World Cup IT Security Follows Swiss Rules

Mahindra Satyam, the soccer tournament's official IT services provider, is responsible for safeguarding 160,000 users, the distribution of 3 million tickets, and 40 terabytes of data.

Mathew Schwartz

June 11, 2010

3 Min Read
NetworkComputing logo in a gray background | NetworkComputing

ImageGallery: 10 FIFA World Cup Mobile Apps

(clickfor larger image and for full photo gallery)

For the next month the world's eyes will be on the soccer tournament kicked that off Friday with a match between Mexico and host country South Africa. (They tied.) But the information security deployed -- largely behind the scenes -- has been a work in progress for years, starting with a Web-based event management system built over the past three years, using agile development methodologies, and tested at 13 previous International Federation Of Association Football (FIFA) events.

"There's a huge underground presence wanting to see if they can access our machines, and there's constant probing into our machines from the corners for the world," said Dilbagh Gill, the head of the sports division at IT and business consultancy Mahindra Satyam, the official IT services provider for the 2010 FIFA World Cup. "To date, while we've had threats to things, we've had no compromise of information."

That's no small feat, given that Mahindra Satyam must provide secure access and authentication for 160,000 users -- including 130,000 volunteers -- to the event management system it developed, as well as 40 terabytes of data. While that's not on the same scale as the petabytes of data that FIFA expects to stream over the next month to billions of website visitors, the difference is that if you hack FIFA's network, you might score some free tickets.

Indeed, all match tickets are being distributed by 240 ticket-printing devices, similar to ATMs, located "at all the major airports, shopping malls, and a couple of banks," said Gill. The devices are where information security -- preventing criminals or football fanatics from hacking FIFA's system to fake credentials or on-demand tickets -- meets physical security. "You need tickets to get near the playing fields," he said. "There are two zones of security, an outer perimeter and inner perimeter, so ticket collecting happens outside the perimeter."

Attendee-focused security, however, began before most attendees even set foot in South Africa. "A lot of our information at the earlier stages needs to be shared with government agencies. For example, if you're accredited for a sporting event, many times it means you can enter a country without a visa. And the internal security of a country are typically interested in who's entering, to do background checks," said Gill.

But if there's one constant with governments and security, he said, "typically, the government gets involved at the last minute and wants information back right away," after which it will signal who's been approved or not. All of this information is exchanged using XML or other schema; Gill declined to offer specifics, only noting that when it came to the data interchange, of course "we have to do that securely."

That also goes for storing personal information. With all of the information that FIFA collects from attendees, who hail from 208 different countries, Mahindra Satyam must ensure it complies with regulations surrounding the collection and retention of personal information. But since complying with all 208 countries' regulations -- some of which differ further by state -- would be a nightmare scenario, the company's auditors opted to comply with the data security laws of a single country. South Africa? No, Switzerland.

See them play Spain on Wednesday.

Read more about:

2010

About the Author

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights