There's a shift underway in the field of information security, and JPMorgan Chase & Co.'s Anish Bhimani is at the heart of it. Fading fast is paradigm of a lifelong security practitioner who sees the issue of security in black-and-white. On the rise is Bhimani's model in which information security is seen as a business enabler, not a business inhibitor, and even a locus of business innovation.
Bhimani is JPMorgan Chase's managing director of risk and security management, and one of ten global IT security leaders that make up the Security for Business Innovation Council. Part of the self-organized group's mission, Bhimani says, is to bring the traditional IT management rigor into IT security.
In a recent white paper, the Security for Business Innovation Council advocated that organizations reframe the issue away from "information security" and instead contemplate the issue as IT risk management. This change in focus mimics Bhimani's title; he notes that the bank hasn't had a "CISO" in about four years as the bank changed the way it thought about the issue.
At JPMorgan Chase, innovation in Bhimani's IT risk & security management group is driven by the company's mandate to do things more efficiently each year. One achievement of late is the implementation of an IT threat and vulnerability management initiative. Graduating from countless manual processes, the bank now has a closed-loop system that aggregates IT vulnerability assessments for thousands of systems, assigns each a risk score, and creates reports that are "much more consumable by the business," he says.
Also driving business results this year was the launch of MyID, an identity and access management system that revolutionized the process of provisioning and de-provisioning identities and access at the bank. The process went from taking days to give users the access they need to start working, to minutes. "That was a big win that reduced our overall costs significantly," Bhimani says.
In the end, innovation is crucial not just on the product side, but in all facets of today's financial services organizations. "As soon as you stop innovating - trying to find ways to do things more efficiently - you might as well close up shop and go home," he says. "The industry just moves too fast, and everyone else is innovating whether you are or not."