Mobile, TDR

RSA: Build security into operations, says Symantec CEO

April 21, 2009
Just days into his new job, Symantec CEO Enrique Salem is calling for a colossal shift in the way vendors and end-users approach information security.

Salem, who took over for former Symantec chief executive John Thompson on April 4, said Tuesday at the RSA Conference in San Francisco that change is needed to combat an increasingly sophisticated and targeted threat landscape.

The current security model isn't working, he said at a morning keynote address. It's time for us to operationalize security. When you operationalize security, it puts you in control.

Salem said management must apply a risk-based, information-centric, responsive and workflow-driven approach to security. This is even more important now that many computing environments are moving to the cloud.
Businesses must abandon the mindset that they can manually respond to threats one at a time, across the entire organization, he said. By implementing a strategy that will gauge the severity of situations by measuring risk and then automatically applying the appropriate policies and processes to deal with them, companies can save money, attain better visibility and become more effective, he said.

We have to move away from the siloed, piecemeal, opaque approach we have today, Salem said.
To accomplish this, vendors such as Symantec will have to work together to develop standards and share best practices surrounding risk management, said Salem, echoing sentiments similar to RSA head's Art Coviello in his prior keynote.

Audience member Josh Hulbert, the IT director at Fast Transact, an Olympia, Wash.-based credit card processor, said in an interview with SCMagazineUS.com afterward that he supports the notion of building security into business processes.

He said security isn't effective if workers must sacrifice features on applications.

It makes it more difficult for people to accept security, and it slows business down, he said.

Another attendee, Bryan Owen, cybersecurity manager at OSIsoft, which makes software for critical infrastructure companies, said he agreed with Salem's support for vendors to collaborate so that point products can work together to fight a common enemy.

Not any one of us owns the problem, Owen said.
prestitial ad