11:49 AM
Connect Directly
Repost This

GE Healthcare Tackles Data Security

GE Healthcare already has rolled out encryption capabilities on 120,000 laptops as part of a five-pronged encryption strategy initiated in mid-2005.

Data security has been the top IT security priority at GE Healthcare over the past 12 months, and it isn't alone. "It's the biggest security concern both for myself and my company," said company chief information security officer Scott Hamrick in an interview.

By the end of last year, GE Healthcare had rolled out encryption capabilities on 120,000 laptops as part of a five-pronged encryption strategy initiated in mid-2005. Now Hamrick's investigating phase two, which will focus on encryption of both structured and unstructured data stored in applications as well as on file and database servers. This encryption project will be followed by the encryption of backup tapes, storage devices, and removable USB thumb drives. All five phases are scheduled to be completed by early 2008.

"So far, the removable media encryption part of the project looks to be the most challenging," Hamrick said. "We want to control it to the point that no matter what USB thumb drive you plug into your computer, the data stored on that drive would be encrypted. That way, if you lose that drive, it wouldn't pose a danger to the company."

GE Healthcare is tackling one of the biggest problems in security today: how to protect company and customer data from thieves increasingly focused on stealing such information. Still, a lot of companies have the ostrich syndrome when it comes to data security. If it hasn't yet affected their company, they'd rather not deal with it. InformationWeek Research's 10th annual Global Information Security surveyreleased this week, conducted with consulting firm Accenture, indicates that only one-third of U.S. survey respondents and less than half of those in China cite "preventing breaches" as their biggest security challenge. Only one-quarter of U.S. respondents rank either unauthorized employee access to files and data or theft of customer data by outsiders in their top three security priorities, and even fewer put the loss or theft of mobile devices containing corporate data or the theft of intellectual property in that category.

This lack of urgency persists despite highly publicized -- and highly embarrassing -- data-loss incidents in the last year and a half involving retailer TJX, the Department of Veterans Affairs, and the Georgia Community Health Department, among many others.

GE Healthcare's been able to focus on data security the past 12 months because Hamrick's already gotten the company up to speed on the network-access control, anti-virus, patching, and security policy control projects that needed to be done to address more conventional threats. "We've had to focus less on the firefighting recently, so we've been able to focus more on strategic issues like data security," he said.

Still, Hamrick remains undeterred by the increasing complexity of IT security. "It definitely reaches a point where it's too complex," he said. But this is being alleviated by the consolidation of security vendors into larger IT vendors such as Cisco, IBM, and Microsoft.

What has made IT security more complex is the introduction of new, consumer-driven technology in the workplace. "Our users go home and use Yahoo or AOL IM," Hamrick said. "You could argue that phone and e-mail isn't enough, as technologies like IM become more mainstream. It's classic risk management 101. You look at the benefits of the technology, the cost, and the risk, and then you implement the technologies that most benefit your business."

Despite the security risks, Hamrick realizes that his company could miss out on some really useful innovation if they don't keep an open mind. "We have to have the policy of not saying 'no' all the time," he said.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.