Donna Porter, Director of Corporate IT for Evans Hotels, let me know a bit about how her organization is using AlgoSec's network security policy management solution through Security On-Demand, a service provider. I appreciate you taking the time, Donna.
Introduce yourself and your organization?
Donna Porter, Corporate Director of Information Technology, Evans Hotels. Evans Hotels is the premier provider of resort accommodations in Southern California. The company's portfolio of properties currently includes The Bahia Hotel on Mission Bay, The Catamaran Resort Hotel on Mission Bay, and The Lodge at Torrey Pines in La Jolla, California.
What were you doing that you need this type of technology?
I was looking to find a way to get greater visibility to compliance information and at the same time gain an understanding of what unknown risks might be present with my current firewall policies. We have not had a formal firewall or security audit for some time, so AlgoSec afforded me a convenient and affordable way see what I was missing.
What products did you consider before making a selection?
We did not conduct a search for other solutions, we were not aware of the capabilities of this type of solution. Our managed security provider, Security On-Demand introduced us to the AlgoSec service and recommended that we sign up for it based on some reports they provided that were able to help us understand what our potential security issues were.
Why did you select this product?
Security On-Demand has been our managed security partner for several years. We initially engaged them because we did not have security expertise in-house and they were knowledgeable about what we needed to do to become PCI compliant. The AlgoSec solution was introduced to us as a managed solution provided by and fully managed by Security On-Demand.
What tangible benefits has your organization gotten through the use of this product?
We’ve been able to identify several potential security risks with our firewall policies. I’ve also been able to implement the reporting into our risk management planning so that I can communicate with my staff more effectively regarding IT security and our internal controls. Knowing that I we can better validate the soundness of our security posture by using this service, helps me to feel more confident about our compliance goals and basically helps me to sleep better at night.
What advice would you give others facing similar issues?
Finding and adopting tools and services that can automate the compliance burden and expense is a must in today’s business environment. IT staff should not waste time on non-productive tasks such as analyzing security logs, looking for firewall rule misconfigurations, problems, etc. In addition, IT staff should have solutions and partners available to them that help them do their job more efficiently and that can help mitigate risk. Everyone in IT management is concerned that a system administrator could accidentally leave a back door open, misconfigure a policy, or inadvertently open the door to an attacker. This is a great solution that is essentially a “no-brainer” for any size IT organization.
Security is an increasingly important requirement for eCommerce or other customer facing sites. I believe this needs to be an important component of application design from the outset rather than something added on afterwards. Tools, such as those offered by AlgoSec and others, are a helpful addition to a company's portfolio of tools.