No Vacation Time for Celebrity Resorts

Visit Celebrity Resorts’ website and you are treated to a slide show of people strolling along white sand beaches, playing golf, hiking in the Colorado Rockies and lounging in the sun by a pool.

But those images are strictly for the customers, not the IT security staff — just because they are in the resort business, it doesn’t mean they can ever take a vacation.

“We operate a private network that runs from here to Hawaii with all our resorts’ Internet services coming back through DS3 connections into Orlando,” said Scott Zane, senior director of Support Services at Orlando, Fla.-based Celebrity Resorts. “We are also running VoIP, so we can’t afford to have anomalies on our network that would interfere with our QoS (quality of service).”

To keep it that way, he adopts a defense-in-depth strategy; adopting more layers to protect his network from attack than his customers use to guard against the cold when downhill skiing at Celebrity’s Steamboat Springs’ resort.

Virus Roulette

Privately-held, the company owns and manages a more than a dozen time-share resorts stretching from Atlantic City to Honolulu, as well as engaging in condominium development, property management and financial services. Zane joined the firm about four years ago around the time the company acquired assets from a bankrupt competitor, tripling its number of resorts from three to nine and nearly quadrupling its staff.

He had been on top of security at his former employer and hadn’t had a virus outbreak in three years. But his first and only outbreak occurred at Celebrity shortly after arriving. So he made his first security change. Since the McAfee anti-virus (AV) license was expiring in about a month he decided not to renew it.

He characterizes AV as a “roulette game” — it is a game of chance where anyone can get hit at any time. But since he had good success with Panda Software’s BusinesSecure suite at his former company, he decided to go with that rather than McAfee.

The suite protects Microsoft Exchange servers, file servers and workstations from malware, as well as providing Web content filtering. Zane’s first target was to set up content filtering on email, to prevent problems similar to the infection that had just hit the company.

Since the software has a lower resource consumption than other suites, he found he could run it on the primary domain controller (PDC) rather than a dedicated server.

“That is how minimal the resources are required to manage it,” he said. “BusinesSecure doesn’t bog down the domain controller at all or interfere with DHCP, DNS and all the rest running on the PDC.”

Threat Vectors

Given the rising number of potential threat vectors, security suites are becoming a popular option for consumers as well as businesses.

“While point-products are still more usually deployed, the trend is towards enterprise suites,” said Natalie Lambert, analyst for Forrester Research. “Integrated suites are a much better approach as the various tools work closely together, threat prevention is more comprehensive and management is a lot easier. When three-year antivirus contracts come to an end, many companies will buy a suite instead.”

There is a certain logic to it, particularly for small and mid-sized businesses. Global enterprises have the resources to hire specialists to maintain a full array of point security products. But when a smaller crew needs to manage all IT functions, not just optimize the firewall settings, certain security functions need to be outsourced.