Enterprising Developments

How Openness Can Drive IT Security

Joe McKendrick
Insurance Experts' Forum, May 10, 2012

Data and IT security is a constant worry for carriers, especially as more and more data comes online. The natural, and understandable, reaction is to build strong, multi-layered defenses, to wall up as much as possible to keep the bad guys—on the inside as well as outside—at bay.

There's nothing wrong with vigilance, but at least one financial services security leader also advises against taking a bunker mentality. Instead of building massive walls, perhaps more IT leaders should strive to move in the other direction, toward more openness and collaboration in IT security efforts, says John Meakin, global head of security solutions and architecture at Deutsche Bank, in a new post at Forbes.

Meakin makes the following recommendations:

Work closely with the business: All too often, I have seen examples of where business leaders brush off data security to the IT department—“It's your problem, handle it” is often accompanied by “but don’t expect additional budget.” Meakin points out that “information security is no longer an IT support issue; it’s a strategic business responsibility.” That’s why “it’s critical to me to develop strong working relationships with business leaders in other functions—operations, R&D, finance, legal, marketing.”

Encourage a learning environment: “Security leaders need every employee to be part of the solution,” writes Meakin. They need to champion a corporate culture in which security is “built into how work gets done.” To achieve such a one-for-all environment, employees need to be able to learn from each other and share their experiences. At Deutsche Bank, open and honest debates over social media channels are encouraged as a way to arrive at sensible and workable security practices. “One of the best sources of self-service in use of key security mechanisms that I have seen is the online wiki-style social network that we use at Deutsche Bank,” he relates. “Have a problem with that two-factor VPN sign-on? Need a software-token on your iPhone? Go to the social network and get hints, tips and real solutions through the advice of real users like you.”

Network with your peers: User groups and professional associations provide valuable opportunities to discuss best practices for security. “The bad guys are certainly teaming up and sharing best practices,” Meakin points out. “Why aren’t we?” He observes that his best and most timely intelligence on the latest sophisticated targeted attacks—before they actually hit—comes from fellow security leaders at other similar businesses.

Data and IT security can be automated to some degree, but the most effective practices rely on the engagement of everyone in the organization.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The IT-Savvy 10 Percent

IBM survey reveals best practices of IT leaders.

The Software-Defined Health Insurer: Radical But Realistic?

Can a tech startup digitally assemble the pieces of a comprehensive, employer-provided health plan?

Data Governance in Insurance Carriers

As the insurance industry moves into a more data-centric world, data governance becomes more critical for ensuring the data is consistent, reliable and usable for analysis.

Fear This

Just days before this Issue, which contains our security cover story, went to press, we got some interesting news: 1.2 billion unique usernames and passwords and 542 million email addresses were reportedly stolen from 420,000 websites, according to The New York Times. The websites ranged from Fortune 500 companies down to small online retailers.

Should You Back Up Enterprise Data to the Cloud?

Six questions that need to be asked before signing on with an outside service.

Modernizing Information Management

While better reporting and actuarial analysis help to support financial decisions, improved analytics and decision making greatly assist the rest of the organization.

Advertisement

Advertisement