"The current security model is not working and it is time for us
to change," Enrique Salem, CEO of Symantec, told attendees of the
2009 RSA Conference.
Protecting corporate information is becoming increasingly
difficult as malware becomes
more sophisticated and attacks become more targeted, he
said.
Salem echoed earlier comments by RSA president Art Coviello that
security technologies are still applied piecemeal from multiple
suppliers, "leaving perilous gaps" of risk.
According to Salem, businesses can improve security by linking
up security, storage and management systems to enable
automation.
This would enable organisations to set policies about the use of
portable storage media, for example, and then automate systems to
enforce that policy, he said.
Automation would also enable organisations to enforce security
policy for applications, using technology to evaluate the
reputation of software.
Symantec has been working on such technology that rates the
safety of software based on factors such as its origin, prevalence
and age.
This type of reputation-based security allows an organisation to
set security policies based on its own risk tolerance, he said.