The event will rely on a number of applications and web portals, which include an interactive volunteer portal, athlete accreditation management tools, and a travel logistics site. Securing the data centre where these applications reside is of critical importance, ensuring risks are mitigated, threats are prevented, and regulatory requirements are met.
The TO2015 mission is to ignite the spirit through a celebration of sport and culture. In this vein, the Organizing Committee was looking for technology partners who shared in their vision to deliver the best Games possible. Cisco was already on board as a Premier Partner of the Games and the Organizing Committee was now looking for an information technology integrator who could provide IT security, data centre integration, and managed storage services.
“We were very impressed by the initial meeting with Scalar. Their level of enthusiasm and passion was apparent and they clearly demonstrated that they wanted to be part of this event,” said Brian Cook, vice-president, information technology, TO2015.
We were brought on board as an Official Supplier to the Games, providing an important range of services, including the development of a Security Operations Centre (SOC).
As with any major world sporting event, the SOC needed to be state-of-the-art, detecting outside and internal threats and putting preventative measures in place to reduce risk. While Cook and his team had a high level conceptual idea of what they wanted to do from a security architecture perspective, we worked with them to help design and fit out the primary data centre. “We were able to utilize the expertise Scalar clearly have in the security business,” said Cook.
Scalar's level of enthusiasm and passion was apparent and they clearly demonstrated that they wanted to be part of this event
The TO2015 Pan Am/Parapan Am Games IT security architecture focuses on 5 key areas:
1. Intrusion Detection and Prevention
The intrusion detection and prevention measures put in place constantly monitor the TO2015 environment, blocking potential threats. The solution provides visibility into everything on the network, including network attacks and malware. URL and application content filtering have been implemented, preventing users from visiting websites and web applications containing malicious content. Reporting is produced and analyzed regularly for trending threats and to determine where additional controls can be applied to mitigate these risks.
2. Development of Security Policies and Standards
A set of policies was developed to ensure that systems and processes are compliant with ISO27001, governing everything from network security, access control and physical access policies for the data centre.
3. Vulnerability Management Scans
The implementation of regular security scans against the systems infrastructure (desktops and the server environment) allow the team to stay on top of any security related patches, reducing the risk of potentially compromised end points. Additionally, an end user testing group provides feedback on applied patches, highlighting any potential end user compatibility issues.
4. Logging and Monitoring
The collection of all security events provides insight into what is taking place within the TO2015 environment, allowing issues to be raised and acted on. Event collection occurs from a variety of different platforms such as operating systems and network devices. Dashboards, reporting and alerting have been put in place to allow the team to detect and action security related events.
5. Web Application Penetration Testing
As the TO2015 various web portals go live, there is a need to ensure they are secure from external threats. This security penetration testing runs throughout the lifecycle of the Games to uncover vulnerabilities, with the aim to remediate the issues and to avoid compromises. The scan results are shared with the software development companies responsible for building and maintaining the websites, allowing them to address vulnerabilities and develop a more secure software platform.
“From the start, Scalar has had a pragmatic approach to working through issues, not only from a technological perspective, but also pertaining to the management of relationships and budgetary concerns,” said Cook. “They are not fixed in their mindsets – they listen to our challenges and are transparent with problems they are facing which is very helpful for us. This is very much a collaborative effort between Scalar, Cisco and Beanfield – and Scalar have demonstrated they have the skills and expertise to work in an integrated fashion with our key technology sponsors,” he continued.
Scalar are not fixed in their mindsets – they listen to our challenges and are transparent with problems they are facing