Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Information Security for Translation Services
1. 1
2015
RWS Group - www.rws-group.de
ETUG 2015 – Information Security for Translation Services
2. 2
2015
RWS Group - www.rws-group.de
ETUG 2015 – Information Security for Translation Services
3. 2015
RWS Group - www.rws-group.de 3
ETUG 2015 – Information Security for Translation Services
4. Companies are pitted against each other in international competition, and the pressure on the
competition is growing steadily.
Competitors are attempting to
• Bring similar products to the market at a lower price
• Bring newer products to the market quicker
• Produce products cheaper
• Outbid competitors in calls for tenders
To this end, information about the market and the competition is very helpful.
Not every company feels morally bound to legal practices when it comes to acquiring information.
Although it is difficult to provide precise figures, a current study (2014) sponsored by Corporate Trust
(www.corporate-trust.de) does provide some insight:
• In 2014, nearly 30 % of all companies in Germany and Austria reported a specific case of industrial
espionage.
• 27 % of the companies in Germany and 20 % in Austria
reported at least one suspected case.
• The financial damages caused by industrial espionage accounts for at least € 11.8 billion
One result of industrial espionage is for example illegal copies.
• According to the OECD, damages caused by illegal copies in 2008 came to $ 650 billion . In 2015,
this amount could grow to over $ 1.7 trillion.
Even though we currently read and hear about espionage carried out by and against state
organisations.
Industrial espionage is also a subject for companies that they cannot afford to ignore if they wish to
protect their competitiveness.
Medium-size businesses in particular have become an attractive target for industrial espionage.
2015
RWS Group - www.rws-group.de 4
ETUG 2015 – Information Security for Translation Services
5. Prime targets are anywhere where one expects to find valuable information or
where information appears easy to obtain.
Thus it comes as no surprise that the areas of research, development, and IT
administration are being targeted by attackers.
Nearly 20 % of the attacks are directed against sales activities; the area of mergers
and acquisitions is apparently also a worthwhile target for attackers.
2015
RWS Group - www.rws-group.de 5
ETUG 2015 – Information Security for Translation Services
6. The gamut of potentially interesting information is wide. Of course, this includes
anything that is new or particularly good.
However, quality issues at a company could be exploited by a competitor as a way to
start one's own sales activities.
Information obtained from current calls for tender or ongoing negotiations can help
to optimise one's own strategy versus the company that is calling for tenders.
Information about employees can help prepare a targeted solicitation or help find
employees whose solicitation would be particularly rewarding.
Analyses of purchase prices or process costs can help to identify one's own
deficiencies so that remedial action can be taken to become more competitive.
2015
RWS Group - www.rws-group.de 6
ETUG 2015 – Information Security for Translation Services
7. The majority of attacks are carried out by hackers. In Germany, this accounts for
more than 40 %, and in Austria it is still more than 30 %.
Whereas in Germany customers and suppliers make up the second largest group
with over 25%, 30% of the attacks in Austria are carried out by the companies' own
employees.
There are three main ways of obtaining information:
• Electronic attack of corporate IT systems.
• Monitoring and interception of electronic communication.
• Social engineering or the more or less intentional distribution of information
2015
RWS Group - www.rws-group.de 7
ETUG 2015 – Information Security for Translation Services
8. Although it no longer applies to the majority of attacks, there is still a viable market for
acquiring information.
Especially in eastern countries you can find numerous hackers or hacker groups that offers
their services to those willing to pay for them.
This could be specific information or simply login credentials to the desired systems.
Another option is to sound out persons who have the desired information. The many
options offered by social networks are helpful as are direct contacts at trade fairs and
conferences. Know-how can, of course, be also obtained by soliciting people in
the know.
This is done not only with the victim's employees but also with the customer's and
supplier's employees.
This is also conceivable the other way around. By infiltrating employees, you even have the
added advantage that the victim also pays the spy.
Depending on the type of information sought and the standards in place at the victim's site,
it may suffice to infiltrate interns.
Seen against this backdrop, the new German minimum wage law can be viewed as step to
improve information security.
In many companies it's very easy, however. One goes to the company, loiters in front of the
stairwell and converses with the smokers there and then enters the building with them. All
you have to do then is look for an empty office, connect your notebook to the company LAN
and quietly fill your hard drive.
2015
RWS Group - www.rws-group.de 8
ETUG 2015 – Information Security for Translation Services
9. Bearing that in mind, it comes as no surprise that legislation is currently under way
in Germany that would require companies to do more for their security.
Even though this would apply only to companies of special importance, for example
those involved in infrastructural industries critical for the economy, it appears that
such a law will have deeper economic repercussions.
2015
RWS Group - www.rws-group.de 9
ETUG 2015 – Information Security for Translation Services
10. Confidential information must be available at several locations otherwise it is of no
use to anyone.
In growing internationally networked processes, this means that such information
must also be translated.
At the same time, a large percentage of translations is no longer produced by
internal company departments.
Translation providers also frequently avail themselves of external freelance
translators.
Consequently, information is frequently transferred, stored at different locations and
passes through several hands.
The translators often live in the respective target countries. This is all the more true,
the lower the living expenses are there.
Translators have come to use the Internet as their primary reference source for
finding terminology and definitions.
The use of cloud-based technologies is gaining in popularity for translations work.
2015
RWS Group - www.rws-group.de 10
ETUG 2015 – Information Security for Translation Services
11. Companies and translation service providers often try to recruit freelance translators from
the many translation portals available. When a translator receives an enquiry, it often
already contains the documents to be translated.
If you play your cards right, you can even make both sides pay for your espionage.
Alternatively, I can try to contact the right translators and then attempt to the buy the
information I need from them.
An old press release from 2014 was recently re-published on Uepo. It reported on a female
translator who was caught trying to sell confidential design data for a submarine. The
background to the story was the she was not paid for her work by her contractor due to
quality issues, whether legitimate or used as a pretext. At the same time, she still had to pay
the translators she had subcontracted. Apparently, a not too uncommon practice among
freelance translators.
Many translation service providers do not have the resources to handle their IT tasks. This is
why they must turn to external consultants or service providers.
In an industry subject to high pricing pressure, I can easily imagine making a translation
office an incredibly low offer as a means of gaining access to its IT resources.
An Internet portal for translation services may be all one needs. All you have to do is analyse
the data sent there.
Searching waste paper can also be worthwhile endeavour. Wherever documents are
translated, large quantities of paper are printed.
2015
RWS Group - www.rws-group.de 11
ETUG 2015 – Information Security for Translation Services
12. Whenever someone ask questions about information security, it seems you always
hear the same answer:
We cover that by signing an NDA with our translators!
One should bear in mind, however, that NDAs are normally concluded with all
suppliers and that such provisions can usually be found in nearly all contracts. As far
as the relationship with customers go, NDAs are nothing out of the ordinary.
Despite all this, violations of the information security by employees, customers and
suppliers account for a considerable share of the real industrial espionage cases.
Apparently, NDAs are not very effective when it comes to protecting information.
2015
RWS Group - www.rws-group.de 12
ETUG 2015 – Information Security for Translation Services
13. Information security is not only complex because IT systems are becoming more
elaborate but also because of increasing connectivity.
This is why information security needs a comprehensive concept that outlines the
risks and processes involved.
It must be possible to adapt any information security concept to the ever-changing
circumstances at hand.
One's own processes and requirements will change as will the risks brought about by
changes made in IT.
This also includes the growing number of sophisticated tools and methods employed
by attackers.
2015
RWS Group - www.rws-group.de 13
ETUG 2015 – Information Security for Translation Services
14. Information security is not just IT security. Information security refers to both
technical aspects and to procedural ones. The goal is to protect information from
unauthorised access as well as to provide information to the right place at the right
time. Information that is so well secured that even authorised persons cannot use it
is worthless.
As far as information security is concerned, we can define several perspectives:
1. Data security
2. Protection against spying eyes
3. Access control
4. Data transfer
In the following section, we will focus our attention on a number of aspects that are
highly relevant for translation processes and language service providers.
2015
RWS Group - www.rws-group.de 14
ETUG 2015 – Information Security for Translation Services
15. To implement a concept for information security, various aspects must be taken into consideration.
On the one hand, there is a series of technological measures to implement. Among these are
separating the network, installing sophisticated firewalls or encrypting data drives and
communication channels. As a rule, you should assume that the protection level must be increased to
match the confidentiality requirements of the information. Practically speaking, this is primarily a
financial challenge for companies. The technological requirements correspond in large part to those
of other companies.
Likewise, steps need to be taken in reference to structural changes. You must ensure that secured
areas are equipped with access control devices. Appropriate visual protection screens must also be
added to prevent spying. Information security also requires proper anti-burglary and fire-protection
equipment. Here too, the requirements for a translation service provider are comparable to those in
other industries.
Just as critical as these physical measures are awareness programmes and employees training. A large
part of the successful attacks is carried by employees. Whether phishing for passwords and login
credentials or installing trojans by carelessly clicking links to infected websites. You should not
overlook the fact that this is an ongoing job; people's attention to details wanes over time. Customers
also have their own responsibilities in this regard. If contact partners start ignoring agreed standards
in day-to-day business dealings, it will be difficult for language service provider employees to accept
the significance of measures they feel to be at least in part annoying.
The biggest hurdle for language service providers is, however, the translation process itself. You must
generally assume that a large share of the translations will be completed by freelance translators.
They often work outside of the access zone provided by the language service provider. This means
that the documents given to the translators also leave the controlled area at the language service
provider. We will take a closer look at this problem in the following section of the presentation.
All in all, the ability to control the technological and personal aspects of the translation process has
become the most demanding challenge.
2015
RWS Group - www.rws-group.de 15
ETUG 2015 – Information Security for Translation Services
16. If you want to tart with information security, you have to classify your information.
From the classification you can convey all the security requirements for each document.
The classification should be reflected in:
• Physical situation of rooms and access restrictions
• Network separation
• Security measures
2015
RWS Group - www.rws-group.de 16
ETUG 2015 – Information Security for Translation Services
17. Language service providers usually work together with freelance translators who can live
and work anywhere around the globe.
In terms of the translation process, this means that a confidential or secret document is
initially sent by the customer to the language service provider.
There, the document is prepared for translation. Until then, both customer and language
service provider still control access to the document. The document is sent encrypted, all
systems implement a high security standard, and the employees have been trained and
made aware of the possible risks.
Now a translator must finally receive the document, so he or she may start translating it.
When selecting a translator, a series of requirements must be fulfilled:
The translator must be qualified according to the international standard ISO 17100. This
means that not only do translators need to be qualified in their respective language
combinations but also be knowledgeable of the contents of what they are translating. In
addition to the translator, we also need a proofreader with comparable skills.
You generally cannot assume that it is economically feasible to have all the required
translators for a large number of languages and large number of subject areas available at
the language service provider.
2015
RWS Group - www.rws-group.de 17
ETUG 2015 – Information Security for Translation Services
18. Therefore, the following options are left:
1. The translators needed are flown in.
Due to the expenses and the time involved, this is hardly a realistic option.
2. The translators fulfil the same requirements as the language service provider.
This is indeed possible but can incur high costs for individual translators. Abidance
of the requirements would still have to be checked by the language service
provider. From a practical standpoint, this would be expecting far too much of all
the participants.
3. What is needed is a hybrid solution.
2015
RWS Group - www.rws-group.de 18
ETUG 2015 – Information Security for Translation Services
19. Translators work from their offices over protected VPN connections to special work areas that have
been set up on the systems located at the language service provider.
This procedure ensures that the technological requirements regarding the storage of documents
remain in control of the language service provider.
The translators must also be trained and made aware of the specifics of working with the confidential
documents at hand. This means that confidential documents must not be processed in public rooms
or on unsecured networks. Working in an airplane, a train, in an Internet café or on the beach is not
an option. Moreover, printouts or screenshots are not allowed. The rules in place for using Internet-
based translation tools must be strictly observed. Here is where the support provided by the
designated translation tools are helpful. It would be helpful if the project manager could disable
cloud-based MT for particular projects in SDL Studio.
When selecting the translators for a particular job, great care should be exercised. Agreements
concerning information security must be made with the translators that extend beyond those of a
normal NDA. It is recommended that you verify the translator's compliance with the agreement.
For the language service provider, this procedure means being able to increase the potential pool of
translators. Nevertheless, this method also requires a lead time of a few weeks before the translator
can start work. In addition, one should note that special licensing requirements for the terminal
services to be used must be met. These include licences for the operating systems and office
programs.
2015
RWS Group - www.rws-group.de 19
ETUG 2015 – Information Security for Translation Services
20. In our view, the procedure presented here is suitable for processing documents that
are confidential or strictly confidential. For the time being, documents classified as
secret can only be processed with sufficient security if they are done so internally.
2015
RWS Group - www.rws-group.de 20
ETUG 2015 – Information Security for Translation Services
21. Another aspect that I would like to touch upon is that of cloud-based services, which
are gaining in popularity.
There are good reasons for using cloud-based services. One should not categorically
claim that cloud services are non-secure.
The problems with cloud services for language service providers is in ensuring that
the cloud services used conform to the agreed security requirements.
For the increasing number of cloud services being offered in the translation industry,
the vendors must also offer the appropriate security standards and guarantee them
to service providers and customers in a understandable, logical way. This means that
in SDL Studio, for example, project managers should have the option of limiting the
use of cloud-services.
At any rate, it should be possible to tell if a translator has used cloud-based machine
translation in his or her project.
Practice has shown that at least for now it is better to use cloud-based services for
translations in secured areas. This can only work if the language service provider has
wide control of the technologies in use at the translation workplace.
2015
RWS Group - www.rws-group.de 21
ETUG 2015 – Information Security for Translation Services
22. Thank you for your attention.
2015
RWS Group - www.rws-group.de 22
ETUG 2015 – Information Security for Translation Services