Lockdown: Protecting the Corporate Network, article in CIO Insight

January 02, 2013
Icon Scrolling Bar

0%

CTO David Fike discusses security issues at Marsh & McLennan, including automation, the policing aspect of security and the importance of tracking metrics.

by Peter High, published on CIOInsight.com

12-13-2012

IN SUMMARY:

WHO: David Fike, Chief Technology Officer, Marsh & McLennan Companies, Inc.

WHAT: Sharing his perspectives on how best to secure corporate networks

WHERE: New York, NY

WHY: To provide CIOs and other IT leaders with actionable advice and insights about how best to secure the corporate network during increasingly complex times

David Fike, Chief Technology Officer of Marsh & McLennan Companies, Inc., shares his perspectives on the steps he has taken to secure his company’s corporate network and the methods he uses to stay a step ahead of those who would try to compromise his corporate systems. Upon arrival as CTO at Marsh & McLennan in 2006, Fike formed MMC Global Technology Infrastructure, which was the first significant attempt to centralize infrastructure across the company. Among other reasons, part of Fike’s logic in so doing was to develop a more secure corporate network.

Describe your approach to securing the corporate network at Marsh & McLennan Companies.

The most important thing to realize is that our security posture and what we’re defending against changes rapidly and in real time. The biggest challenge is that what you do today to protect your network isn’t going to protect you tomorrow.

The security landscape and types of threats are changing faster than ever. The bad guys are getting smarter and their “time to market” is getting shorter. As I think back to the security challenges we faced in 2006, it is like we are living in a completely different world today.

The starting point is building a strong, knowledgeable team. It is important to hire a seasoned chief information security officer to lead the change and ultimately take responsibility for security. You can spend all the money in the world, but if you have the wrong people it won’t matter, so people are really essential.

As your program evolves, a natural conflict will arise between colleagues wanting to access new technologies and services and your need to mitigate the security risks behind those new things. Some examples include:

  • Cloud computing, which brings a lot of advantages to the corporation, but also comes with new and challenging security concerns.
  • There needs to be a balance between effectively protecting our assets and making IT services easy to use so that our colleagues are as productive as they need to be. There is a tension there that can be tricky to reconcile.
  • Security is not “one size fits all.” The security profile and needs at one company may be very different at the next. The trick is to work with business leaders to preach the need for security, while also delivering services that meet their needs.

Additional topics covered in this article include:

  • How do you get the balance between ease of use and security right? How do you ensure that the pendulum is not swinging too wildly back and forth?
  • Potential threats can change from day to day. How do you remain abreast of the new possibilities? How do you anticipate?
  • Did you go from many to fewer software instances?
  • How do you measure success?
  • What do you foresee as security challenges in the future?
  • With regard to pushing toward flexibility in the workplace in IT, are there any hurdles that you need to get over to make sure that you do it right?
  • Developing a multi-year program and strategy

Interested in working together?

We’d love to hear from you.
contact us

Contact Us

    Icon

    Thank you for your submission

    We will get back to you as soon as possible. Back to site