Equipped for Safe Entertainment
Anil Garg, Senior VP - IT & New Media, Sony Entertainment
Television (SET) India believes that security is vital to survive in the cut
throat world of media and entertainment. Here's a look at what makes his security
strategy meet the business needs. by Anil Patrick R
The entertainment industry is not all about fun. It is a cut throat world where
the nature of high-value transactions call for highly secure infrastructurefor
both IT and office premises. In addition to that, corporate espionage and internal
threats are common.
"We are in the business of entertainment. In this industry Intellectual
Property Rights (IPR) and asset security are major concerns. We have to be highly
secure to survive," says Anil Garg.
For your eyes only
SET has been highly aware of the need for security in its organization. It thus
stresses on physical security policies that have been in place for many years
Physical security is as important to information security as technological safeguards.
The SET's broadcast rooms therefore, have authentication mechanisms include
proximity sensors/cards, and biometric devices.
SET has been an early adopter which itself speaks volumes about its awareness
of the need for security. "To reach our broadcast rooms, it is necessary
to pass through more than four check points and three cameras. Measures like
these have been in place from 1995," says Garg.
Practices at SET include leaving no paper behind in key locations. Paper shredders
are installed where necessary to ensure that no documents remain lying around.
All these security measures are not possible without user awareness. SET follows
the process of user education at the time of joining. During these sessions,
the employees are taught the basics of security and all the policies that are
applicable to the job functions. Need-based training sessions are also given
to existing employees.
The right business buy-in
Garg attributes his successes mainly to SET's top management's involvement in
"The need for security has to come from the top level of the organization
itself. It is the only way that security can be successfully achieved,"
The company has less than 300 employees so as to keep trim with best results.
This calls for a highly automated and secure work environment. Garg and his
team developed an in-house ERP to take care of these requirements. This ERP
named Samba drives all the business processes of SET India at present.
"Our top management is fairly IT savvy and it is visible from their involvement
in the development of Samba, our homegrown ERP," says Garg.
On the technology side, the company believes in keeping minimum interaction
with public networks. This is why the corporate website is hosted at an IDC
to avoid interaction with the external world.
The organization has two key locations at Mumbai and Singapore. The Singapore
facility is a complete replica of the Mumbai operations and can take over operations
if it goes down. The main data center at Mumbai also has a separate center for
Sony Corporation's corporate guidelines are used by SET. According to these
guidelines, connectivity for the enterprise is only through VPNs. In addition
to this, software like Outlook Express and Lotus Notes are also not used. No
remote user access is allowed to the network to minimize insider threat risks.
SET has anti-virus and firewalls in place along with incident logs.
Patch management and anti-virus updates are is done manually, every day by SET's
Checked to succeed
No strategy can be maintained properly if regular checks
and audits are not performed. In SET's case, a dedicated internal audit department
is in charge of this crucial function.
Every two weeks the networks are tested by a consulting service.
The organization uses external auditors to do regular security audits. Plus,
Sony Corporation does yearly audits for systems that are visible to the external
world. These tests also include intrusion tests.
Anil Patrick R can be reached at: firstname.lastname@example.org