Equipped for Safe Entertainment

Anil Garg

Anil Garg, Senior VP - IT & New Media, Sony Entertainment Television (SET) India believes that security is vital to survive in the cut throat world of media and entertainment. Here's a look at what makes his security strategy meet the business needs. by Anil Patrick R

The entertainment industry is not all about fun. It is a cut throat world where the nature of high-value transactions call for highly secure infrastructure—for both IT and office premises. In addition to that, corporate espionage and internal threats are common.

"We are in the business of entertainment. In this industry Intellectual Property Rights (IPR) and asset security are major concerns. We have to be highly secure to survive," says Anil Garg.

For your eyes only

SET has been highly aware of the need for security in its organization. It thus stresses on physical security policies that have been in place for many years now.

Physical security is as important to information security as technological safeguards. The SET's broadcast rooms therefore, have authentication mechanisms include proximity sensors/cards, and biometric devices.

SET has been an early adopter which itself speaks volumes about its awareness of the need for security. "To reach our broadcast rooms, it is necessary to pass through more than four check points and three cameras. Measures like these have been in place from 1995," says Garg.

Practices at SET include leaving no paper behind in key locations. Paper shredders are installed where necessary to ensure that no documents remain lying around.

All these security measures are not possible without user awareness. SET follows the process of user education at the time of joining. During these sessions, the employees are taught the basics of security and all the policies that are applicable to the job functions. Need-based training sessions are also given to existing employees.

The right business buy-in

Garg attributes his successes mainly to SET's top management's involvement in IT initiatives.

"The need for security has to come from the top level of the organization itself. It is the only way that security can be successfully achieved," he said.

The company has less than 300 employees so as to keep trim with best results. This calls for a highly automated and secure work environment. Garg and his team developed an in-house ERP to take care of these requirements. This ERP named Samba drives all the business processes of SET India at present.

"Our top management is fairly IT savvy and it is visible from their involvement in the development of Samba, our homegrown ERP," says Garg.

Tech talk

On the technology side, the company believes in keeping minimum interaction with public networks. This is why the corporate website is hosted at an IDC to avoid interaction with the external world.

The organization has two key locations at Mumbai and Singapore. The Singapore facility is a complete replica of the Mumbai operations and can take over operations if it goes down. The main data center at Mumbai also has a separate center for data backup.

Sony Corporation's corporate guidelines are used by SET. According to these guidelines, connectivity for the enterprise is only through VPNs. In addition to this, software like Outlook Express and Lotus Notes are also not used. No remote user access is allowed to the network to minimize insider threat risks. SET has anti-virus and firewalls in place along with incident logs.

Patch management and anti-virus updates are is done manually, every day by SET's facilities team.

Checked to succeed

No strategy can be maintained properly if regular checks and audits are not performed. In SET's case, a dedicated internal audit department is in charge of this crucial function.

Every two weeks the networks are tested by a consulting service. The organization uses external auditors to do regular security audits. Plus, Sony Corporation does yearly audits for systems that are visible to the external world. These tests also include intrusion tests.

Anil Patrick R can be reached at: anilpatrick@networkmagazineindia.com