As a wave of protests and demonstrations washed over Tunisia, Egypt, and Libya in early 2011, the Microsoft Global Security Operations Center (GSOC) activated its local and enterprise Incident Management Teams (IMTs) to ensure the safety of employees working in or traveling to the region. It was the kind of process the security group had undertaken many times before, whether in response to a hurricane in the Atlantic or a terrorist attack in India.
But this time the teams had a new tool at their disposal—IDV Solutions’ Visual Command Center (VCC) software which integrates data from external sources, enterprise systems, and internal devices like security cameras to create a real-time snapshot of risk in a geographic region. Implemented just weeks earlier, “our goal was to bring all of our data points into a common operating picture though simplification, visualization and standardization of global security data across the enterprise,” explains Michael Foynes, senior director of operations for Microsoft Global Security.
In the past, that process was largely manual. “It was typically a laborious process of combing through and analyzing vast amounts of available open source information by many GSOC team members,” says Foynes. “What was found after a timely search was then pieced together and individually added to a Bing map in order to create a common picture for the security organization.”
As an early adopter of the VCC, there were some challenges for Microsoft, like simplifying the number of data points entered into the VCC and ensuring that all products incorporated into the software were scalable and worked with off-the-shelf Microsoft technologies, says Foynes.
The resulting system enables the global security operations managers to combine real-time, global risk data with ground-level information specific to Microsoft’s people and assets via integration with Microsoft SharePoint and connections to Microsoft SQL Server and other data stores. The dashboard lets users zoom as far in as the detailed floor plans of a building to identify potential internal risks via on-site video cameras or other security systems. Feeds from live traffic cameras supplement the picture of ground conditions.
The data feeds together create a set of localized views of events and potential risks for the company’s people and properties, Foynes says. “When an event occurs such as a typhoon or earthquake, the GSOC team can quickly enable the appropriate data based on geographical coordinates, search for assets such as Microsoft offices and employees close to the event and take the appropriate measures including targeted and appropriate communications within a matter of minutes,” says Foynes.
Data Input for Daily Briefings During the Arab Spring
During the Arab Spring, local IMTs provided background information, daily situation briefings, and security advisories back to the GSOC and the two groups collaborated using the VCC along with Microsoft’s Lync communications platform to create a virtual war room. Users could interact with and analyze the data on a map and timeline, check the proximity of Microsoft offices to locations of demonstrations, and disseminate custom maps and situational updates as needed within the security team and to employees in the field.
The VCC is capable of monitoring up to 100 external potential sources of risk—from crime and disease to current events and hazardous materials. Foynes’ favorite feature is the alert functionality. If, say, an earthquake occurs, an alert appears on GSOC team members’ screens and links to the original report or source of the information, like a U.S. Geological Survey update. “This alert feature not only allows us visibility of a vetted source of information, but also allows a single team member the ability to monitor world events through the consolidation of a multitude of available feeds—versus employing several analysts in each GSOC shift to accomplish the same feat,” Foynes says.
Ultimately, Microsoft evacuated its employees in Libya to neighboring Tunisia and lost no employees to violence in the area. The global security group simultaneously used the VCC to locate and assist employees in Japan following the devastating March 2011 earthquake and tsunami.
“With the current risk environment we face, the VCC is able to scale to multiple events providing the platform we need to be able to manage events effectively and efficiently,” says Foynes.
Stephanie Overby is a Boston-based freelance writer. Follow her on Twitter: @stephanieoverby.