Protecting Sensitive Data on Laptops

Background

William Hill Organisation Plc. is a leading provider of fixed-odds bookmaking services. It offers odds and takes bets on a wide range of sporting and other events, and offers additional gaming activities, in more than 2,000 betting offices throughout the United Kingdom and online (www.willhill.com). Based in Leeds, England, William Hill has more than 14,000 employees and processes over one million bets per day in its shops, on the phone, and over the Internet. Founded in 1934, William Hill is a market leader in all major UK betting channels and has established an international presence through its online businesses.

The Challenge

Because William Hill handles client funds, it must protect the integrity and confidentiality of sensitive financial and client information, both in transit and at rest. “We want to protect our customer data as much as possible,” says Nick Copley, information systems security manager. A strategic, policy-based approach. Copley and William Hill value a strategic approach to enterprise data protection. “We’ve formalized our approach to security. Rather than looking at ad hoc technologies and ad hoc approach to controls in different environments, we assess where the risk is in our environment, then apply cost-effective risk-based controls.”

To define and implement policies that mitigate risks, Copley weighs ideal best practices against what is achievable, and deploys solutions that represent steps toward best-practice enterprise data protection.

The Solution

As part of its enterprise data protection strategy, William Hill uses the PGP® Whole DiskEncryption solution to protect sensitive data on laptops. The user-transparent solution is a component of the PGP® Encryption Platform, positioning William Hill to extend the benefits of policy-based encryption throughout its organization, with a lower total cost of ownership than multiple point products.

Regulatory compliance. As a Tier-1 PCI company, William Hill is committed to compliance with Payment Card Industry Data Security Standard (PCI DSS), and it is subject to the UK Gambling Commission Remote Gambling and Software Technical Standards (RTS). Its enterprise data protection strategy should advance its compliance posture. Protect its brand. William Hill maintains that the greatest damage that a data breach could cause would not be fines imposed by the PCI. “Ultimately it could be extremely damaging from a brand and consumer confidence perspective,” says Copley.