Case Study: Mohegan Sun and the Future of Data Security - ' Next Page'

Mohegan Sun, built in 1996 by the Mohegan Tribe along the Thames River in southeastern Connecticut, is a relatively low-key place, at least compared to the gaudier excesses of Las Vegas. Done up in a semi-understated Native American-themed décor, the complex includes a hotel tower with more than 1,200 rooms and a plush spa, two huge gaming floors known as the Casino of the Earth and the Casino of the Sky, a martini bar under a planetarium ceiling, a Michael Jordan's Steak House and several other restaurants, a small mall's worth of shops, and a 10,000-seat sports-and-entertainment arena.

Garrow, waxing philosophical beneath the artificial night of the planetarium ceiling, says the cultural bias toward guarding information runs even deeper at Mohegan Sun than it might at some other casinos. A member of the Mohawk Tribe himself, he points to the long, troubled history between Native Americans and the U.S. government, and the distrust it has engendered. "The privacy of members is a concern, and there is a reluctance to share information," he says.

The practical impact of this wary culture is extensive. "We want our customers to feel protected, and that includes their confidential information," says Joe Lavin, a former Connecticut state trooper who is the Mohegan Tribe's executive director of public safety. For that reason, he says, customer information is only shared with external authorities under subpoena.

There is a lot to protect. Some regulars literally attach themselves to slot machines and gaming tables by hooking their Player's Club cards to their belt loops with plastic cords; when they insert the cards in an electronic card-reader, they sit physically tethered to the gambling equipment, binding themselves to the business and keeping them from straying to the nearby Foxwoods Resort Casino, the world's largest, or to Atlantic City or elsewhere.

Once registered with the Player's Club, players log in with their identity cards to amass points and charge services, all of which are tracked and recorded. Employees who come and go through the ­checkpoints protecting that data are monitored on a wall-size screen in the security operations center. Garrow knows that data theft is more likely to occur if a hard drive goes missing than from some exotic hacking scheme, and that employees are at least as much of a threat to information security as outsiders. Thus the daily search of his bag, and the checkout procedures, which require signed authorization from a supervisor in order for any employee to remove a laptop or other gear from the premises.

For high rollers, the stakes are even greater. Currently, detailed information on the preferences of top customers is kept in the personal notebooks of the casino's hosts and player development staff, who have one-on-one relationships with them. "How secure is that?" muses Garrow. "If an employee leaves for a competitor, will they take that information—and the customer—with them?" To forestall that kind of loss, Garrow's staff is now trying to capture as much customer information as possible in centralized databases.

Working with Garrow to address these issues is Dave Todd, the vice president of security and surveillance, a former Philadelphia cop who spent several years working for Donald Trump in Atlantic City. Todd says information security is in part "a byproduct" of physical measures. For example, the network of 3,000 digital cameras that constantly monitors the facility collects thousands of hours of recordings. Records are usually kept for seven days, with as much as 250 terabytes of video data on hand at any given time.

Story Guide:

Sidebar: Candid Cameras at Mohegan Sun

Next page: Ahead of the Game

Next: ' Next Page' >>

test

>>> More Case Studies Articles          >>> More By Edward Cone