As a result of its experiences, Unum has decided to bring some tasks it previously outsourced back in-house.
"You have to make sure that every I is dotted when it comes to service-level objectives. We found in some cases that we had no sight into what the service provider was doing," said Fleury.
After outsourcing its network access management tasks to a service provider, Unum found that the company wasn't sufficiently policing the number of administrative accounts that were added to the system and that the people hired to do the job were more interested in sticking to wording of their contract than helping the firm build comprehensive protection.
"We ended up with nothing more than paper-pushers who eventually told us that they were being told not to challenge access credential requests," the CISO said, "so it's pretty clear that you need to be careful."