Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Ping: Christopher Ray

Christopher Ray

The definition of endpoint security is in the eye of the beholder. Christopher Ray, second vice president of information security for insurance provider AFLAC, says it's about more than device integrity checks. The recipe is a combination of traditional security solutions, WITH a dash of policy and procedure ingredients.

Clear up some of the confusion over endpoint security. How does AFLAC define it? A lot of people relate endpoint security to one particular technology component. The approach we've taken is a multilayered one. Endpoint security is not defined as antivirus, or a desktop firewall, or patching. It's a combination, plus the policies and procedures in place in an organization.

So it's about more than integrity checks on workstations and devices? That's a very proactive step. For a lot of incidents, companies have to worry about them after the fact, and it sucks up a lot of resources to clean up a virus attack. Integrity checks are great solutions; it helps to do these up front.

What does AFLAC do beyond integrity checks? We do configuration management around servers and how to manage that. VPN access, and managing how people come into our network remotely is also important. Boundaries are blurred for what defines the perimeter. How do you control B2B partners, and the devices they connect to? That's a big issue. Layers increase because you have to worry about enforcing network access and VPN controls.

What kind of problems do contractors pose when connecting to your network? We don't allow people to connect to the network. They can connect to an external DSL line we've set up. My goal is to be an enabler, [but] do integrity checks on their systems, and put them on a separate network if they don't meet our standards.

How does AFLAC address removable storage media? We don't try to block these devices; we find it unrealistic, at least on workstation levels. It's up to us to enforce adequate security, and still enable business.

Read the full version at

Article 17 of 19

Dig Deeper on Security industry market trends, predictions and forecasts

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All