Jim Routh, Chief Information Security Officer at Aetna, discussed risk management during the 2014 Chief Information Security Officer (CISO) Leadership Forum in New York on April 9. In his presentation, “Taking Risks to Manage Risk,” Routh noted CISOs must be proactive when selecting risk management technologies for their organizations.
Routh said emerging technologies require new controls. Because more organizations are leveraging mobile tools, Routh said, it is crucial for these organizations to find ways to protect sensitive information. Meanwhile, Routh added understanding how mobile devices work and their pros and cons enables an organization to safeguard its information: “The key is to protect the information based on the application and create capability in a wrapper technology that you can apply to multiple mobile applications as you get multiple teams developing mobile applications.”
According to Routh, “application collision” is a major problem for organizations across the globe. Application collision often confuses consumers, Routh said, and it is vital for an organization to take steps to avoid this problem: “It’s time to move beyond the world of binary authentication and into the grey area of risk behavior and a score, so what you want to do is identify behavior and a bunch of attributes layered on top of each other to identify the user or the device and the user. You can do that today on any mobile app that’s on any kind of device.”