Western Union has faced its fair share of security threats, having been in business since 1851, and having been involved in moving messages and money across the US and the world.
Indeed, over its long history, Western Union has gradually adapted to the modern IT security threat landscape.
Speaking at the Interop conference, Mike Kalac, the chief information security officer (CISO) of Western Union, detailed how he helped transform the internal security at his company to deal with the modern era of information security threats.
Kalac explained to the audience that in 2012, the information security group within Western Union was viewed as being an obstacle, rather than an enabler, for the business. For example, the IT security group at the time was blocking access to both Facebook and YouTube, on the fear that those sites were insecure and represented a security risk.
Fundamentally for Kalac, security success depends on effective communications.
“When people don’t understand why a security policy is in place, they go the path of least resistance,” Kalac said. “So if the users don’t understand why they should be using a VPN when they connect in from a Starbucks, they won’t use the VPN. They will just use the open connection.”
The challenge that has emerged in recent years is the simple fact that consumer technology has in some respects become better than enterprise technology. A decade ago, according to Kalac, employees were able to get better Internet access and computers at work than at home.
“Now you leave home, and you leave all the cool tech at home,” Kalac said. “The office is also blocking you from visiting sites and [is] adding all kinds of widgets to monitor and log what you do.”
If IT security is to be successful, IT needs to understand what users really want to do. Within Western Union, there is an exception policy tool that allows employees to request access to online tools and services. The company’s marketing group was increasingly asking for access to cloud file-sharing service Dropbox because the group needed an easy way to move files, Kalac said. To meet that need, Western Union signed up for a commercially supported cloud file-sharing service.
As the CISO, Kalac said his job is really all about managing risk. “As CISO, I learned I had to accept some risk to get more security,” he said. If he didn’t accept the risk that comes with enabling employees to move their files with a Dropbox-type service, then Western Union employees would have taken the path of least resistance and the files would still move.
“So I get a controlled risk that I can control and monitor, while the person on other side can do their job,” Kalac said.
A core piece that Kalac is using to help transform the IT security group at Western Union over the last two years is the Western Union Information Security Enablement (WISE) program.
Kalac realised that simply bombarding employees with security messages is not entirely effective. What is needed is to effectively package up messaging, which is what WISE is all about.
“The mission of WISE is to provide protection for Western Union data and systems, to reduce costs and simplify your world through wise solutions that enable the business,” he said.
What’s key about the WISE effort is that it is a programmatic approach that has the Western Union brand wrapped around it. The initiative involves the key stakeholders within the organisation, and end-user impact of any change is always identified, according to Kalac.
“We all love technology, but take a step back to get out of the techie mode and see what your organisation is trying to do and what behaviours are going on,” Kalac said. “Take some controlled risk and then engage people in a different way. People want to be engaged, and they want to know why.”
Are you a security pro? Try our quiz!
Originally published on eWeek.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…