TORONTO — The lead IT contractor for the Olympics says it is preparing to take the information security practices it honed in Athens to the next two games in Torino and Beijing.
Atos Origin, which won a contract to manage IT
infrastructure for four games, including the Salt Lake City games in 2002, has already completed staffing a facility to plan the 2006 games in Torino. This week, the firm will also be sending its first employee to Beijing to get some preparatory work underway. The long-range planning could be likened to the training of a professional athlete, but in this case the goal is not a medal, but ensuring the network supporting the games doesn’t suffer major downtime. According to Atos Origin’s information security major, his firm’s track record in Athens has established it as a winner.
“”In 16 days, we had 4,700,000 events,”” Yan Nablot told a Webcast hosted by Symantec Corp. on Tuesday that was broadcast around the world. “”Of those, only 430 were high-level alarms and only 22 of them turned out to be critical events.””
Symantec invited Atos Origin to show an example of a customer which has adopted its IT security approach, which it has dubbed information integrity.
Nablot said Atos Origin, which uses Symantec’s Ghost software among other tools, was able to prioritize and manage security issues primarily by doing an preliminary round of risk analysis, developing possible scenarios that formed the basis of its security policies and training program. “”We also did a technical rehearsal,”” he said, running through the scenarios and the best possible responses.
Besides recording the scores and times of individual competitions at the games, Nablot said Atos Origin’s network is primarily designed around diffusing information and what he called games management. Much of the data generated by the games, for example, is distributed to the media in order to fill the approximately 4,500 hours of programming that is broadcast during each Olympics. Atos Origin also managed Info2004, the Olympic intranet which allows users to manage schedules, navigate through the results and a host of other functions.
Noblot said one of the major challenges was both the scale of the infrastructure and the physical size of the Olympics. The company’s technology operations centre (TOC) has a staff of about 135 people in charge of 9,000 servers, 10,500 PCs and 4,000 result terminals. From a security standpoint, there are also more than 200,000 accredited individual users with varying levels of access. Compounding this were the more than 60 sites throughout the games.
“”We couldn’t put an incident response team in each location,”” he said. “”That’s why we had to figure out how to monitor and respond very quickly.””
Atos Origin’s solution was to set up separate virtual local area networks for the games management system, its information diffusion applications and all the technical services it provided to the Olympics. That allowed the firm to segment the traffic so that a virus, for example, could be contained, Noblot said.
“”That’s the first question I ask any of my providers,”” he said. “”I’ll say, ‘Is this something that can be centrally managed? Okay, we’ll use it.'””
John Schwartz, Symantec’s chief operating officer, said later that security based on information integrity means not only limiting disruptions to the business but to restore normal operations as soon as possible.
“”There’s a 10:1 ratio of a single incident and the cost of ensuring information integrity,”” he said. That’s not taking into consideration the less tangible costs to the enterprise’s credibility, he said.
Symantec’s Webcast also included comments from a number of other customers and partners who endorsed its combination of software and services. Schwartz said the firm’s next priorities include the development of mobile security platforms and tools to combat Internet phishing schemes.