"The current security model is not working and it is time for us to change," Enrique Salem, CEO of Symantec, told attendees of the 2009 RSA Conference.
Protecting corporate information is becoming increasingly difficult as malware becomes more sophisticated and attacks become more targeted, he said.
Salem echoed earlier comments by RSA president Art Coviello that security technologies are still applied piecemeal from multiple suppliers, "leaving perilous gaps" of risk.
According to Salem, businesses can improve security by linking up security, storage and management systems to enable automation.
This would enable organisations to set policies about the use of portable storage media, for example, and then automate systems to enforce that policy, he said.
Automation would also enable organisations to enforce security policy for applications, using technology to evaluate the reputation of software.
Symantec has been working on such technology that rates the safety of software based on factors such as its origin, prevalence and age.
This type of reputation-based security allows an organisation to set security policies based on its own risk tolerance, he said.