Thomson CSO offers up network security lowdown

Dennis Devlin says the reason that CSOs like himself have gray hair is that they get paid to think about the worst things that can happen to their organizations. But companies that do this well don’t have to scramble as much when IT security threats emerge, said Devlin, a vice-president with information services company Thomson.

Devlin shared his experiences as an enterprise decision maker last month at a Massachusetts Network Communications Council seminar on network security. Representatives from Cisco, Kroll Ontrack and RSA Security also participated.

The Thomson executive chairs a council of senior security officers at his company, a 38,000-person outfit, that work with line-of-business personnel. “Security is definitely a team sport,” he said.

Devlin said enterprise network security is evolving from what he called an egg model, in which the exterior is hard and the inside is soft, to a stealthy submarine model, where data is compartmentalized and protection is approached from the inside out.

Thomson uses technology from a host of companies, from big names such as Cisco to a mix of startups. But beyond technology, end user awareness is hugely important, Devlin said. That’s both in terms of what information they can and can’t divulge to outsiders as well as what constitutes appropriate network behaviour.

“We need to make people aware we can figure out what you will do even if you aren’t blocked from doing it,” he said. “That’s a motivator to appropriate behavior.”

Among Devlin’s biggest concerns is the vulnerability of the applications his company runs. This is particularly important with the move to Web applications and service-oriented architectures based on lots of small programs that need to be quickly deployable and can’t afford to get slowed down by too many security checks.

“Our applications are just as vulnerable as our operating systems,” he said, noting that Thomson works closely with application vendors to ensure appropriate security levels.

Devlin said he foresees a time when applications such as e-mail will be denied by default and only previously approved messages and senders will be allowed through. Thomson has no shortage of offers from vendors to help with its security needs.

Devlin said he must get 20 calls a day and that his protocol is to tell people to send him a one-page explanation of their technology.

He said he knows of counterparts at other organizations that head up huge security departments that get beat on like pi

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now