CTO David Fike discusses security issues at Marsh & McLennan, including automation, the policing aspect of security and the importance of tracking metrics.
What do you foresee as security challenges in the future?
We work in a very mobile world where we need to secure corporate data on a personal device and be able to wipe it just as easily. BYOD, Android, Dropbox and mobile applications have enhanced communication and colleague productivity, but also make it increasingly more difficult to secure data. New technologies bring new challenges.
With regard to pushing toward flexibility in the workplace in IT, are there any hurdles that you need to get over to make sure that you do it right?
The distribution of assets within an organization is always a struggle, and particularly now. It has been difficult to compromise at Marsh & McLennan since client and internal corporate data protection is part of our primary responsibility. Over the last few years our security spending and head count have increased as the risks to the environment have increased.
We also use external security companies that monitor our networks and augment our team. We have an in-house security operations center and external partners, so we have two separate sets of eyes looking at our security 24/7.
Anything else you'd like to add?
We have a good multi-year program and strategy. Our company, fortunately, has business management that supports and aligns with the security posture--and we have a clear governance process for all strategy decisions.
I also want to highlight that we regularly test ourselves. This is key. We have tools and outside relationships to identify how we're doing from a security perspective, which allows us to improve. We specifically test our applications and infrastructure and are proactive about finding problems.