Unified Security: The Payoff...The Pain

The benefits of running a unified security operation are real. CSOs say they can lead their functions to be more effective and save money at the same time. But getting there is tough.

At Wells Fargo, CSO Bill Wipprecht also likes the fact that other execs know they can pick up the phone and call him with any security questions. Wipprecht runs five divisionsinternal investigations, external investigations, physical security, enterprise services and the uniformed services divisionand has almost 300 full-time employees. (He does not manage infosec, though his department is the investigative arm of that unit.) He describes security as having a single voice with a single message, and that translates into the way he handles customer service. "Our rule is, if you call anybody in corporate security on any issue, we don't tell them to call Fred in the other group; we dial the number for them. They don't know they're talking to the wrong divisionit's an invisible transfer to the customer," he says.Payoff #3 Information-sharing among disparate security functions increasesFor all the benefits of convergence, one of the biggest ones is that the level of cooperation and sharing of information among employees should increase. Will sharing happen overnight? Of course not. (See "The Pain," Page 29, for some of the obstacles that need to be overcome.) But bringing team members into a more cohesive organization with one strategic mission and consistent goals will encourage collaboration and help break down some of the walls that can exist among people who previously had prime allegiance to their individual security function.

Richard Loving is reaping the benefits of a more collaborative environment at BWX Technologies, which manages and operates nuclear and national security facilities. Loving, a 25-year veteran at BWXT, wears two hats: He's CSO (a title he picked up last June) and director of administration. For years, the company, which runs or helps run facilities for the U.S. government in nine states, organized its facility teams as self-contained units. That often meant that people in different locations were working on the same problem. Security directors at the plants acted independently to ensure the safety at their own sites, but there was little collaboration among them. Loving and other execs decided last summer that BWXT needed a centralized focus for security, one that would improve information-sharing and get rid of the stovepiped structure. Loving began to coordinate security at the units.

The results were immediate. Last July the Department of Energy ordered a stand-down of all DoE operations that used controlled removable electronic media after two Zip disks containing classified materials were reported missing at the Los Alamos National Laboratory. DoE facilities were not allowed to resume operations until new security procedures were put in place.