The Transformation of Enterprise SecurityBy Lawrence Walsh | Posted 2008-04-30 Email Print
The game is no longer about keeping the bad guys out. It is about putting risk in a business context.
Eighty percent of security and business executives say they have passed up innovative ideas because of IT security concerns, according to a new IDC report commissioned by RSA, the security division of storage giant EMC.
RSA head honcho Art Coviello used this startling statistic as a prime touchpoint during his keynote address at the annual RSA Conference last month. His premise: In an age of unprecedented innovation and rapid change, why is security holding back progress? In a world where collaboration, communication and openness have never been greater, is security the retardant that will stunt technological and business advancement?
A new theme? Not for Coviello. For several years, he’s preached about the need for convergence in the security industry, and the necessity to use security technology as an enabler. He is among the vanguard urging security professionals to stop saying “no” to what the business wants to do and start thinking about how they can help the business achieve its objectives securely.
“They should think in terms of context of the vulnerability, the probability and consequences of security risks,” Coviello said in a one-on-one meeting with Baseline. “You don’t need to have perfect security, but you must have the context of what is acceptable.”
Coviello’s solution is the consolidation of the security industry and a melding of the security technologies now fractured among hundreds of small security vendors into the infrastructure products of large IT vendors. In the near future, he believes, the security community will converge into infrastructure in such a way that some of today’s leading and emerging security tools will be little more than a feature set within the iron and software of network and business applications.