Reader ROI
Learn about one organization’s integrated approach to security
Hear the pros and cons of a consolidated security effort
Determine how you might establish your company’s security structure

A security breach is about to occur at your company. Think fast. Who will slam the electronic door on a hacker without erasing evidence of the digital misdeeds? Would someone in your company have the presence of mind to activate door and badge systems, pull access files and look for other signs of a physical break-in?or would those thoughts surface days or weeks later, after it became clear that the hack was an inside job? When the time came to charge the perpetrators, would you or someone who works for you feel comfortable advising your company’s lawyers on whether or not to prosecute or settle the matter out of court (and out of the public eye)? n With its new Information Protection Team headed by former FBI supervisory special agent John Hartmann, Cardinal Health can answer "yes" to those security questions. As vice president of security for the $30 billion, Fortune 100 health-care manufacturing and distribution company with 40,000 employees worldwide, Hartmann and his small team of security specialists oversee all aspects of asset protection?including digital data, a job many people consider as being in the purview of IS.

Hartmann’s group of 15 acts like an internal SWAT team, helping Cardinal’s business units determine the value of their data, assess the extent of its risk and decide on practical security levels on a case-by-case basis. "The philosophy was to look at security in a holistic sense," says Hartmann. "We had firewalls, and we had people with a portion of their jobs related to security, but there was no dedicated team to address the big-picture aspects of protection."

This global view of physical and digital security helps Dublin, Ohio-based Cardinal maintain a clear minimum level of security throughout the company. It also helps identify when actions in one division could compromise security. If the worst-case scenario should occur, it ensures the company is ready to respond and defend its assets in both the physical and virtual worlds.

While those goals sound sufficiently well intentioned, are you willing to give up corporate real estate or entrust the safety of your business-critical digital assets to someone in a separate security division? If your gut answer is no, you may need to sleep on this one. Security industry watchers and some analysts say an independent, elevated security function is fast becoming a requirement for companies that need to protect their digital assets on several fronts.