Enterprises need to rethink their security spend to be more proactive and innovative, according to RSA chief executive Art Coviello.
Businesses need to spend on different types of security systems to anticipate problems, said Coviello to delegates at a keynote for the RSA Europe Conference 2008.
“Security practitioners need to master the risk/reward equation and adapt to the changing nature of risk or be exposed to failure” he said.
Most economists and business leaders see innovation “as a way out of economic hole and the best hope for restoring business prosperity”. Similarly, innovation is required for effective security, Coviello argued.
But businesses are struggling with how to strike the right balance between driving new innovations to market and instituting effective IT security practices, according to RSA chief.
Instead, security and innovation need to be linked, to release the burden on end user community and provide an intuitive, seamless and transparent security systems that are easier to implement and maintain focus on policy and frameworks.
“There is too much spending on the wrong things. Security strategies have been driven and sold on fear and compliance issues with spending on perceived rather than genuine threats” he said, adding that we need to move to an information-centric approach.
Most security is piecemeal and static, for instance authentication systems that rely on passwords and user names.
Instead, Coviello urged enterprises to look at behavior to match the sensitivity of security to the information that is being protected, apply more stringent controls to sensitive documents than to readily available information.
He called on vendors to develop behavior and content-based solutions and technologies that are adaptable to threats “we have not yet conceived”.