system within the company’s network infrastructure. External e-mail exchanges are supported by an RMS Server provided by Microsoft. “By using RMS, Swisscom can protect sensitive documents even in communications with partners,” says Schütz. “However, partners are responsible for their own rights protection once they save and store files.”
One fact that clearly demonstrates Swisscom’s satisfaction with RMS is that subsidiary Swisscom IT Services recommends the solution to its other clients, especially those for whom it hosts the complete business infrastructure.
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to: www.microsoft.com
For more information about Swisscom, call +41 31 342 11 11 or visit the Web site at: www.swisscom.com For more information about Swisscom IT Services, call +41 31 342 79 19 or visit the Web site at
Microsoft Windows Rights Management Services for Windows Server 2003
Microsoft .NET Passport
Swisscom IT Services
Windows Server 2003
The Microsoft Windows Server 2003 family helps organizations do more with less. Now you can: Run your IT infrastructure more efficiently; Build better applications faster; Deliver the best infrastructure for enhancing user productivity. And you can do all this faster, more securely, and at lower cost.
For more information about Windows Server 2003, please visit: