News
News
7/17/2007
11:49 AM
Connect Directly
RSS
E-Mail
50%
50%

GE Healthcare Tackles Data Security

GE Healthcare already has rolled out encryption capabilities on 120,000 laptops as part of a five-pronged encryption strategy initiated in mid-2005.

Data security has been the top IT security priority at GE Healthcare over the past 12 months, and it isn't alone. "It's the biggest security concern both for myself and my company," said company chief information security officer Scott Hamrick in an interview.

By the end of last year, GE Healthcare had rolled out encryption capabilities on 120,000 laptops as part of a five-pronged encryption strategy initiated in mid-2005. Now Hamrick's investigating phase two, which will focus on encryption of both structured and unstructured data stored in applications as well as on file and database servers. This encryption project will be followed by the encryption of backup tapes, storage devices, and removable USB thumb drives. All five phases are scheduled to be completed by early 2008.

"So far, the removable media encryption part of the project looks to be the most challenging," Hamrick said. "We want to control it to the point that no matter what USB thumb drive you plug into your computer, the data stored on that drive would be encrypted. That way, if you lose that drive, it wouldn't pose a danger to the company."

GE Healthcare is tackling one of the biggest problems in security today: how to protect company and customer data from thieves increasingly focused on stealing such information. Still, a lot of companies have the ostrich syndrome when it comes to data security. If it hasn't yet affected their company, they'd rather not deal with it. InformationWeek Research's 10th annual Global Information Security surveyreleased this week, conducted with consulting firm Accenture, indicates that only one-third of U.S. survey respondents and less than half of those in China cite "preventing breaches" as their biggest security challenge. Only one-quarter of U.S. respondents rank either unauthorized employee access to files and data or theft of customer data by outsiders in their top three security priorities, and even fewer put the loss or theft of mobile devices containing corporate data or the theft of intellectual property in that category.

This lack of urgency persists despite highly publicized -- and highly embarrassing -- data-loss incidents in the last year and a half involving retailer TJX, the Department of Veterans Affairs, and the Georgia Community Health Department, among many others.

GE Healthcare's been able to focus on data security the past 12 months because Hamrick's already gotten the company up to speed on the network-access control, anti-virus, patching, and security policy control projects that needed to be done to address more conventional threats. "We've had to focus less on the firefighting recently, so we've been able to focus more on strategic issues like data security," he said.

Still, Hamrick remains undeterred by the increasing complexity of IT security. "It definitely reaches a point where it's too complex," he said. But this is being alleviated by the consolidation of security vendors into larger IT vendors such as Cisco, IBM, and Microsoft.

What has made IT security more complex is the introduction of new, consumer-driven technology in the workplace. "Our users go home and use Yahoo or AOL IM," Hamrick said. "You could argue that phone and e-mail isn't enough, as technologies like IM become more mainstream. It's classic risk management 101. You look at the benefits of the technology, the cost, and the risk, and then you implement the technologies that most benefit your business."

Despite the security risks, Hamrick realizes that his company could miss out on some really useful innovation if they don't keep an open mind. "We have to have the policy of not saying 'no' all the time," he said.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.