Chubb is a multinational that has dominated the landscape of security in Australia for more than a century; its revenues for 2001 were $1.5 billion for the Asia/Pacific region. With a staff of 17,000 people in Australia the company covers just about every aspect of security work from domestic and commercial fire alarms, cash delivery and bank safes to ASIO-vetted, government high-security environments.
Over the last few years Chubb's Asia/Pacific region IT manager Peter Gasparovic, who is based in the Sydney suburb of Ashfield, has implemented a new strategic model for the IT department at Chubb, implementing a shared IT services model that spans across the company. Before his arrival, Chubb's individual business units generally took care of their own IT, a situation that had worked -- but was far from optimal.
"It was something that I had a mandate to do from the outset," says Gasparovic, who reports directly to Chubb's Asia/Pacific general manager and indirectly to Chubb's global CIO. Although a global company, regional operations within Chubb (such as Asia/Pacific) do their own IT shopping to achieve the best fit with local conditions. For its rostering solution in Australia this means rolling out PeopleSoft across the enterprise.
"I don't think anyone has a roster quite like ours," Gasparovic says, who adds he has to contend with a workforce that sees tens of thousands of highly mobile staff covering everything from trains, airports and banks to nurses visiting people in their homes. With a dynamic mixture of shift-workers and casuals, the system must also handle payroll, a challenge Gasparovic feels both he and the vendor are up to, noting that recent upgrades will probably iron out some of the legacy-related pain other large institutions have felt.
One thing Gasparovic refuses to talk about point blank are risks and threats his organisation faces from Chubb's more armoured activities such as cash transportation. Although it is no secret that vehicles are fitted with computers and a substantial amount of electronic security and tracking technology, all Gasparovic humorously says is that "if you sneeze the wrong way they lock down".
Chubb's electronic security systems are monitored from control centres alerting teams of watchers to activity. Gasparovic says analysis of the data generated by these is addressed "in house", but that it is largely a secondary concern: "If it goes off you want someone out there looking at it -- but we do look at it." While digital video cameras have created data storage, Gasparovic is more than happy to oblige: "You should have seen it when it was stored on tape.
"One of the challenges we've always had is, how do we positively identify staff. We'd have about 800 remote access users. There's always a great deal of scope for people to steal user passwords and enter systems remotely when their workmates aren't there to verify who they are. We picked up a product from RSA and we're in the process of implementing it for all remote access of our system, as well as in-house to protect our network infrastructure. You have a username; a token - a clock with some maths around it - and a PIN. The password is comprised of the pin and the token code, which changes every 60 seconds, so you need both at any point in time. It works across dial-in and VPNs. There's a server at the backend that runs the algorythim that's with the token and that's the only one in the world."
Gasparovic says that Chubb's strong brand position also sees them being asked to perform more IT and computer security-related tasks due to companies now performing security audits. As an incumbent security supplier, Chubb is frequently asked about IT security, but draws the line at penetration testing.
"What we are happy to do is probes, analysis and recommendations. We could look at getting [into IT and infosec], but there's a lot of systems integrators out there providing that service. You'd be getting into a market that's probably saturated. Our advantage is our brand -- but I don't know that Chubb is ready to go out and provide IT services".
Unlike a number of its peers, Chubb has stuck with the core business of security rather than target areas such as corrections.