LONDON (10/27/2008) – Enterprises need to rethink their security spend to be more proactive and innovative, according to RSA chief executive Art Coviello.Businesses need to spend on different types of security systems to anticipate problems, said Coviello to delegates at a keynote for the RSA Europe Conference 2008.“Security practitioners need to master the risk/reward equation and adapt to the changing nature of risk or be exposed to failure” he said.Most economists and business leaders see innovation “as a way out of economic hole and the best hope for restoring business prosperity”. Similarly, innovation is required for effective security, Coviello argued. But businesses are struggling with how to strike the right balance between driving new innovations to market and instituting effective IT security practices, according to RSA chief.Instead, security and innovation need to be linked, to release the burden on end user community and provide an intuitive, seamless and transparent security systems that are easier to implement and maintain focus on policy and frameworks. “There is too much spending on the wrong things. Security strategies have been driven and sold on fear and compliance issues with spending on perceived rather than genuine threats” he said, adding that we need to move to an information-centric approach.Most security is piecemeal and static, for instance authentication systems that rely on passwords and user names.Instead, Coviello urged enterprises to look at behavior to match the sensitivity of security to the information that is being protected, apply more stringent controls to sensitive documents than to readily available information.He called on vendors to develop behavior and content-based solutions and technologies that are adaptable to threats “we have not yet conceived”.The RSA Conference Europe 2008 is being held at the ExCel Centre in London from Oct. 27 to 29. Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe