Posted on behalf of Martin Lee, Senior Software Engineer, Symantec Hosted Services
Information security is all about maintaining the confidentiality, integrity and availability of data. At this time of year, no information security asset is more important than Santa’s ‘naughty or nice’ list.
This data set lists the personal details of billions of individuals along with highly sensitive details of their private life. This database is almost certainly a high profile target for criminal gangs. The details may be used to blackmail high profile individuals or to compromise employees with access to sensitive or further confidential information. Any unauthorized disclosure of this information may also breach North Pole data protection laws.
The integrity of this data is also of vital importance, unauthorized access may allow criminal gangs to alter statuses from ‘naughty’ to ‘nice’ for financial gain, potentially allowing naughty individuals to continue their behavior with impunity.
At this time of year, the availability of this database is paramount. With a large work force of elves continually referring to this list, checking it once, checking it twice, any period of unavailability would have adverse consequences to Santa’s operations.
With such an important security asset to secure, it’s important to consider possible attack vectors and how to mitigate them. Santa receives many emails during the run up to the holiday season.
UNICEF estimates that there are 2.2 billion children in the world, if just 10% send an email request this means that Santa would process over 200 million emails. Currently MessageLabs Intelligence measures that one in every 284 emails contains malware. Therefore we would expect Santa’s email to contain over 750,000 pieces of malware. Additionally, this would be an ideal vector by which sophisticated gangs may attempt to infiltrate the organization using targeted Trojans.
Symantec Hosted Services industry-leading SLA of detecting all known and unknown email malware means that Santa would be able to protect his operation against any attempt to compromise his high value security assets by email borne malware. Additionally, Symantec Hosted Services’ hosted email continuity service would ensure that Santa’s elves were still able to access email even if Santa’s email system were to suffer an outage. Since we regularly process up to 5 billion emails per day any last minute rush of emails won’t overload our infrastructure.
With a large proportion of his workforce involved in international distribution and working remotely, ensuring that these remote workers comply with acceptable use policies and don’t download web malware to their laptops is a headache for Santa as for any chief executive. Our Hosted Web Security solution can offer the same level of web browsing protection for employees both inside and outside of the office. Our statistics show that users behave differently when they are working remotely, being far more likely to attempt to access streaming media and shopping web sites than when they are in the office. Equally, our Hosted Endpoint Protection can ensure that remote working elves have operating system updates correctly installed and up to date anti-virus scanning even when they don’t connect to the internal network over VPN.
A hosted solution is ideal for a predominately seasonal workforce. Payment is based on the number of users. If Santa wishes to reduce his work force in the New Year, then license fees for his hosted services will drop correspondingly. If he wishes to add new employees in the busy period during Autumn, then it is quick and easy to add users and pay for them as required.
Symantec Hosted Services protects the information assets of over 31,000 clients based in 100 countries. From the North Pole to the South Pole, from small businesses to multi-national giants every business has their own concerns and particular information security requirements. The beauty of a cloud based service model is that we encounter and protect against every threat out there and ensure that no matter how unique your business may be, we’ll ensure that that you won’t have to worry about the security of your business this holiday season.