Open Security System, Closed Environment
An open, enterprise-wide security system has reduced the need for security personnel and improved effectiveness at eBay, Inc. Your company can also employ the strategies implemented at eBay and improve your company's bottom line.
eBay went public in September of 1998, and since that time has registered more than 5.6 million users. The company's online trading service is available to its users 24 hours a day, seven days a week. Making sure the system runs smoothly at all times is the top priority at eBay. A 22-hour outage in June of 1999 cost the company $3.9 million in revenue, as eBay issued refunds and extensions to customers. As a result, eBay's stock took a momentary downturn.
With so much riding on a secure company infrastructure, it's no wonder that eBay has always emphasized the importance of security. "I don't want to sound like our campus is Fort Knox, but eBay is a deceptively closed environment," says George Booth, security director at eBay. "eBay is in the news every day. We are a high-profile company. As a result, security has always been a concern."
Like most successful start-ups, eBay is constantly looking for and hiring new personnel. The company currently has 350 employees, but that number is ever increasing. Also, eBay is headquartered in San Jose, CA - ground zero for many Internet-based companies. Not only are new employees coming on board at a robust pace, current employees may also be lured away by other companies or business opportunities.
"We are hiring personnel at such a fast pace. There are plenty of new faces here. You often look at people and don't instinctively know their names or positions. This is the main issue driving security," relays Booth. "We have never had any protests or public demonstrations at eBay. We have tight security because it just makes good business sense. We want our employees to work in a safe, undisturbed environment. We don't want people coming in off the street and walking in the front door."
In addition to employee security, eBay has to secure its locations (domestic and international) outside of corporate headquarters in San Jose. For its enterprise security system, eBay chose software developed by Lenel Systems (Pittsford, NY). "We must have a security system that is easily networked and not proprietary. This allows us to integrate our network security with our internal company network. In doing this, we have the full cooperation of the IT (information technology) staff, and they directly support our efforts," explains Booth.
Badges Track Employee Movement
The employees at eBay can move throughout the campus - to a certain extent. All employees at the company, regardless of position, must wear an identification badge that contains their name and photo. The badge is also manufactured with an RFID (radio frequency identification) tag and a magnetic stripe. The magnetic stripe is currently not activated by eBay, but it may be used in the future to allow employees to purchase vending machine items. The RFID tag, however, is an essential part of eBay's security system.
Every internal and external door at eBay is fixed with RFID proximity readers on both sides of the door ("in" readers and "out" readers). "The problem with many companies is they only use "in" readers. If you run a report, you can find out the times particular employees arrived, but not when they left," states Booth. "If you are trying to reconstruct the events surrounding an incident, you only have half the story."
The use of "out" readers at eBay also has an important psychological effect on employees. It is a subtle reminder that security is present at all times. For example, if an employee is thinking about stealing a laptop computer, the "out" reader on the door will make that employee think again. "Companies that use ‘out' readers have significantly fewer problems with internal theft," says Booth. "We have never had a problem with internal theft. But, for that matter, we have been using ‘out' readers since the beginning."
eBay also transparently segregates the employees at the company, based on job function. For example, a person from the customer service department could not simply walk into the legal department. Access to eBay's network infrastructure is very limited. Says Booth, "We zealously protect infrastructure. Access to the server room, network hub, and telephone room, for instance, is tightly controlled. The number of employees who have access to the infrastructure is very, very limited."
Reduce Costs And Increase Security
According to Booth, most companies employ a security system based on active observation and passive patrol. It is not atypical, for example, for security personnel to actively watch closed-circuit monitors displaying different areas of a company in real time. When a situation arises, security personnel are dispatched to investigate. "Active observation means that you are paying someone to watch television monitors. I would wager that only 15 to 20 minutes per year is actually spent on reacting to security problems displayed on the monitors. The cost/benefit ratio is as bad as you can get," states Booth.
At eBay, Booth uses a system of active patrol and passive observation. Security personnel wear black, three-button shirts with "eBay Security" emblazoned on the pocket. Instead of monitoring closed-circuit television, security employees mingle with other employees in offices. Security personnel also patrol the eBay campus on bicycles. eBay uses security cameras, but the information is collected and recorded. If a situation arises, the tape is then reviewed. "The active patrol really follows the model that the law enforcement community uses. In law enforcement, this means getting the cops out of the cars," says Booth. "Typically, companies try to hide guards. We don't do that. We have better-trained, better-paid security personnel. They are just a part of the corporate fabric at eBay."
Booth says that eBay's approach is not only more effective, it is also less expensive. The company's smaller, better-trained, better-paid security workforce offers eBay significant savings. Booth estimates that eBay's security costs are 35% to 40% less than conventional security configurations. "Security operations are always outside of a company's core business, and they drain the bottom line. We are constantly in a position of having to deliver more security for less money," states Booth. "The only way we can do this is by integrating new security technologies."
Enterprise System Offers Better Security
While Booth is not comfortable with announcing the total number of security personnel within his company, he says that many similar companies have security forces that dwarf eBay's. In order to save money, he believes that most companies will evolve to use the system that is currently in place at eBay. This is the type of solution that becomes even more effective when a company considers the global implications.
Implementing an open, enterprise-wide security solution allows eBay to run its entire security operation from one location. European offices can use their own servers. This allows European offices to accommodate any changes in the employee badge, for example. It also allows each office to monitor its site independently, but it is still connected to corporate headquarters. "We can give remote offices a degree of autonomy, but we watch what they are doing," explains Booth. "This system also eliminates a single point of failure because all the security applications are network-based. If our network went down at headquarters, the employees in Europe would be blissfully unaware."
High-profile companies, like eBay, require more security than obscure parts manufacturers would. Recently, an eBay user tried to sell a kidney online. The company stopped the process as soon as it was discovered. However, the stunt gained national attention. It's because of this type of attention that eBay takes its security so seriously. There has never been a challenge to the security system at eBay. Adds Booth, "We have never had any problems at eBay. Then again, we have treated security as a priority since the beginning."
Questions about this article? E-mail the author at edh@corrypub.com.