Building a Stronger Security Strategy: 6 Tips

CIO offers his formula for achieving the right balance between data security and employee productivity and convenience

Harry Folloder, CIO, Advantage Waypoint LLC (AWP)

May 4, 2015

4 Min Read
Dark Reading logo in a gray background | Dark Reading

You might not think that security would be top of mind for a food service sales and marketing provider like Advantage (ASM) Waypoint. While we don't have account information on millions of consumer customers like Sony or Target, or sensitive banking data like JP Morgan Chase, our customer and corporate data still carries significant value for us; it’s the primary reason that setting a proactive security strategy is a top priority. In particular, it’s extremely important for us to be able to know where our data is at all times, including the increasing volumes being generated, accessed and shared outside of our traditional network.

We have 1,000 sales professionals visiting restaurants, stadiums, schools and other customer sites every day, with access to account information for hundreds of client contacts, including phone numbers, addresses and other sales data. They need to have instant and easy access to this information; if they don't, they will create their own workarounds, such as using personal email accounts and services like Dropbox, each of which come with considerable security risk. At ASM Waypoint, we opted for an on-premises storage and backup solution that allows us to maintain full control of our data and ensure optimal security. In our case, we use CrashPlan from Code42.

But there's much more to protecting corporate data in a way that empowers employees and keeps customers happy than just buying good software. Here are six tips that I've found helpful in balancing the productivity and convenience needs of employees with the security concerns of IT:

1. Think about the business process first, not the technology
Too many executives think about the technology first and try to adapt the business processes later. But I like to take an operations-based approach and consider the business goals and challenges -- and then use a technology that will help me accomplish and manage those. The technology will support the business process if we choose the right technology partner.

2. Respect your customers
My team has spent time earning the trust of our customers and building a relationship, so it’s crucial that we respect their data and properly protect information. If customers start getting unsolicited calls from our competition because, say, an employee leaves the company and takes customer data with them via personal email or Dropbox accounts, that undermines the trust we have built. We must ensure that data doesn't get into the wrong hands and adversely affect our relationship with customers.

3. Keep it simple
Our employees have many accounts to manage, from payroll to healthcare, with different logins and passwords. I encourage them to use a single sign-on application that creates complex, distinct usernames and passwords with minimal effort on their part. Employees typically have many responsibilities and worrying about technology should not be one of them; it’s the job of IT to provide tech that is efficient and easy to use. Single sign-on is so seamless to use, our employees don’t have to think about security.

 4. Understand your users 
IT and salespeople navigate in different worlds, so it’s integral for the two teams to see eye to eye. Each member of our IT team engages in a ride-along program where they shadow a salesperson twice a year. They observe how people in all major roles in the enterprise interact with technology throughout the day, what their tech needs are and the security risks they encounter.

 5. Incorporate endpoint backup
When one of our execs knocked his laptop into a deep fryer at a restaurant, I was thankful the data on his device was backed up. Because of the different data protection needs of the various levels of employees, we have a tiered endpoint protection approach. While most employees use a shared network drive to store documents, executives store documents in a drive on the corporate network.

6. Have a contingency plan
The nature of security incidents is that they can happen at any time and without you knowing about it until real damage has been done. In addition to following best practices, you always need a contingency plan. We have a plan in place that allows us to understand what, how, and when data was lost and what the impact may be. The best plan is one that’s proactive and preventative because you don’t want to be caught off guard.

A data protection plan does not just mean buying reliable security products — it’s more holistic. You must first assess the needs and behavior of end users and the business practices as a whole. A successful strategy will address these needs while also providing easy, non-disruptive processes for employees to follow. And lastly, it will prepare your organization for anything — from a lost laptop to breaches and insider threats — by backing up data and having insight into where data flows and who uses it.

About the Author

Harry Folloder

CIO, Advantage Waypoint LLC (AWP)

Harry Folloder is the Chief Information Officer at Advantage Waypoint LLC (AWP). With 10 billion dollars in food service sales and over 70 offices across 50 states, AWP is the largest national food service sales agency, representing leading Fortune 50 manufacturers such as Tyson, Sara Lee, Mars and Land O'Lakes. As the CIO of FSI Southwest LLC, the leading regional foodservice sales agency in the Southwest, Mr. Folloder led the technical team that successfully integrated the national roll up of similar regional food services brokers with Apax Partners and Advantage Sales and Marketing, the largest national retail sales agency. Mr. Folloder is also the President of Folloder Foodservice Inc. and former Partner and Founder of Net Guyz, LLC. Mr. Folloder attended the University of Texas at Austin where he graduated with a B.S. from the College of Natural Science in 2003. He serves on multiple technological advisory boards, including Dell Computers and McAfee Security Software (now part of Intel). Mr. Folloder also spends his time working with multiple charities including Texas Children's Hospital.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights