CASE STUDY: CIÉ
CIÉ (Córas Iompair Éireann), the state-owned public transport authority, is organised into a holding company and four subsidiary operating companies. CIÉ provides strategic direction, control and overall co-ordination while each subsidiary and business unit has a high degree of operating autonomy. The centralised holding company provides IT and telecom services and other key central management functions to the entire group.
Earlier this decade, there were concerns within CIÉ about the volume of inappropriate content on its network from several perspectives: legal and regulatory, corporate governance, protection of staff and reputational.
Security falls within the remit of the IT group, which is responsible for managing CIÉ’s entire network infrastructure, which totals more than 100 locations throughout the country. Its goal is to measurably improve network security mechanisms while minimising CIÉ’s reputational risk through controlled management of inappropriate and illicit images throughout its network. “Many staff can find inappropriate images very offensive, and CIÉ puts a strong emphasis on both preventing this material from entering the organisation, and also on preventing it from being held and potentially circulated within the company,” explains Tim Wilson, information security manager with CIÉ.
Given the scope of its network infrastructure, CIÉ approached Dublin-based PixAlert with an objective of implementing image monitoring software capable of running across multiple sites. The goal was to help the organisation focus and measurably achieve security and corporate policy structures through improving corporate governance by reinforcing compliance to existing policy. CIÉ piloted PixAlert’s Image Auditor product and after a trial phase deployed the system to review all internal desktops and shares throughout the organisation operating as an on-site review service. PixAlert Auditor is a centrally managed client server software system which provides auditing, analysis and reporting of illicit content displayed on corporate systems.
Initially, PixAlert resources were used to directly classify, review and interpret image content results on site. When images on a network user’s PC exceeded set sensitivity levels, comprehensive details (including machine name, username, date/time and program) along with an encrypted thumbnail copy of the inappropriate image and content material, were recorded. This information was provided to authorised CIÉ staff, who reviewed the log, captured image and associated data and took appropriate action.
In 2006, CIÉ extended the scope of its network protection to include mailbox monitoring. After PixAlert launched its ImageGuard MailAppliance product, CIÉ became one of the first companies to implement it as a way to scan and block emails containing illicit and inappropriate image content. ImageGuard MailAppliance is a hardware device which audits inbound, outbound and internal emails by blocking blacklisted material and by flagging suspect material for review and categorisation.
When necessary, CIÉ has used the data gleaned from Image Monitor to pursue individual cases where further action was required. In parallel, ImageGuard Mail Appliance has been used in conjunction with web browsing controls to minimise the volume of inappropriate materials entering and being stored on IT assets.
In 2008, CIÉ moved from on-site review to PixAlert’s Remote Review Service which is a cloud service that performs image review, ranking and a detailed classification analysis of images, delivering a near-zero false positive rate. Any encrypted images found on CIÉ’s system are now reviewed and managed remotely by PixAlert staff.
The PixAlert detection technologies work seamlessly across all of CIÉs network with rapid scanning capabilities, allowing the organisation’s IT team to centrally and securely manage, control and block inappropriate image distribution through any network resource within the organisation.
Since installing the image detection technologies, CIÉ has demonstrably reduced the volume of inappropriate image material detected on its multi-site network while reinforcing corporate governance. The PixAlert software has been easy to integrate and unobtrusive to applications while providing effective security mechanisms with comprehensive reporting structures.
Ger Curtin, CEO of PixAlert, believes CIÉ deserves praise for having taken this issue seriously. “Many companies don’t do anything about this, even though it’s clear that it is happening,” he said. “Any organisation that takes this on shows a level of care and social responsibility in protecting their brand and their staff. We believe that all companies that respect their brand, their name and their staff should be using this product to protect from inappropriate image use.”
Wilson adds that CIÉ has a cost-effective solution to its requirements. “CIÉ is happy to recommend PixAlert to other companies, as all must be facing the same issues to a greater or lesser degree,” he says.