With more than 900 staff, and a production cycle that sees plays staged across three theatres, the National Theatre has a demanding audience to please. But while the quality of its productions is the key to attracting customers, National Theatre bosses are aware that with £18m coming in through online ticket sales each year, processing those transactions securely is vital to maintaining its reputation.
To comply with the payment card industry data security standards (PCI DSS), the National Theatre recently decided to deploy Qualys' on-demand security suite, QualysGuard. Previously, the National Theatre had tried to achieve compliance by employing external penetration (pen) testers and auditing companies.
"When you examine the amount of man hours QualysGuard saves us in our own manual scans and the cost of hiring external third parties, the return on investment is clear," says Richard Bevan, the National Theatre’s IT security manager. The National Theatre has about 60 servers, 1,000 networked workstations, its own datacentre and disaster recovery site, and hosts and manages its own web site. The use of on-demand security systems has made it easier to secure the infrastructure when changes are made. "[QualysGuard PCI] is also used to check the security of its web applications, along with testing third-party code. For our own peace of mind, we also use web application firewalls. From my point of view, the fact that Qualys is always updating the functionality of the system is another significant plus point, so you’re always getting new features," adds Bevan.