informa
/
2 MIN READ
Feature

Cigna's Craig Shumard: One Man's Security Mission

This security chief has his hands full locking down all the personal data that flows through a big benefits provider's operations. We spend a day with him finding out just how he does it.
LONG DAY'S END

The day is in the homestretch. Shumard meets again with Shepard and Marc Brown, Cigna's manager of IT operations. They review 26 security-related IT projects, including backup tape encryption, software for cleaning up temporary files, and e-mail encryption services.

Shumard inquires whether a vendor--unnamed at his behest--has included anti-spyware in the latest version of its software. Neither Brown nor Shepard knows. "Have you made sure they know we're not happy with them?" Shumard asks. "The riot act was read," Shepard responds.

Then, as promised, Shumard asks Brown to follow up on Lee's spam concern by creating a list of who's receiving the most spam in the company. "We have people who sign up for stuff but don't check off that they don't want to be contacted by that vendor for other products, so we wind up having to change their e-mail addresses," Shumard says. His BlackBerry buzzes several times, but he doesn't even glance at it. Brown has his full attention until the meeting breaks shortly before 4:30.

It's back upstairs to his office for a couple of hours of answering e-mail and voice mail before heading to the Marriott at Hartford's Bradley International Airport for the night. At his desk, Shumard acknowledges that all of his work and planning would go for naught without the full cooperation of Cigna's employees.

"We're only as strong as our weakest link," he says, "and the weakest link is the person who doesn't know what they're doing." That person might carelessly toss a document with a customer's name and other personal data on it, rather than shred it, or send an unencrypted e-mail containing someone's personal information to a colleague or business partner. Stopping this sort of carelessness, along with malicious insiders and hackers, is what the endless meetings, countless discussions, and the persistent attention to every detail are all about.

Continue to the image gallery:
Cigna's CISO Craig Shumard

Continue to the sidebars:
PayPal's CISO's Psychological Warfare,
Mozilla's Window Snyder: A CISO With A Different Agenda
and
PCI Standard Drives Some CISO's Work This Year