Experts urge fundamental rethink of IT security

Firms must focus on data-centric security

IT chiefs must forget about securing their infrastructure and focus on securing data if they are to protect vital corporate assets, experts have argued.

The use of data loss prevention (DLP) technology could finally help ensure that critical information stops leaching out of the enterprise, argued Gene Hodges, chief executive of Websense.

Efforts to lockdown devices, networks and infrastructure have failed to deliver robust safeguards, said Hodges. Instead of focussing on locking down end points, enterprises need to ensure that unauthorised agents cannot extract critical data, he added.

"You need to give up on trying to secure end points and concentrate on data, " Hodges said.

The idea that users can or should be prevented from acting insecurely is naïve and impractical, he argued.

A move towards a more information-centric view of IT security is "long overdue", argued Cisco's chief security officer, John Stewart.

Historically, IT security has focused on preventing behaviour which can be clearly identified as malicious, but today the diversity and volume of threats is so great that organisations would do better to only permit actions which are intrinsically safe, he added. "Everything else should be questioned," said Stewart.