IT Security in a filled more and more complex threats to environment should be more focused on management than on performance technology, said Eric Domedzh, project manager, IDC Europe.
IT professionals need to stop buying security performance and go to the purchase and sale of business performance, he said at the IDC Security Conference 2011 in London.
“Productivity is not the determining factor as expected. The true value of security is to help enterprises to improve competitiveness,” – he said.
This idea was also put forward Desom Pauli, director of security and IDM in Oracle. According to him, he made a conscious effort to go beyond hedging.
“Oracle in the past five years has acquired some 500 products from 75 companies to be able to sell the security at a good price” – he said.
HP has this week introduced a similar approach of integrated security, covering the entire infrastructure by announcing new or improved products and services that will be used in the technologies acquired over the past two years.
IT professionals should stop thinking about security in general, said Domedzh. ”Their role is changing to care about security management at a senior level,” – he said.
Security Management ensures that businesses take into account all the key elements of security – the cost, risk, compliance with the standards and qualifications, said Domedzh.
“IDC considers the integration of security as a way to control costs and complexity,” – he said.
IDC sees complexity as the next big risk, because the number of threats and their species, as well as regulatory requirements continue to grow.
“It’s time to focus on security management,” – said Domedzh pointing out that the most effective way to deal with the fact that all (each organization) is a target, as demonstrated by recent attacks on SCADA and other systems that were previously considered very safe, is to focus on the level of planning and processes rather than on the technological level.