Security within the corporate organization has historically been fragmented, with many departments responsible for their own security. Network provider Global Crossing quickly recognized that the convergence of all security matters under one department was necessary to obtain a complete understanding of the threats to the company's assets, personnel and intellectual property. This was made all the more critical in a rapidly changing post-911 world.
In 2002, Global Crossing pioneered a converged security philosophy and a strategic plan for protecting its infrastructure, information, and personnel through a comprehensive defense-in-depth approach that transcends physical and logical security. Much like the company's global IP network, which delivers converged voice, video and data communications to enterprises around the world, Global Crossing's converged security strategy now uses multiple independent and interlinking layers of security that together provide greater protection.
Global Crossing has differentiated its network solutions by delivering a combination of advanced technology, customer support, reliable security and flexible control. Security is a key cornerstone for delivering such a solution, since converged IP networks often connect to other private and public IP networks.
As part of its defense-in-depth strategy, Global Crossing protects its information and tangible business assets by setting in place multiple layers of security that include specific hiring and personnel practices, physical access controls and network systems protection. These elements converge to provide a holistic view of security.
The success of the converged approach to security depends upon centralization, policy command and uniform use of technology.
Accountability at a High Level
Recognizing the deficiencies of a fragmented approach to security, Global Crossing centralized all security functions under one leader, the VP of Global Security, reporting directly to the chief information officer (CIO). Additionally, the VP of Global Security reports directly to a Security Committee of the Board of Directors. This Security Committee was established pursuant to the company's Network Security Agreement with federal U.S. law enforcement and national security agencies as part of Global Crossing's acquisition by Singapore Technologies Telemedia.
The agreement required Global Crossing to implement additional safeguards to support the U.S. government's law enforcement and national security interests. The Security Committee of the Board of Directors provides governance and support for security at the highest level within the corporation. This committee is responsible for overseeing security in the same manner that an audit committee is responsible for overseeing the integrity of a company's financial statements. The establishment of the committee eliminated the silo approach and unified how security was defined and measured throughout the corporation.
Global Crossing's Security Organization identifies and assesses risks to its facilities, personnel and information systems. It then evaluates options for managing these risks, working with departments throughout the corporation to decide upon and implement appropriate controls.
Keep the Money Together
In addition to centralizing security functions, Global Crossing centralized security budgetary control, allowing the organization to get a complete picture of who was spending on security, where, and how much. This provided an opportunity to leverage their investments, consolidate like projects and to make strategic investments, shifting resources from traditional security roles like manned guarding to leading-edge measures, such as intelligent security systems and real-time event notification. Global Crossing was then able to reduce its overall operating costs, focusing on the use of technology to help address their security needs.