Free Newsletter
HOT TOPICS >> Tech world's top flops and fiascos of 2011 | Windows 8 slideshow | Cybersecurity | Caron's Q&As
INDUSTRY >> Healthcare IT | Government IT | Financial Services IT | Biotech IT | Compliance IT
Interview with Craig Shumard, CISO, Cigna Corp.
Tech-savvy employees can be a great boon to an enterprise, but they can create some daunting challenges for the IT department when they use personal devices or social networking sites on the job. The global health service company Cigna Corp. does not allow employees to use personal devices at work, but it is making substantial use of social media, according to Craig Shumard, chief information security officer. In an interview with FierceCIO, Shumard discusses the business value of social media as well as the security challenges it presents.
FierceCIO: What areas of your company are finding value in social networking tools?
Craig Shumard: If you talk to our folks in the human resources area, they've found LinkedIn to be a really great recruiting vehicle for them to identify candidates. I think that's a tool that a number of companies are gravitating to. We have a Facebook page up, as well as some Twitter accounts, and the corporate communications and marketing departments find real value in them.
FCIO: What instigated the use of social media at Cigna?
Shumard: It was driven by the people in HR and communications who used the vehicles and could demonstrate that there was a real valuable business need for them. We had those tools opened up for a limited subset of folks on a trial basis over a year ago, and I think it was about 10 months ago that we opened them up for the entire company.
FCIO: Do you have any limitations on employee use of social media?
Shumard: We allow all employees to be on Facebook during the day as well as on LinkedIn and Twitter. We are in a highly regulated industry and we have fairly stringent regulatory requirements. We have a social media policy and it applies to those sites as well as to blogs that people may contribute to. The key is to understand the purpose of the tools. You don't want people being your corporate spokespeople if that's not their job. Basically the watchword around the policy is about the use of those tools and not using them to reveal Cigna data or represent yourself as Cigna personnel when you're using the tools personally.
People are going to gravitate to the communications level that works for them. I don't know that you're going to change behavior. You want to enable them so that they're not going to try to circumvent your security measures.
FCIO: What security risks do you face regarding the use of social media?
Shumard: Ensuring that there hasn't been any transmission of data is one. Facebook does have a Webmail feature embedded into it, and we want to make sure there isn't any data leakage. We want to make sure that through some level of wandering there isn't a mention of Cigna in an inappropriate way on those sites.
We have a data classification system and most of the data we have is highly sensitive. We would not expect employees on their own machines on their own time to act as representatives of Cigna. Even before Web 2.0--even before IT consumerization--when you had blogs or other sorts of communications tools, we did not expect people on their own time to make comments or share inside information or other information that could be detrimental to the company.
FCIO: What technologies do you use to prevent data leakage?
Shumard: We use a couple different monitoring products on gateways and desktops. We're looking for key words and key phrases and other criteria. We also use a certain level of encryption on the desktop as well as on data that goes to removable media.
Training and communication, and making sure everyone understands are also important. We have a pretty robust training process around security and privacy. There's training that all employees get, and there's focused training based on specific user groups and specific requirements. We offer webinar activity that people can register for. There is a measure to determine how much they've garnered from the training.
FCIO: Have you noticed any impact on productivity since employees started using social media at work?
Shumard: I don't know that we'd say we've seen any issues around productivity. We look at productivity as something that individual managers would assess.
FCIO: What other effects have you seen from employee use of social media?
Shumard: I think it's had a very positive impact for morale overall. As you merge the work/life environments and the lines blur between the two, it is one more tool to give employees. To a certain extent, it makes them more productive. It makes their lives easier.
Related Articles:
Interview with Dan Cass, CTO, San Francisco's 1st Financial Bank
Interview with Kyle Schafer, CTO, State of West Virginia
Interview with Dennis Risinger, CIO at FCS Financial
Interview with General Kearney, VA medical centers CIO
Interview with Rich Shirey, CIO, Baptist Health System
SHARE WITH:
Home
| Subscribe | Advertise | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2011 FierceMarkets. All rights reserved. |
 |
