• Home
• GOVERNMENT CXO
• E-GOVERNMENT
• CITIZEN ENGAGEMENT
• TAX AND REVENUE MANAGEMENT
• GOVERNMENT PROCUREMENT
• GREEN GOVERNMENT
• GOVERNMENT DATA MANAGEMENT
• GOVERNMENT SECURITY
• GOVERNMENT CLOUD
• GOVERNMENT ANALYTICS
• GOVERNMENT GIS
• CONNECTED GOVERNMENT
• DIGITAL INCLUSION
• EDUCATION IT
• HEALTHCARE IT

Government Security, Technology

How to turn risk into return: Symantec

1 September 2009

How can you turn operational risks into returns? It’s a matter of putting the right IT governance, risk management, and compliance (GRC) processes in place.

A 2008 survey by the IT Policy Compliance Group confirms this observation. Firms with better IT GRC results are also enjoying 17 percent higher revenues, 14 percent higher profits, 18 percent higher customer satisfaction rates, and spend 50 percent less on regulatory compliance annually.

Processes and technologies are key, but which ones are proving most useful? How are organisations using them to turn risks into returns? Here are lessons learned by three top IT decision makers.

Photos

View photos

Related Articles

• A Storage Strategy for Tough Times: Symantec
• How to get better value security: Symantec
• Put Your Data Storage on a Diet: Symantec

Related Categories

• GOVERNMENT SECURITY
• TECHNOLOGY

From this Section

• SPOTLIGHT

See everything
What you can’t see, you can’t manage or remediate. “We have 60 locations and 4,000 endpoints in the field,” says Larry Whiteside, Jr., Chief Information Security Officer at Visiting Nurse Service of New York. “But when I came here, we didn’t have any way to get security intelligence about the environment. We could only see what was going in or coming out the gateway.”

Logs from Symantec Endpoint Protection on all desktops and servers feed into a LogLogic appliance, which in turn feeds into Symantec Security Information Manager. Meanwhile, Symantec Security Information Manager captures logs directly from network-based devices such as firewalls, routers, and switches.

“It would take at least two full-time employees to check all the logs that are correlated and prioritised automatically now,” Whiteside says. “We get the network intelligence we need to make more informed decisions.”

To err is human, to automate divine
How do you know when an endpoint is infected or otherwise not compliant with security policies? That was the question at Singapore’s Energy Market Company, the operator of Singapore’s wholesale electricity marketplace. “The uncertainty wasn’t acceptable,” says James Ng, Vice President of Technology.

Ng chose to automate the detection and isolation of infected endpoints using Symantec Endpoint Protection and Symantec Network Access Control. The infrastructure now denies a connection to any non-compliant device that attempts to connect to the network.

Centralise endpoint administration
Quality, efficiency, and cost savings mean everything to Molina Healthcare, a Medicaid managed care organisation that delivers healthcare to over 1.2 million individuals and families in 10 states and 17 owned-and-operated medical clinics.

“The state governments tell us how much they will be paying,” says Sri Bharadwaj, Director of Infrastructure and Operations. “We try to manage our medical costs, but control our administrative spending.”

Molina Healthcare uses automated helpdesk software and a client management suite for centralised, automated patch management and software management. The health maintenance network relies on Symantec Control Compliance Suite, Altiris Helpdesk Solution, and Altiris Client Management Suite for these capabilities.

“Managing all our endpoints is now a part-time assignment for a single resource,” Bharadwaj says. “Had we tried to do all the management tasks on our own without the tools from Symantec, it would have required four or five employees working full time, all with a big travel budget.”

Get control of unstructured data
Bharadwaj’s team also deployed an archiving solution using Symantec Enterprise Vault that enables employees to store, manage, and discover unstructured information across the organisation.

At Molina Healthcare, 3,000 PST files were detected and ingested to a central vault using Enterprise Vault PST Migrator where their contents are easily searchable. “We have been able to maintain storage and allow for future growth without an increase in storage cost,” Bharadwaj says.

Follow through automatically
Energy Market Company’s Ng sought a way to make compliance monitoring consistent. “We have a 40-page statement of IT policies, and to ensure compliance, we have to translate that into action—into who does what, quarterly, monthly, yearly,” he observes.

Software was the answer. “We’re evaluating an automated system—in this case Symantec Control Compliance Suite,” Ng notes. “One of its advantages is that it will eliminate ambiguity. When there’s a compliance task to be done, an employee will be automatically reminded to execute it and management alerted until it’s done.”

Who do you trust?
Progress can be quick—Molina Healthcare’s Bharadwaj has seen it. “A year ago, we identified gaps in governance, risk management and compliance and put plans in place to address them,” he says. “That was our vision. And we’ve made great progress in the past nine months.”

Visit https://scm.symantec.com/es/en/ to find out how you can Protect Today, Secure Your Future