"Everybody in this network is already being protected by some kind of central authority. We know that if we send an email to someone else within the community of trust, we can trust them if you like. And this is what’s meant by transparent email encryption."
"At the end of the day, [security] is not just an IT risk; it’s a risk to the organization. It’s a risk to our business or our ability to deliver the business."
"Anybody in our organization that refers to it as the business gets reminded, you're part of the business. That includes security. You’re part of the business. It isn’t ‘the business’ and you, you're part of the business."
"We do a risk-based approach in terms of if it’s highly critical we do an assessment once a year. If it’s not too critical, maybe once every two years, so there are really a lot of criteria happening on the back end."
"Think of the experience most people have when you're at home and you want to access work. You fire up your PC, you log into your PC, you fire up your VPN, you log into your VPN, you fire up a browser then log into the app. That’s a multiple-minute experience, and we took that experience and moved it down to two seconds."
Most companies have some sort of incident response, but rarely does it go all the way to the board. I don’t know if yours does or not, but you need to make sure that you’re not surprising your board if there’s a major attack. You don’t want them finding out about it in the paper.
"When we look at data protection and visibility, I’m just going to build this out for you. Protect, govern and serve. What does that mean? Not only do we want to protect the data and be able to recover the data, let’s take the next step in mobile devices, which also includes laptops."
"I have no ability if somebody brought their own device unless I enforced some kind of set of controls to wipe that data off or even know what’s been released ... The last thing anybody wants is to have unknown volumes of it out there for the taking by the bad guys in the community."
Barry Caplin, Chief Information Security Officer at Fairview Health Systems, shares his insights on the two different worlds that CISOs and CIOs are living on right now and how they can meet in the middle to make better business decisions.