The explosion in enterprise data, innovative mobility solutions and the move to cloud-based technologies have made safeguarding sensitive material an increasingly difficult task. Long gone are the days of the traditional security perimeter, where firewalls and intrusion detection systems were the key consideration for chief information officers (CIOs). These changes have expanded the scope of insider threats and turned many IT executives to user behaviour intelligence solutions to deal with one of the most complex challenges of enterprise security.
The importance of giving employees wide-ranging access to confidential data, while also ensuring they do not misuse it, cannot be overstated at Williams Martini Racing, a leading Formula 1 team. “Formula 1 is a known quantity for us; we have a new car every year and the data after three to four years is not that valuable anymore, but at Williams we also have our advanced engineering company,” says the team’s CIO Graeme Hackland.
“The projects that we’re working on in advanced engineering and in electric vehicle technology, selling our expertise into some of the biggest OEMs [manufacturers], is where we’re at the cutting edge. It’s really valuable intellectual property from our perspective.”
But it’s also vital to ensure staff are not slowed down and are able to access the data they need, when they want it. “There are a number of people at Williams who have jobs that require them to copy and move around all types of data,” says Mr Hackland. “For example, members of our marketing team will be using videos and photos from every race they are able to, which becomes their normal behaviour. If they suddenly copied a whole load of aerodynamics data that would raise a red flag,” he says.
Soon after Mr Hackland joined Williams in 2014, the team partnered with user behaviour intelligence provider Dtex Systems to get a better grasp on intellectual property (IP) protection and immediately discovered two instances of data misuse, which they were able to address very quickly.
“After we sorted the initial issues out and fully deployed the tool across all Williams’ machines, we informed our staff at a town hall meeting about this new capability and why we needed it,” says Mr Hackland.
A total of 11 investigations have been completed around the misuse of data, with the information collected from these cases shared with every new Williams staff member to give them insight into the threats the team are facing and underline the importance of data protection.
“We spent a lot of time talking to staff and making sure they understand the implications if they breach policies, as we really don’t want our people to do something to contravene our policies and then run the risk of losing them,” he says.
Mr Hackland explains that most of the incidents discovered by user behaviour intelligence technology at Williams have been inadvertent. “There are times we have found people taking data outside their normal role, but they had a reason. They wanted to do something specific without understanding the risks they were putting themselves and the company at,” he says.
It’s not just their own proprietary data that Williams have to secure, as the business works with some of their customers’ IP and also jointly develops IP. “We have a number of different challenges compared to a regular F1 team that might just have this year’s and next year’s F1 car data to protect. Part of our company is also listed on the Frankfurt Stock Exchange, so we have some reporting responsibilities that most, if not all, the other F1 teams don’t have,” he says.
User behaviour intelligence technologies work best when human expertise plays a key part in discovering insider threats, according to Mr Hackland, with Williams having established a baseline of normal user behaviour so the technology isn’t returning false positives.
“We translated our policies to the user behaviour technology to categorise what is sensitive information for us and are only alerted when that is moved about. Context is added, asking questions such as ‘was that data confidential?’ This has all been fully defined,” he adds.
Company culture is an important concern when trying to combat insider threats. Williams is a family business, with founder Sir Frank Williams leading the team as principal and his daughter, Claire Williams, supporting as deputy team principal. When Mr Hackland looked at user behaviour and the potential internal user threat, he came from a position of “trust but verify”.
“It’s the Williams team and there is a culture you have to take into account. We wouldn’t be comfortable putting in intrusive technology that either stops people from doing their job or makes people feel like there’s someone constantly sitting monitoring what they do,” he says.
Williams is pushing forward with pioneering technologies, as many races often see winners and losers separated by split-seconds, and even a small competitive advantage can mean the difference between success and failure. From internet of things-enabled batteries that can transmit data about their level of charge and current state, to biometric data collected from the pit crew, all manner of artificial intelligence solutions are being applied at the 40-year-old team.
The Williams CIO is keen to ensure a balance is struck between security and allowing creativity in the team
Although these initiatives may bring benefits to Williams, they also create new avenues for insider threats. “We’ve going to have to protect all this new data and make sure it can’t be tampered with, especially as we’re looking at how machine-learning and automation can be used in race engineering. For example, could we automate some of the decision-making that happens at the track or call a pit stop without human intervention. This can only be done if we’re confident that the data is accurate and hasn’t been tampered with at all,” says Mr Hackland.
The F1 car has been a connected device since 1979 and the risks around insider threats are only set to grow as more advanced technologies are brought on to the racecourse, but the Williams CIO is keen to ensure a balance is struck between security and allowing creativity in the team.
“The idea of controlling everything a company does using IT is just not possible for CIOs anymore. I don’t want to be the bottleneck that’s holding up innovation in any part of my organisation. I’m here to help with the projects IT is best suited to, in everything from change management to risk analysis and reliability,” he concludes.