News

Sportingbet does not gamble on security

Simon Sharwood

When Australia's largest bookmaker started operating online, its IT Director Gary Harris knew there was a lot he did not know about security.

"When we first started on the Net is was about recognising what we did not know," he says. "We did not have a lot of internal resources to apply to security: the company only has 65 staff five of whom are in IT."

One thing Harris did know was that security was of paramount importance to his company.

"40% of our transactions are online," he explains. "And those transactions represent 80% of our turnover.

"Any thought that a client's personal information or financial transactions were not secure or private would be devastating. We can never sit back and relax on security and we know it is a constant battle."

But what Harris did not know was where to fight the battle, and with what weapons.

He therefore asked Hewlett Packard, which with Cisco is a key hardware provider to the company, to assess Sportingbet's security arrangements.

"We knew they had global resources in place," a capability demonstrated by the despatch of HP staff to Darwin to observe the Sportingbet at work to help understand its security needs.

The eventual assessment showed gaps in Sportingbet's security, leading Harris to engage HP and another company he declined to name to improve its situation and then provide ongoing services to ensure its newly-defined standards were upheld.

"We made a conscious decision not to use HP for some parts of the implementation," he says, with the expert skills of the other provider adding an extra layer of sophistication to the company's security portfolio.

HP did , however, provide the company with guidance on security policy and with hands-on help to implement its new regime. The company now performs 24x7 monitoring services for Sportingbet, which Harris says " is just is not resourced to do it 24 hours a day. We had the choice to either recruit or outsource and outsourcing was really our only valid option."

The first three to four days of this arrangement were, Harris said, typically rocky.

"When you start this kind of thing you are not sure what you want," he says. "What you agreed to on paper and what happens are different things. But it has rolled along pretty nicely and we rely on HP to keep us one step ahead of the game."

But Harris has made sure that reliance does not translate into helplessness.

"We have recruited a network specialist with banking security expertise," Harris says. "We did it because we think you can leverage external providers more effectively if you have the people in the organisation to ask them the right questions."