CSO Compass Awards 2010: Roland Cloutier
CSO and Corporate Vice President, ADP
By Bill Brandel
May 04, 2010 — Every day of every week, millions of employees throughout the United States and around the world receive their paychecks—whether through direct deposit or as a live check and stub—through ADP. For years, the company has been a trusted outsourced business provider—so much so that it is a critical cog in the national economic machine. With the stakes so high, it is Roland Cloutier who has been tasked with ensuring the security of this global operation and making it run smoothly.
CSO: How would you size up the security task you're charged with at ADP?
Roland Cloutier: From a security practitioner standpoint, ADP is a big target. It pays a quarter of the U.S. workforce. We float north of a trillion dollars every year. We have to ensure that millions of checks are cut and delivered to people around the globe. That is a huge challenge. Business resilience is the single key objective I have as CSO. What is the key driver to implementing a global security strategy?
We have to ensure that there is a well-developed risk framework that works across the entire organization. At the same time, we have to look at the service levels required in any specific segment, and what those risk levels are and how do we apply which services and articulate controls, and what metrics and key performance indicators (KPI) do we use to ensure that they are effective.
Editor's note: Also see The Security Metrics Collection for in-depth strategies in measurement and communication.
CSO: What do you consider the most difficult or rewarding accomplishment of your career?
Roland Cloutier: At a previous company, I used to work with this hard-core sales executive who couldn't have cared less about security. After four years of my rolling out programs and a security organization, I get a call from this guy, and he says, "Roland, I'm about to pitch an idea to my team for manufacturing stuff in an Asian country. Talk to me about security and the threat perspective and how we could manage risk in that environment." His first call was to ask the CSO, "Could we do this?" It was the first time that a senior business executive showed me that he understood that security was simply part of doing business.
Can you name one of the biggest mistakes you've made during your security career and what you learned from it?
I made two, actually. One was that I assumed—I thought—people were executing and were being held accountable. It wasn't until I put that work into a lifecycle approach that I realized that I actually had a problem. Thankfully, it was mitigated before it could become a big problem. Now, the lifecycle approach is very big with me, to have the governance and oversight of what we are accountable for. It will never happen again.
Security leadership requires both functional expertise and great business communication skills. Learn how to lead, measure, improve, teach, and more.
What is a CSO? | Part 2
Add business value by connecting multiple departments and multiple kinds of risk
5 secrets of building a great security team
Nurture dissent, formalize underserved functions, and more key strategies
Security metrics: Critical issues
Case studies, innovative ideas, finanical and operational metrics, effective presentation—the Web's best practical guide to security and operational risk metrics
What I learned when I left security
9 secrets to getting stuff done in a big company
7 essential business negotiation tactics
Security and business: financial basics
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Security Analytics Video
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- B2B Integration on Cloud: Real World Solutions and Technology Advances
- Protection for Every Enterprise: How BlackBerry 10 Security Works
- IDC - SAP Enterprise Mobility: Bringing a Cohesive Approach to a Complex Market
- Navigating the New Mobile World
- Harvard Business Review: How Mobility is Changing the World
- How Mobility is Transforming Industries
- Mobile Commerce: The Path to Customer Engagement
- Mandiant's APT1: Revisited
The Mandiant APT1 report made our industry stronger by encouraging -- if not forcing -- information sharing. By Nick Selby - Attacks from China: A survival guide
- #FFSec: Infosec pros who bring value to Twitter
More Salted Hash with Bill Brenner
