Cineplex Galaxy LP (CGLP), one of Canada’s largest movie chains, recently migrated to a Microsoft Corp. platform to help protect its IT systems.
With over 86 theatres across Canada, CGLP has many remote sites that may open doors to security threats, both internally and externally.
CGLP also has some unique security needs, largely due to its youthful work force.
“Our employee population tends to be quite young and interested in technology, so we have to pay more attention to locking down devices that they have access to,” says Jeff Kent, chief technology officer at CGLP. “We also have selling points, kiosks open to the public, and kids like to play around with them to see what they can do.”
Being able to control and lock down PCs and kiosks remotely is a major issue. “We have a fair bit of turnover, the theatres are far away from head office, and we don’t have the luxury of being able to visit them that often. So our staff feel like they’re out there and no one’s really watching them,” says Kent.
Getting e-mail securely to mobile managerial staff visiting theatres also posed some challenges. “Each theatre has only one e-mail account so we can ensure that it gets the right information. There are lots of people who read that account at each theatre, but it is only one account,” says Kent. The information relayed from head office includes instructions, procedures, new programs and financial reports. Mobile theatre auditors and training staff need access to the e-mail accounts, in addition to the district supervisors who oversee operations at blocks of theatres.
CGLP chose Microsoft’s Internet Security and Acceleration (ISA) Server 2004, an application-layer firewall, VPN and Web cache combo, to handle messaging security. “The ISA Server 2004 is designed as an application layer filtering firewall,” says Derick Wong, senior security product manager at Microsoft Canada. “So it can take an incoming message from the Internet, and even if it’s encrypted, the firewall decrypts the message and analyzes it for malware before it sends it through.”
CGLP also chose the Microsoft Operations Manager (MOM) 2005, an integrated systems management program for servers, desktops and networks, to handle network operations and security.
“MOM 2005 is able to ‘understand’ the health of your IT systems, and how the administrator can proactively keep systems up and running,” says Wong. “It also has self-healing mechanisms. If a Web server is down, MOM can instantly detect it and restart that service automatically, without user intervention. It can run scripts, so it can do many procedures, from restarting the machine to loading a new patch, depending on how the user designates the criticality of that incident.”
As part of its migration, CGLP also implemented Microsoft’s Systems Management Server (SMS) to get around some roadblocks thrown up by security. “We lock down the desktops because of the type of users we have, but that’s a double-edged sword,” explains Kent. “It became difficult to upgrade software, because you need administrative rights to load anything onto a computer that’s locked down, so head office intervention was necessary. With SMS, we can push those upgrades to the theatres and keep the desktops locked down but also do installs seamlessly.”