These are trying times, one of the world's greatest downturns. But bad times are an opportunity for good companies to become great companies. This was the message from Brian Truskowski, general manager, Internet Security Systems (ISS), IBM Global Technology Systems, speaking at a keynote on Thursday afternoon at the RSA Conference in San Francisco.

It's hard to make changes in good times because no one wants to fix what's not broken," he told the large gathering. "Winners see bad times as a chance to better themselves and improve efficiency. They welcome change because change begets opportunity."

Updating stagnant policies to meet ever-evolving demands is key, he said. "Change is a critically important dynamic in today's environment."
 
There's a dangerous trend where CEOs see that their cultures are too rigid to manage change. And, he added, vendors don't make it easier.

The key to success in today's rapid environment is to not wait around, he said. "Financial outperformers are responding to change with bold moves. Their culture encompasses flexibility." These organizations, he pointed out, adapt.

"Our industry's goals and values are misaligned. There's too much concentration on selling products and not enabling smarter business," he warned. "We have to change because our customers need us to change. We as an industry at this historic moment in time are not allowing our customers to make bold moves."

But, he said, change is happening. "We see organizations making bold investments in new processes that make them more agile and competitive. With two billion people now on the net, we're seeing an explosion in machine-to-machine communication," he said, calling it a new generation of intelligence.

Leading the charge is wireless technology, which is bringing emerging markets online at a staggering pace. "Each day, one million people become cell phone users," Truskowski informed the gathering.

To meet the challenge of encouraging and welcoming innovations in products, while keeping data secure, is completely dependent on building security into the foundation.

"There's only so much you can do to mitigate risk once a technology has been deployed," he said. "Now is the time to build security in the cloud. Security must become a function embedded in the technology."

But, he pointed out, there's only so much technology can do, pointing out that the weakest link in the chain is the human element. Fourteen years after Kevin Mitnick's exploits, we still fall for scams, he said. "We need to understand where we've come up short and admit that folks will fall for a hoax. Humans are an infinite threat to security."

Point solutions haven't done enough to solve the problem, Truskowski said. "We need to design systems that protect customers and manage change."

To achieve that, it's necessary to reduce complexity. Security is complex, he admitted. Too many CEOs are like the captain of the Titanic. They see an iceberg coming, but can't do anything about it because they're locked into rigid systems and lack maneuverability.

To be a successful business today, leaders must embrace smarter security because it is a business enabler. As well, security spending must be contained.

"Change and collaboration will be required to move forward in reducing cost and complexity," he concluded.