Wyndham: Database Security Solution

Business Challenge

Wyndham Properties holds sensitive data about guests at its hotels and time share properties. It needed to monitor and control access to its databases to comply with data privacy legislation – without impacting the performance of its enterprise applications and systems.

 

Solution

Infoready (IBM® Business Partner) implemented IBM Guardium® Database Activity Monitor to prevent unauthorised data access, providing alerts regarding suspicious changes or leaks.

 

Database activity monitoring protects sensitive data

Wyndham Properties operates hotels and time share services across the world. Wyndham VRAP manages the Asia Pacific operations and many databases of customer, owner and property information across a range of systems with varying levels of access by 1,100 users at 22 sites around Australia, New Zealand, Fiji and Singapore.

This data has critical value to the operation of the business, while the organisation must meet a range of compliance regulations for the purpose of protecting the confidentiality, integrity and availability of information.

 

The need for compliance, consistency and proficiency

As a prominent world brand in hospitality, it is imperative that Wyndham maintains high standards of operational security. The organisation needed to safeguard its data usage and ensure compliance was managed vigilantly and consistently across different database platforms and systems.

“Compliance is an important issue,” said Clive Hawkins, Director of IT at Wyndham VRAP. “We needed to have a comprehensive data protection solution in place for PCI compliance; not only do we have a responsibility to our customers, there are strict requirements surrounding it that we must meet. We had another solution in place previously, but it was problematic as it didn’t do the job and was quite slow. It caused problems because IT jobs would time out.”

In addition to mitigating compliance gaps in the security and administration of applications, Wyndham needed a solution that monitored constantly, without major and costly modifications to its existing application and database portfolio.

 

A Unanimous Decision

Wyndham conducted thorough, independent research to find a solution that would meet its needs. “We came to the conclusion that IBM Guardium® Database Activity Monitor would be our best option – which was also the first choice of our US parent company,” said Hawkins.

Guardium was chosen because it would prevent unauthorised data access, providing alerts of changes or leaks. Its continuous monitoring and real time security policies function with no disruption to performance or enterprise applications. It also has the capacity to support Wyndham’s diverse data source types.

Wyndham selected IBM® Business Partner Infoready to deploy Guardium on its database servers. Over two weeks, information access and consumption patterns were profiled. Rules were subsequently applied to ensure that security policies delivering the necessary security enhancements would not negatively impact Wyndham’s critical day-to-day business operations and processes.

 

Business Benefits

  • Fast, seamless deployment
  • Zero security incidents since implementation
  • Compliance with the PCI Data Security Standard
  • Protection against database sabotage
  • Continuous monitoring of all databases without disruption of day-to-day operations and processes

 

Set and forget – uncompromised data protection

IBM Guardium® Database Activity Monitor is now a critical and seamless component of Wyndham’s business operations, adapting with business change and providing data insight and assurance.

Security managers are now able to monitor information consumption activity, tuning policy to suit business and application change. Guardium also allows them to run relevant audit and regulatory compliance reports.

“Guardium sits across the back office; meeting compliance and protecting us from anyone sabotaging a database. It’s been set up to monitor certain actions – if any sections of a database were deleted, we’d be alerted and know exactly who was responsible,” said Hawkins.

“In the two years since Guardium has been in place, we have had zero incidents. Of course, you would be highly disappointed and surprised if someone was accessing the data with malicious intentions – and thankfully we don’t – but, by monitoring all activity, we can identify and safeguard against the risk.”

 

“Guardium sits across the back office; meeting compliance and protecting us from anyone sabotaging a database. It’s been set up to monitor certain actions – if any sections of a database were deleted, we’d be alerted and know exactly who was responsible.”

Clive Hawkins, Director of IT, Wyndham Australia.

  DOWNLOAD A COPY