"Let me make it clear, our intention was not to monitor employees," Moti Vyas said.
Vyas is CIO at the Viejas Casino, a sprawling entertainment and outlet center in Alpine, Calif. Like many CIOs, Vyas had to go searching for the reason his Internet connection was sluggish -- and he wound up digging up a slew of problems he hadn't anticipated.
"You can't do chat rooms all day from your desk," Vyas said, but periodic checks of personal e-mail accounts was OK, and so was a little lunch hour shopping on the Web.
But that sort of use wouldn't explain the bottleneck and bandwidth use that Vyas was trying to trace.
Access to the Internet was provided by three T-1 lines -- sufficient bandwidth, Vyas thought, for 2,000 employees in three shifts. To diagnose the problem, the network staff installed Websense, a tool that monitors Internet traffic. Then Vyas couldn't ignore the problem.
"When we did the analysis, we found a lot of streaming content and some of it was highly inappropriate," said Vyas, who declined to specify what he found. "We had to take action."
Vyas was disappointed because Viejas Casino was up front about its Internet rules. When employees logged on to their computers, Vyas said, they were prompted to read and agree to the Internet policy before proceeding.
Jonathan Penn, a research analyst at Stamford, Conn.-based Gartner Inc., said the casino discovery -- and the firings that followed -- highlight the need for CIOs to back up policies regarding data, downloads and employee Internet use.
Of course, the downloading of inappropriate material is something many organizations have already had to deal with. The newest employee security challenges have moved away from e-mail and inappropriate Web activity to the inappropriate leaking of sensitive business information.
"I've been seeing more and more concerns about the corporation's information security and the handling of personal client data, trade secrets and unreleased company statements," Penn said.
The concern has spawned more sophisticated tools from companies -- Vericept Corp. and Vidius, for example -- that capture data by looking for phrases or terms that appeared in a file rather than the whole file, he said.
"The bandwidth is the canary in the cage," said Nate Root, a senior analyst at Forrester Research Inc. in Cambridge, Mass. "There is something moving around in the network. Once you find out what it is, paying for extra bandwidth is not the pain point. It is the risk of legal action."
Casinos operate in a highly regulated environment. The Viejas Casino senior-level management, with advice from its legal team and human resources department, decided it could not risk the liability. Armed with its clearly stated policy, the casino fired the offenders, about 10 people in all from across the company.
The company made another reduction also -- the sort Vyas was hoping for. So much bandwidth was being used by the illicit downloads, Vyas said, that rather than add bandwidth -- his first instinct -- the casino was able to go from three to two T1 lines. "The real requirement was much less than what we had gauged. We ended up saving money."
Let us know what you think about the story; email: Linda Tucci, Senior News Writer