Actors on stage
National Theatre has made PCI compliance less onerous. Pic credit: Simon Annand

National Theatre strengthens its payment security

Theatre company deploys on-demand security system to meet payment card compliance rules

Written by Dave Bailey

Computing, 21 Jul 2009

With more than 900 staff, and a production cycle that sees plays staged across three theatres, along with outdoor events, exhibitions and backstage tours, the National Theatre has a demanding audience to please.

But while the quality of its productions is the key to attracting customers, National Theatre bosses are aware that with £18m coming in through online ticket sales each year, processing those transactions securely is vital to maintaining its reputation.

To comply with the payment card industry data security standards (PCI DSS), the National Theatre recently decided to deploy Qualys’ on-demand security suite, QualysGuard.

Previously, the National Theatre had tried to achieve compliance by employing external penetration (pen) testers and auditing companies.

"These firms did quarterly PCI scans, and also yearly pen tests, some internal Wi-Fi scans throughout the building, and also externally around our perimeter," says Richard Bevan, the National Theatre's IT security manager.

“When you examine the amount of man hours QualysGuard saves us in our own manual scans and the cost of hiring external third parties, the return on investment is clear,” he adds.

The National Theatre has about 60 servers, 1,000 networked workstations, its own datacentre and disaster recovery site, and hosts and manages its own web site.

The use of on-demand security systems has made it easier to secure the infrastructure when changes are made. "We tend to do a lot of those," says Bevan.

The system is also used to check the security of its web applications, along with testing third-party code. "For our own peace of mind, we also use web application firewalls," says Bevan.

The National Theatre's IT security team still uses penetration testers to audit the Qualys system and also to check parts of its Wi-Fi network, which is currently used for controlling lighting and sound systems.

"From my point of view, the fact that Qualys is always updating the functionality of the system is another significant plus point, so you're always getting new features," adds Bevan.

And increasingly, the Qualys system is being used to ensure its use of virtualisation technology does not introduce any weak points.

  • Have your say
  • Send to a friend
  • Print this
  • Share

reader comments

related articles

Cloud computingSecurity

Cloud security and the changing role of IT

Experts debate the steps needed to secure the cloud, and how they will lead to a change in the IT administrator's role 29 Jun 2009

 
Communications

Royal College of Music trumpets wireless deployment

RCM mixes 802.11g and 802.11n access points in meshed wireless LAN rollout 06 Apr 2009

Communications

PCI Council gives helping hand to merchants

Prioritized Approach framework to help attain PCI DSS compliance 04 Mar 2009

Security

PCI DSS version 1.2 tackles wireless security

Latest iteration of data security standard released 01 Oct 2008

Management

Analysis: Experts discuss security in a recession

Benchmarking study highlights where firms are failing 27 Feb 2009

Qualys offers compliance as a service

QualysGuard Policy Compliance delivers vulnerability scanning tools over the internet 21 Apr 2008

Communications

Top 10 worst mobile technologies

Horrible handsets and shoddy services 27 Feb 2010

Security

Patch Tuesday puts serious pressure on admins

Security experts warn that firms need to think carefully about what order they patch in 11 Aug 2010

Communications

Watchdog TV show slams hotspot security

Programme points the finger at BT, The Cloud and T-Mobile 30 Oct 2009

related white papers

today's top stories

Hardware

ARM-based servers to carve out a datacentre niche

ARM architecture is ideal for power efficiency, but faces the market dominance of x86 servers 03 Sep 2010

Communications

Openreach wants comms providers to nominate exchanges for upgrade

It's a broadband beauty contest, says analyst. 03 Sep 2010

Hardware

Amazon Kindle 3 e-book reader review

Amazon trims the size and price of its newest Kindle, and adds a bargain Wi-Fi-only model 02 Sep 2010

Management

RBS to cut 1,000 IT roles

Royal Bank of Scotland has announced it will cut 3,500 jobs, 1,000 of which are in IT support 02 Sep 2010

Hardware

Apple overhauls iPod Shuffle, Nano and Touch

New models come with iTunes update and social networking tool 02 Sep 2010

> More news

Most read stories

> More

Advertisement

Subscribe

Best practices to secure and protect backup data
Exploding the myths about data security and backup encryption

Using data integration to drive down costs and increase profits
This paper outlines why data integration is an important weapon in an enterprise’s competitive arsenal

Advertisement

Citrix

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you thousands of white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

More available - click 'submit' to view

Existing User

Newsletter user login:

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

Latest poll

The Chinese Market

The Chinese Market

Is your company considering expansion into the Chinese market?

View poll results

> More polls

Latest audio and video articles

A microphoneAudio

Computing Podcast: Tech Talk episode 5

Join Tech Talk for an overview of the week's top IT stories, and a debate on IT self-service. Will it provide value? 27 Aug 2010

A microphoneAudio

Computing podcast: Tech Talk episode 4

Join Tech Talk for an overview of the week's top IT stories, and a debate on IT skills. Is the UK slipping behind? 20 Aug 2010

> More audio and video

Latest in-depth articles

DatacentreAnalysis

ARM-based servers to carve out a datacentre niche

ARM architecture is ideal for power efficiency, but faces the market dominance of x86 servers 03 Sep 2010

picture of a TV studioAnalysis

Salford's MediaCity pushes technology boundaries

In preparation for 3D, ultra HD and a tapeless workflow 02 Sep 2010

> More in depth articles

Primary Navigation