SAN FRANCISCO -- Symantec's new CEO put it plainly in his keynote at the RSA Conference yesterday morning: The current security model isn't working.
"It's time for us to change how we approach security. It's time to change the game," Enrique Salem told hundreds of attendees in one of his first major speaking appearances since assuming the top spot at Symantec last year.
Urging security managers to "operationalize" their efforts, he urged the creation of "a bridge between day-to-day operations and security departments" to create shared plans and goals.
"We know that the most effective programs are those that bring together security, storage, and systems management to automate the repetitive tasks that consume most of your time," he noted. "When you bring together these areas, it's possible to be more proactive and policy-driven."
Security remains a struggle after all this time, he said, in large part because administrators still perform manual analysis of threats against their systems within carefully partitioned silos. One team configures laptops, another looks after the datacenters, an operations team keeps an eye on routine tasks and an entirely separate security team does vulnerability testing.
As a result, security is done piecemeal. Stand-alone products at various points within the system hamper policy coordination, making automation of many processes nearly impossible. Lower-level administrators end up creating de facto policy day-by-day based on how they configure e-mail, backup and server security.
Instead of such seat-of-the-pants security planning, Salem proposes a new approach that's "risk-based, information-centric, responsive, and workflow-driven." InternetNews.com has the rest of the story on Salem's proposal.