Every afternoon as he leaves the executive offices at the sprawling Mohegan Sun
Casino and Hotel complex in Uncasville, Conn.,
chief information officer Dan Garrow hands his briefcase over to
a security guard for inspection. Nobody thinks twice about it—neither the uniformed hourly worker who diligently searches the case, nor the high-powered senior executive in his dark suit. “People are used to that kind thing here,” says Garrow. “It’s not a place where we get pushback on new security and privacy measures.”
Mohegan Sun is a place where, after all, even a small transaction—say, a dealer changing a $20 bill for chips at a blackjack table—must be monitored by a supervisor, who is watched by managers, all beneath the constant gaze of a network of digital cameras concealed throughout the enormous facility. The culture of surveillance and accountability is innate here at the world’s second-largest casino, owned by the Mohegan Tribal Gaming Authority, with $1.4 billion in annual revenues. And it’s as ubiquitous as the noise of the slot machines on the gaming floor.
But unlike most companies that treat physical security and information security as two distinct operations, Mohegan Sun recognizes the two as one and the same. “Data security and customer privacy are layers of the overall security operation,” says Garrow. The partnership between his shop and the traditional security apparatus feels natural, he says. “We work hand in hand with the security guys. There is a lot of cooperation between the departments and department heads.”
The casino operation at the heart of Mohegan Sun collects an enormous amount of data from its customers, some 3 million of whom have volunteered their identifying information—names, addresses, e-mails and such—in order to join its affinity-and-rewards program. About three-quarters of Mohegan Sun’s gaming business comes from “carded play,” that is, people using Player’s Club cards to track their credits and debits.
But collecting data on customers’ gambling habits is a delicate issue, particularly in a business where expectations of privacy are so strong that Las Vegas could turn “What happens here, stays here,” into a marketing slogan. That’s why Mohegan Sun’s customer data, along with a growing number of detailed profiles on high rollers and the Social Security numbers and tax forms required by law to be filed for big winners, is kept in a nearby data center that is protected like money in a bank: behind three checkpoints, each requiring a card-key for entry, behind steel doors with magnetic locks.
Though the organic relationship between physical and data security is critical to the casino’s operations, Garrow is increasingly focused on technologies and processes that can safeguard information from purely technological threats. But Mohegan Sun, which has an IT budget of about $14 million per year (excluding the surveillance network and related costs) operates in a relatively small industry, in which equipment is often not up to date. Some routine processes are still done manually, and some key systems were last updated during the Reagan administration. It’s a challenge familiar to many niche businesses, where a limited IT vendor pool can slow the pace of modernization.
Story Guide: