Experts urge security/business alignment

Business initiatives are being undermined by security worries, argues RSA's Coviello

Delegates at the RSA Security conference in San Francisco were urged to deliver greater alignment of security with business needs.

Currently, business initiatives are being undermined by security worries, Art Coviello, president of RSA told delegates. A survey of IT, security and business executives showed that 80 per cent had not pursued innovations because of security concerns.

"The next time a new idea comes up, don't start by saying it isn't secure," he said.

IT security cannot become more business-focused unless senior management drives the agenda, argued John Thompson, chief executive of Symantec.

"Your information security policy needs to be consistent with how you want to run every aspect of your business," he said. "The CFO, COO and everyone else in the executive suite are critical to fostering a culture of security."

But technology vendors could help end users through increasing co-operation with rival firms, suggested Craig Mundie, chief research and strategy officer, Microsoft. "Ultimately we need collaboration with other people who are building some parts of the products in the system."

The importance of IT security was underlined by Michael Chertoff, secretary of US Homeland Security. "We know that a successful large-scale cyber-attack against our country would have very far-reaching consequences," he told delegates.

The US authorities are developing an early warning system, capable of alerting authorities about threats to its critical infrastructure, he added.

But several of the keynote speakers were critical of government actions relating to IT security, though introducing ill-considered regulations. Much of today's IT security regulation is actually forcing companies to spend money on "perceived but not genuine security risks", RSA's Coviello told delegates.