CTO David Fike discusses security issues at Marsh & McLennan, including automation, the policing aspect of security and the importance of tracking metrics.
by Peter High, published on CIOInsight.com
12-13-2012
WHO: David Fike, Chief Technology Officer, Marsh & McLennan Companies, Inc.
WHAT: Sharing his perspectives on how best to secure corporate networks
WHERE: New York, NY
WHY: To provide CIOs and other IT leaders with actionable advice and insights about how best to secure the corporate network during increasingly complex times
David Fike, Chief Technology Officer of Marsh & McLennan Companies, Inc., shares his perspectives on the steps he has taken to secure his company’s corporate network and the methods he uses to stay a step ahead of those who would try to compromise his corporate systems. Upon arrival as CTO at Marsh & McLennan in 2006, Fike formed MMC Global Technology Infrastructure, which was the first significant attempt to centralize infrastructure across the company. Among other reasons, part of Fike’s logic in so doing was to develop a more secure corporate network.
Describe your approach to securing the corporate network at Marsh & McLennan Companies.
The most important thing to realize is that our security posture and what we’re defending against changes rapidly and in real time. The biggest challenge is that what you do today to protect your network isn’t going to protect you tomorrow.
The security landscape and types of threats are changing faster than ever. The bad guys are getting smarter and their “time to market” is getting shorter. As I think back to the security challenges we faced in 2006, it is like we are living in a completely different world today.
The starting point is building a strong, knowledgeable team. It is important to hire a seasoned chief information security officer to lead the change and ultimately take responsibility for security. You can spend all the money in the world, but if you have the wrong people it won’t matter, so people are really essential.
As your program evolves, a natural conflict will arise between colleagues wanting to access new technologies and services and your need to mitigate the security risks behind those new things. Some examples include:
Additional topics covered in this article include: