Other teams in Barclays are even using the security team’s test and development environment to see how their data could be used with Splunk and are now going off to build their own infrastructure around the solution.
Gailey is now involved in a project to tackle data tied up in privileged database logs, which holds information about payment systems and customer data, which he said once integrated will help Barclays to comply with strict regulations.
“The one big piece of data that we never managed to get was the database logs – the volumes are massive and the database guys were not our friends and didn’t want to do it. However, regulation and compliance has now put a lot of pressure on them and they’ve now come to us and said can you help us from a security standpoint,” he said.
“If someone is injecting data into this database or stealing it because they are going to work for another company the regulatory fines alone would run into the hundreds of millions. They weren’t doing it before, the volumes were just too big and they didn’t have the technology.”
He added: “By bringing the database logs in we are going to add at least 1TB a day to what we use already, probably 1.5TB, maybe even 2TB.”
Barclays has to operate in an incredibly complex international regulatory environment, and Gailey argues that Splunk is helping the bank to not miss out on revenues and lost opportunities by consistently complying with these requirements. He believes that this helped the bank immediately deliver a return on investment (ROI) for Splunk.
“We got hit our ROI targets immediately, and again it comes down to the regulation. Our regulators are very aggressive, so if they say we need to demonstrate or prove the effectiveness of a certain control, the only way we can do these things is with Splunk,” said Gailey.
“For example, we got through an audit by the monetary authority in Singapore – a very aggressive regulator. Without Splunk we wouldn’t have got through, and the consequence would have been almost unlimited fines. Or they could have thrown us out the entire market.”
He added: “The cost of not being able to do these things is almost incalculable.”
When asked whether Splunk is an expensive tool to use, Gailey simply responded that the bank “did a deal” based on the assumption that the data volumes used by Splunk will grow. Barclays has stuck to its word and now has 15 other business units looking to deploy the technology.
“In the next 18 months, in security, we will increase our licence to 4TB. Two of the other 15 business units looking to use the technology could easily be looking at up to 10TB each. The other twelve or thirteen could probably put together 8TB,” said Gailey.