Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Prudential Preaches Pragmatism

Chief security officers should walk softly to get execs to take their message seriously. This was the warning from Tom Doughty, Prudential Financials vice president of information systems, at today’s Information Security Decisions conference in New York.

Increasingly, IT managers are resorting to scare tactics in order to get other parts of the business to address security. (See Harum Scarum! and Security Survey Underlines Fear Factor.) But Doughty is taking a more cautious approach at Prudential. “I think that the ‘Harum Scarum’ approach has to be used selectively,” he says. “It can tend to make people feel constrained.”

Rather than strong-arming disgruntled users to deploy a slew of security technologies, Doughty believes the trick is molding the security mantra to their specific needs. “Talk to them in terms of their outages, talk to them in terms of their Denial of Service issues," he said. “Let them do the math.”

Controversially, this may involve turning a blind eye to certain risks: “If a risk is purely technical and not impacting the business -- ask the question ‘so what?’ ”

Doughty admited that getting users in an organization as large as Prudential to sing from the same security song sheet is easier said than done. The firm’s securities business alone, for example, has over 15,000 end-users, and Prudential runs literally “thousands of servers” across numerous platforms. “It can take a little bit of patience.”

  • 1