GE Healthcare Tackles Data Security - InformationWeek
11:49 AM
[Ransomware] Taking the Mystery out of Ransomware
Dec 07, 2016
Lost data. Systems locked down. Whole companies coming to a grinding halt. When it comes to ransom ...Read More>>

GE Healthcare Tackles Data Security

GE Healthcare already has rolled out encryption capabilities on 120,000 laptops as part of a five-pronged encryption strategy initiated in mid-2005.

Data security has been the top IT security priority at GE Healthcare over the past 12 months, and it isn't alone. "It's the biggest security concern both for myself and my company," said company chief information security officer Scott Hamrick in an interview.

By the end of last year, GE Healthcare had rolled out encryption capabilities on 120,000 laptops as part of a five-pronged encryption strategy initiated in mid-2005. Now Hamrick's investigating phase two, which will focus on encryption of both structured and unstructured data stored in applications as well as on file and database servers. This encryption project will be followed by the encryption of backup tapes, storage devices, and removable USB thumb drives. All five phases are scheduled to be completed by early 2008.

"So far, the removable media encryption part of the project looks to be the most challenging," Hamrick said. "We want to control it to the point that no matter what USB thumb drive you plug into your computer, the data stored on that drive would be encrypted. That way, if you lose that drive, it wouldn't pose a danger to the company."

GE Healthcare is tackling one of the biggest problems in security today: how to protect company and customer data from thieves increasingly focused on stealing such information. Still, a lot of companies have the ostrich syndrome when it comes to data security. If it hasn't yet affected their company, they'd rather not deal with it. InformationWeek Research's 10th annual Global Information Security surveyreleased this week, conducted with consulting firm Accenture, indicates that only one-third of U.S. survey respondents and less than half of those in China cite "preventing breaches" as their biggest security challenge. Only one-quarter of U.S. respondents rank either unauthorized employee access to files and data or theft of customer data by outsiders in their top three security priorities, and even fewer put the loss or theft of mobile devices containing corporate data or the theft of intellectual property in that category.

This lack of urgency persists despite highly publicized -- and highly embarrassing -- data-loss incidents in the last year and a half involving retailer TJX, the Department of Veterans Affairs, and the Georgia Community Health Department, among many others.

GE Healthcare's been able to focus on data security the past 12 months because Hamrick's already gotten the company up to speed on the network-access control, anti-virus, patching, and security policy control projects that needed to be done to address more conventional threats. "We've had to focus less on the firefighting recently, so we've been able to focus more on strategic issues like data security," he said.

Still, Hamrick remains undeterred by the increasing complexity of IT security. "It definitely reaches a point where it's too complex," he said. But this is being alleviated by the consolidation of security vendors into larger IT vendors such as Cisco, IBM, and Microsoft.

What has made IT security more complex is the introduction of new, consumer-driven technology in the workplace. "Our users go home and use Yahoo or AOL IM," Hamrick said. "You could argue that phone and e-mail isn't enough, as technologies like IM become more mainstream. It's classic risk management 101. You look at the benefits of the technology, the cost, and the risk, and then you implement the technologies that most benefit your business."

Despite the security risks, Hamrick realizes that his company could miss out on some really useful innovation if they don't keep an open mind. "We have to have the policy of not saying 'no' all the time," he said.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll