Keep Evolving; Risk Is a Moving Target
Eric Lindgren, vice president and CIO, PerkinElmer: As a life sciences company, the foundation of everything we do from a security standpoint is ensuring that we meet federal, state and industry regulations and standards. We build from there until we reach a comfortable level that's in line with best practices and the latest standards but that doesn't hurt productivity.
Because the threats we face are continually evolving, our investments have to evolve with them. Five years ago, I created a separate security and compliance group. When someone is 95 percent responsible for ERP or the network and only 5 percent responsible for security, they naturally focus on the 95 percent. I took that 5 percent and gave it to full-time people who understand the issues, are dedicated to them, and can educate IT and hold everyone accountable.
I don't think you can be too secure. The real concern is that you'll make things too cumbersome. That's why, when designing a new process, we try to get an up-front understanding of how it will affect employees.
We catch most problems during user acceptance testing, but some issues surface only after we have a critical mass of users on the system. Although we rarely need to undo a new control once it's in place, we can certainly fine-tune it to make sure it continues to balance security with efficiency.
Sign up for CIO Asia eNewsletters.