Business security caught up in a 'perfect storm'

Innovation is paying the price for increased spending on security, with users caught up in the crosswinds of a 'perfect storm', according to RSA's president of security.

Speaking at EMC World 2008 in Las Vegas, RSA's Arthur Coviello said that from IDC figures, security was likely to make up five per cent of IT spending by the end of the year, at more than $55 billion dollars (28 billion). He claimed that although end-users were now spending more, they were also feeling less safe than ever.

This meant that innovation was taking a hit, as he went on to quote RSA figures which said that 80 per cent of chief information officers would shy away from a business initiative due to security concerns.

"It's no wonder. A perfect storm has developed around us," said Coviello. "What are the cross currents of that storm? We live in an era of unprecedented innovation that's enabled by the openness and connectivity of the internet."

"But we do so in a period of ever increasing sophisticated criminal and even government sponsored attacks."

He said that at the recent RSA conference last month, one speaker noted that there would be more malware developed this year than legitimate software.

He said that businesses were now sick and tired of solving the security problems of yesterday and understood that infrastructure changes were the only way forward

He claimed that when it came to security for customers and end-users, 'heaven' would be security that was totally seamless, transparent and built-in into business processes.

"As my father used to say, everybody wants to go to heaven, but nobody wants to die to get there," said Coviello, claiming the main job of security was to 'ease your pain' in efforts to build it into IT infrastructure.

Speaking to the audience, he said: "You are the stewards of your company's most important asset, information. You use it to make money, and save money."

Later on in Coviello also presided over a risk, security and innovation meeting between panellists from Microsoft, the Enderle Group, EMC, EDS and Deloitte & Touche.

One of the panellists, vice president of Global Information Security at EDS Bryan Palma, said that in the last couple of years he felt that some security groups were making money out of quick and easy strategies rather than being truly useful to end-users by working with hardware and business infrastructure.

He said: "If you look at the technology side, there was a whole bunch of people who made a lot of money from software and point solutions around security."

"Solutions are moving into the operating system, into the disk drive, into the storage rack and ultimately into the chipset. That becomes a more efficient model of security."