Case study Carnival Cruise Lines Managed Security Monitoring

ClientCarnival Cruise Lines is perhaps the best-known cruise line in North America and the most profitable in the world. Carnival operates 22 ships from 19 North American homeports and is expected to carry a record 3.9 million passengers during 2010.

ChallengeAs one of the world’s leading leisure and holiday companies, Carnival has a number of important security challenges that have to be met as part of the day-to-day operation of its business. These challenges fall broadly into two parts:

• The customer information held by the company is one of its most important assets and a source of key competitive advantage. This information has to be protected at all times and in all locations, including on board the company’s cruise ships. This is necessary both as a legal and regulatory obligation, and to guard against any malicious threats that may lead to data theft.

• To comply with the requirements of the Payment Card Industry Data Security Standard (PCI-DSS), the company requires that communications links to and from its fleet of ships be monitored to protect the confidentiality and integrity of customer payment card data. This data is transmitted between the ship and the acquiring bank via a satellite link.

SolutionManaged security monitoring services from BT Counterpane have enabled Carnival to successfully meet its security challenges. The following solutions have been implemented:

Managed security monitoring to protect customer information BT’s managed security monitoring service has been deployed to monitor and protect the customer’s network, 24*7*365. Audit and log information is collected in real time from firewall and Intrusion Prevention System (IPS) devices across the company’s enterprise.

This information is then filtered and correlated using proprietary BT technology and the expertise of BT security specialists in its Security Operations Centres. When necessary the customer is alerted to any suspicious or hostile activity, so that countermeasures can be taken before any damage is caused.

PCI compliance for card and token transactionsIntrusion Prevention Systems have been deployed to monitor and block suspicious activity at any stage of the transaction process, both on board the ship and to the acquiring bank. The BT managed security monitoring service collects data from devices on a continuous basis, allowing BT security specialists to alert the customer if suspicious activity is detected.

ValueThe BT solution provides Carnival with visibility and awareness of network security status. Real time monitoring and 24*7 alerting systems provide the assurance that vital customer and corporate information is being protected at all times. Meanwhile, rigorous security protection, detection, and response procedures contribute significantly to demonstrating compliance with PCI and other regulatory mandates.

Carlos Beceiro, Manager Information Systems Security at Carnival Cruise Lines, reports: “BT was key in helping Carnival meet compliance requirements by providing a solution that monitors IDS traffic on the ships in real-time, utilising minimal costly satellite bandwidth.”

Ray Stanton, Global Head of the BT Business Continuity, Security, and Governance Practice at BT Global Services, concludes: “I am delighted that BT has been able to provide Carnival Cruise Lines with a vital security service that has helped it to thrive as one of BT’s most valued customers. This important project highlights again how security is very much about continuous vigilance and about being acutely aware of the status of your security posture at all times.”

Cruise line protects its critical customer and corporate information assets with BT Counterpane security services

“BT was key in helping Carnival meet compliance requirements by providing a solution that monitors IDS traffic on the ships in real-time utilising minimal costly satellite bandwidth.”Carlos BeceiroManager Information Systems Security Carnival Cruise Lines

Offices worldwideThe services described in this publication are subject to availability and may be modified from time to time. Services and equipment are provided subject to British Telecommunications plc’s respective standard conditions of contract. Nothing in this publication forms any part of any contract.

© British Telecommunications plc 2010.Registered office: 81 Newgate Street, London EC1A 7AJRegistered in England No: 1800000