- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
Bruce Bonsall, security lead at MassMutual Financial Group since 1991, says one of the best changes in the financial industry over the years has been increased collaboration to fight IT threats. That's not to say, though, that he doesn’t want his company's level of security to be a differentiator. "There is an old saying that explains if you are hiking in the woods with a friend and a bear attacks, you don’t have to be able to outrun the bear, you just have to be able to outrun the friend," says the CISO for the Springfield, Mass., company. "If we have better security than the company down the street, then it's more likely they are going to get attacked." Bonsall, who has 50 people in his charge and oversees management of some 3.4 million identities, recently shared more of his thoughts on network security with Network World Senior Editor Denise Dubie.
|
What projects top your priority list for 2007?
Our priorities fall along a couple of lines. One is automating a lot of the manual work that we do, particularly in the identity management area in terms of adding IDs to all the systems and setting up all the access that people need. The reason we need to automate is that although we are very good at [ID management], we have grown to the point where we just can't scale. We could keep throwing bodies at it, but I think through automation we will be a lot more nimble. The company is in growth mode, and we'd like to be in a position where we can acquire other companies and bring them on board quickly. If we have to do that manually, it can really hinder our growth.
Are you looking into any new technologies to help secure the infrastructure?
Another area is really improving our ability to manage the business of information security. Up until recently we have been focused on the tactical implementation of countermeasures and defenses to deal with threats and new technologies. We have put on layer upon layer of firewalls, intrusion detection and access controls. But now we have to be able to manage all those pieces of technology and be able to get a holistic picture of our security posture at any given time. You typically hear this referred to as security information management. We are instrumenting a lot of our technologies so that we have dashboards and scorecards to help us get a clear picture of how we are managing security. The whole idea is to manage risk. You need to understand what all your assets are, how valuable they are to you, how threatened they are and then formulate some set of priorities as to where to invest your security dollars. And it changes literally from second to second when threats rise and fall so you have to be able to adapt.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment