McLaren Mercedes battles cyber attacks by nation states - and staff intent on using Dropbox
27 Oct 2014 0 Comments
When a well-known, high-tech organisation has evidence that it is under attack from "nation states", how does it handle its IT security - especially in terms of the growing number of staff from among the so-called "Facebook generation", who are not only used to sharing everything online but who will hop on the internet in a heartbeat to find a cool tool to do a particular job?
Those are the challenges facing the Formula-1 racing team McLaren Mercedes and its CIO Stuart Birrell every day. Ones that, hopefully, his organisation have successfully dealt with.
"Because of our IP [intellectual property] and profile, we're an attack target. Four weeks ago there was firewall probing by a nation state of eastern origin. We know, because our defences can see that happen, because they're working in the background," he said.
Those attacks were not only fended off, but traced to their source. However, while Birrell can do little about outside interest in the company's developments - apart from ensuring that security remains tight, and maintaining a watchful eye over firewalls, email and operational systems - he can provide staff with more secure means of collaborating on high-technology projects so that they don't resort to Dropbox.
"As the CIO, it's a constant bane of my life," Birrell said during a presentation at the team's state-of-the-art headquarters near Woking.
"How do you enable collaboration and access to the internet without compromising on security? How do you use a cloud you can control? How do you enable mobile working without losing data? How do we stop staff walking out the door with secret information and how do we deal with direct threats and attacks?" asked Birrell.
Deploying secure cloud collaboration tools from Intralinks has hopefully headed-off those staff who would otherwise use Dropbox and similar tools instead. It has enabled, said Birrell, McLaren Mercedes to securely and efficiently share files wherever in the world the team might be racing that weekend.
Birrell (left) explained that the high risk of cyber espionage, along with the challenges that accompany the need for secure collaboration within a Formula 1 team, is "the reason we have the relationship with Intralinks".
It's the job of IT, said Birrell, to address the issue of security in a way that doesn't prevent engineers from being able to work in an effective and collaborative manner. "The engineers who are designing the F1 car or the road car, they don't give a monkeys, they want to share their designs and engineering data, to hand stuff over on a memory stick. They don't want to be encumbered, they want to collaborate, they want to share," he explained.
Birrell described how this desire to share is particularly prevalent among younger employees who have grown up using social media, sharing every aspect of their lives, which has increased the challenge of preventing them from doing likewise in the workplace.
"The new generation coming in, the Facebook generation, they share. They don't get IP [intellectual property], they don't get the importance of keeping hold of that, because they share everything, they share their personal lives, so why should they not share a drawing of a widget, when actually that widget is worth a fortune? But it's that mentality, that approach," he said.
Birrell said that in order to deal with those sorts of cultural issues McLaren Mercedes tries to make sharing simple, but secure, by using an enterprise collaboration tool in Intralinks.
"Part of the relationship with Intralinks is based around how they've made it robust, and how they make it easy. All of our people could use Dropbox from Hell around the place, because it's easy, isn't it? And these guys, they want an easy way to collaborate and share information," he said.
Another key method of keeping security tight at McLaren Mercedes, Birrell said, was through formal training for all staff about how to use the Intralinks software - and why they need to use it, rather than any other collaboration tool they might find on the internet.
"One of the interesting things is the human side of this. I've mentioned that the engineers want things easy. If we put this out there, it isn't enough, why should they use it, when they've got Dropbox? How do you get somebody who's got an easy way of doing something to do something else?" he said.
"It's education, it's human nature. One of the things I've invested in behind all this is a security manager. Not a typical one who sits there and says no, but a security manager who actually tells people how they make things work, be patient, do the training, to actually persuade the engineers," continued Birrell.
"It's about education, about training, about culture and making it easy. Which is why we have that relationship with Intralinks, making collaboration and security easy to use," he concluded.
"Because of our IP [intellectual property] and profile, we're an attack target. Four weeks ago there was firewall probing by a nation state of eastern origin. We know, because our defences can see that happen, because they're working in the background," he said.
Those attacks were not only fended off, but traced to their source. However, while Birrell can do little about outside interest in the company's developments - apart from ensuring that security remains tight, and maintaining a watchful eye over firewalls, email and operational systems - he can provide staff with more secure means of collaborating on high-technology projects so that they don't resort to Dropbox.
"As the CIO, it's a constant bane of my life," Birrell said during a presentation at the team's state-of-the-art headquarters near Woking.
"How do you enable collaboration and access to the internet without compromising on security? How do you use a cloud you can control? How do you enable mobile working without losing data? How do we stop staff walking out the door with secret information and how do we deal with direct threats and attacks?" asked Birrell.
Deploying secure cloud collaboration tools from Intralinks has hopefully headed-off those staff who would otherwise use Dropbox and similar tools instead. It has enabled, said Birrell, McLaren Mercedes to securely and efficiently share files wherever in the world the team might be racing that weekend.
Birrell (left) explained that the high risk of cyber espionage, along with the challenges that accompany the need for secure collaboration within a Formula 1 team, is "the reason we have the relationship with Intralinks".
It's the job of IT, said Birrell, to address the issue of security in a way that doesn't prevent engineers from being able to work in an effective and collaborative manner. "The engineers who are designing the F1 car or the road car, they don't give a monkeys, they want to share their designs and engineering data, to hand stuff over on a memory stick. They don't want to be encumbered, they want to collaborate, they want to share," he explained.
Birrell described how this desire to share is particularly prevalent among younger employees who have grown up using social media, sharing every aspect of their lives, which has increased the challenge of preventing them from doing likewise in the workplace.
"The new generation coming in, the Facebook generation, they share. They don't get IP [intellectual property], they don't get the importance of keeping hold of that, because they share everything, they share their personal lives, so why should they not share a drawing of a widget, when actually that widget is worth a fortune? But it's that mentality, that approach," he said.
Birrell said that in order to deal with those sorts of cultural issues McLaren Mercedes tries to make sharing simple, but secure, by using an enterprise collaboration tool in Intralinks.
Another key method of keeping security tight at McLaren Mercedes, Birrell said, was through formal training for all staff about how to use the Intralinks software - and why they need to use it, rather than any other collaboration tool they might find on the internet.
"One of the interesting things is the human side of this. I've mentioned that the engineers want things easy. If we put this out there, it isn't enough, why should they use it, when they've got Dropbox? How do you get somebody who's got an easy way of doing something to do something else?" he said.
"It's education, it's human nature. One of the things I've invested in behind all this is a security manager. Not a typical one who sits there and says no, but a security manager who actually tells people how they make things work, be patient, do the training, to actually persuade the engineers," continued Birrell.
"It's about education, about training, about culture and making it easy. Which is why we have that relationship with Intralinks, making collaboration and security easy to use," he concluded.
No comments:
Post a Comment