Disney is a technology company.
That’s not a fact I often think about, but I was reminded of it today by a fantastic Wired feature tracing the development of Disney’s online MyMagic+ platform and the associated radio frequency enabled bracelet: the MagicBand. The platform/bracelet combo allows families to plan their ideal Disney World visits with no friction, and allows Disney to meticulously track visitor experiences. Kids scan the bracelet for every ride they go on. Parents tap the bracelet to charge food and souvenirs to their resort hotel room. The device isn’t GPS enabled, but short and long range scanners positioned throughout Disney World allow the bracelet’s location to be tracked with fair precision.
The monumental Target data-breach of late 2013 brought data theft into the public eye like never before, and kicked off an unending stream of widely reported data thefts from major corporations like Home Depot, Michaels, and Neiman Marcus. These companies suffered serious reputation damage due to ineffective data security practices, but a similar breach would be ten times worse for Disney. If you think people don’t like having their own private data stolen, try telling them you let their kid’s info out of the bag.
When the news of the Target data breach came out, ExtraHop’s John Smith wrote an excellent post on how wire data analysis could have caught the problem much sooner and prevented major data loss. The same principles apply to Disney, except that Disney has a much more storied and valuable brand to protect.
Disney already has a reputation for being an extremely private company that rarely lifts the curtain to show the “mess behind the magic.” You can bet they’re taking precautions not to have their name in the news for a data breach. As they continue to sell more MagicBands, protecting their data hoard will present an increasing challenge.
This is where ExtraHop wire data analytics enters the picture. Disney’s MyMagic+ platform is handling a massive number of transactions at any given time. Monitoring this platform to ensure no private information is exfiltrated is a major challenge. A typical intrusion detection/prevention system (IDS/IPS) running algorithms to detect anomalous data movement is going to flag hundreds or thousands of packets as potential threats per day. This can quickly lead to an overwhelming backlog of possible threats that need to be manually examined. Alternately, it can cause dips in application performance as the IDS/IPS rejects more and more potentially shady packets and even bounces legitimate traffic. Disney needs data security, but it cannot come at the cost of app performance. Disruption of the seamless Disney World experience due to network slowdown would be a cardinal sin.
ExtraHop’s wire data analytics platform is the perfect solution, maybe the only solution, to Disney’s need for complete network monitoring without compromising performance. Two salient features of ExtraHop that would come in extra useful for Disney are:
- Application Inspection Triggers that provide extremely customizable performance metrics without having to configure new agents.
- Real time auditing and anomaly detection so you find out about unauthorized data access before major damage is done.
These features will soon be absolute necessities for companies like Disney for whom data security and application performance are tightly linked to reputation management and the bottom line.