The world of the internet can be a difficult place to maintain a safe and secure environment. Philip Lieberman, founder and president of Lieberman Software, explains how threats from within a casino structure can be just as dangerous as those from outside. Insider security threats are the greatest challenge for the gambling industry’s technical staff, it is a task that requires a special vigilance not usually associated with other types of businesses.
The special requirements are to combat high volumes of sensitive payment and player data. To minimize efforts to administer a large quantity of applications, locations and staff passwords are often simple and unchanging leaving a lot to be desired in the security department.
Because of close proximity to the action destinations such as London become centers for IT professionals who change jobs frequently. This situation creates a revolving door scenario where sensitive information leaves with the employee on a regular basis. IT staff are usually granted any time, anonymous access to data and configuration settings almost anywhere on casino networks. Information can be misappropriated by developers, contractors and administrators to gain anonymous access to player and financial transaction records.
To minimize the threat of unwanted leaks of sensitive information managers must first define project goals and then determine who on the team is best suited to determine whether each vendor’s proposed solution is really a fit. The process for choosing a privileged identity management vendor is simple and casino operators should expect the software vendor to provide, a detailed, written analysis of the organization’s security and business goals with very explicit documentation of application, system and management needs. Companies are out there that offer a trial evaluation of the proposed solution in a test environment with a realistic mix of your target systems and applications. The right choice of solution can close the insider security threat at a reasonable cost and with timely results.