GE Healthcare Tackles Data Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


GE Healthcare Tackles Data Security

GE Healthcare already has rolled out encryption capabilities on 120,000 laptops as part of a five-pronged encryption strategy initiated in mid-2005.

Data security has been the top IT security priority at GE Healthcare over the past 12 months, and it isn't alone. "It's the biggest security concern both for myself and my company," said company chief information security officer Scott Hamrick in an interview.

By the end of last year, GE Healthcare had rolled out encryption capabilities on 120,000 laptops as part of a five-pronged encryption strategy initiated in mid-2005. Now Hamrick's investigating phase two, which will focus on encryption of both structured and unstructured data stored in applications as well as on file and database servers. This encryption project will be followed by the encryption of backup tapes, storage devices, and removable USB thumb drives. All five phases are scheduled to be completed by early 2008.

"So far, the removable media encryption part of the project looks to be the most challenging," Hamrick said. "We want to control it to the point that no matter what USB thumb drive you plug into your computer, the data stored on that drive would be encrypted. That way, if you lose that drive, it wouldn't pose a danger to the company."

GE Healthcare is tackling one of the biggest problems in security today: how to protect company and customer data from thieves increasingly focused on stealing such information. Still, a lot of companies have the ostrich syndrome when it comes to data security. If it hasn't yet affected their company, they'd rather not deal with it. InformationWeek Research's 10th annual Global Information Security surveyreleased this week, conducted with consulting firm Accenture, indicates that only one-third of U.S. survey respondents and less than half of those in China cite "preventing breaches" as their biggest security challenge. Only one-quarter of U.S. respondents rank either unauthorized employee access to files and data or theft of customer data by outsiders in their top three security priorities, and even fewer put the loss or theft of mobile devices containing corporate data or the theft of intellectual property in that category.

This lack of urgency persists despite highly publicized -- and highly embarrassing -- data-loss incidents in the last year and a half involving retailer TJX, the Department of Veterans Affairs, and the Georgia Community Health Department, among many others.

GE Healthcare's been able to focus on data security the past 12 months because Hamrick's already gotten the company up to speed on the network-access control, anti-virus, patching, and security policy control projects that needed to be done to address more conventional threats. "We've had to focus less on the firefighting recently, so we've been able to focus more on strategic issues like data security," he said.

Still, Hamrick remains undeterred by the increasing complexity of IT security. "It definitely reaches a point where it's too complex," he said. But this is being alleviated by the consolidation of security vendors into larger IT vendors such as Cisco, IBM, and Microsoft.

What has made IT security more complex is the introduction of new, consumer-driven technology in the workplace. "Our users go home and use Yahoo or AOL IM," Hamrick said. "You could argue that phone and e-mail isn't enough, as technologies like IM become more mainstream. It's classic risk management 101. You look at the benefits of the technology, the cost, and the risk, and then you implement the technologies that most benefit your business."

Despite the security risks, Hamrick realizes that his company could miss out on some really useful innovation if they don't keep an open mind. "We have to have the policy of not saying 'no' all the time," he said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Python Beats R and SAS in Analytics Tool Survey
Jessica Davis, Senior Editor, Enterprise Apps,  9/3/2019
IT Careers: 10 Places to Look for Great Developers
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/4/2019
Cloud 2.0: A New Era for Public Cloud
Crystal Bedell, Technology Writer,  9/1/2019
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll