IT security should be about good management, says IDC

IT security in an increasingly complex threat environment needs to be more about management than technology performance, according to IDC. IT professionals need to stop buying security performance and move to buying and selling business performance, Eric Domage, program manager for IDC in Europe to

IT security in an increasingly complex threat environment needs to be more about management than technology performance, according to IDC.

IT professionals need to stop buying security performance and move to buying and selling business performance, Eric Domage, program manager for IDC in Europe told attendees at the analysts Security Conference 2011 in London.

"Performance is not a differentiator, it is expected. The real value of security is to help business to be better, to be more competitive," he added.

This was echoed by Des Powley, director of security and IDM at Oracle, which he said had made a conscious effort to get beyond an insurance sell: "Oracle has acquired around 500 products from 75 companies in the past five years to be able to sell security on value."

HP this week backed up a similar approach of infrastructure-wide integrated security by announcing an enterprise security division to exploit the various technologies it has acquired in the past two years.

IT professionals should stop thinking about full security, said Domage, "Their role is shifting towards thinking about security management at an executive level."

A security management approach ensures that business is addressing all the key elements of security - cost, threat, compliance and skills, he added.

IDC views complexity as the next big risk, as the number and type of cyber threats and regulatory requirements continue to proliferate.

"Now is the time to focus on security management," said Domage, pointing out that the most effective way of dealing with the fact that everything is a target, as shown by recent attacks on SCADA and other systems previously thought to be highly secure, is at the planning and process level, not at the technology level.

This story written by Warwick Ashford first appeared on www.computerweekly.com


MicroScope+

Content

Find more MicroScope+ content and other member only offers, here.

Read more on Data Protection Services

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

ComputerWeekly

SearchITChannel

Close