This past summer, while the Royal Bank was battling its IT demons, the company ultimately had only one concern – was the information stored on its servers trustworthy? As it turns out, customer account balance snafus notwithstanding, the bank did have faith in its data and the recovery which, though time consuming, was successful.
This concept of information integrity was the focus of a Symantec Corp. Webcast on Tuesday.
John Schwartz, chief operating officer, said companies can assume a 10:1 ratio for the cost of a single incident versus the price of protecting the data’s integrity in the first place.
But Victor Keong, a Toronto-based partner in Deloitte’s security services practice, said the idea of data integrity is nothing new, especially for the financial institutions. And though he doesn’t necessarily disagree with the 10:1 ratio, he said some industries just don’t see the need for a high level of IT continuity investment. Keong pointed to manufacturing as a case in point, but was quick to add that the industry is less IT intensive than others.
One organization that is IT intensive is Atos Origin, the group responsible for the 2004 Athens Olympics IT infrastructure. The company was also responsible for Salt Lake City in 2002, and has been contracted to handle IT for the 2006 winter games in Torino, Italy and the summer games in 2008 in Beijing.
Data integrity was critical to the game’s success. said Yan Noblot, Altos Origin’s information security manager. Without it, events come to a halt. For example, no event’s result is final until a printout of the results is signed by the proper authority. So if data has lost its integrity, the results are incomplete, and go unsigned. In essence, everything comes to a stop, he said.
To make sure there were no problem, Noblot said his team in the 135-seat technology operations centre (TOC) ran through scenarios that pushed both the people and the systems to see how they would handle stress. They did extensive penetration testing too, he said. The group was responsible for the IT infrastructure at 36 sporting venues and 26 non-sporting venues, as well as the physical access for 200,000 people to those sites.
Over a 16-day period, Atos Origin’s infrastructure had 4,700,000 filtered events, of which only 22 turned out to be critical alarms. In order to be successful, the security team had to “understand the traffic flow,” he said.
Additionally, to make management of the systems easier, a standard environment was used to facilitate patching. The TOC was “the brains” behind the games, Noblot said, but “at the end of the day we still had to have our eyes open.”
John Thompson, the CEO of Symantec who was speaking via satellite from New York, said the big challenge is the battle between the “go, go, go” of the IT/operations people and the “lock it down” mentality of the security folks.
To help solve this, though maybe not the inherent turf wars that can occur between the groups, Symantec is introducing a series of products and services; including the Enterprise Security Manager 6.1, Gateway Security 4.0 and the Live State Recovery family of products.