AMSTERDAM: Firms must accept that cloud computing use and the bring your own device (BYOD) trend are the new normal and incorporate them into security strategies, according to RSA programme committee chairman Hugh Thompson.
Thompson said cuts to enterprise budgets in the past five years has radically changed security professionals' place in the business, during a speech at the RSA Conference 2013.
"In the past, security professionals had veto powers. Five years ago if somebody in the business came up with some public cloud strategy that was going to save loads of money, if we said 'no' the enterprise would listen to us. Then we had a financial downturn," he said.
"Now it's not the same. For example, five years ago businesses took a hard line to bring your own device and insisted on business handsets, but now that's changed. How many times do you see a business professional pull out a BlackBerry these days? Today I think most of us have accepted we can't stop this transition."
The RSA chief said the transition means security professionals' roles are now more about enabling rather than choosing what new technologies are used.
"We're transitioning into a spotter role. One where we ask the business where it wants to go and help them get there. Even though we're at the most threatening stage in our history, we're no longer in the business of saying no," he said.
He said the change means security professionals will have to be more aware of the businesses' needs than ever before and will have to find cost-effective ways to protect networks and data.
"In the next five years the business of security will be a business, not technology, industry. We'll be aligned with the direction of the business and tasked to spot things that don't matter," he said. Thompson added that, to do this, professionals will have to rethink the way they work to reduce cost and improve their overall efficiency.
Thompson added that security professionals should learn from other industries that have gone through similar transitions, such as insurance. "Previously when trying to get car insurance they'd just ask your age and what you drive. Contrast that to the way they do it today," he said.
"Now they ask you loads of questions, like what children I have, my level of education, how long I've been married. These are hard questions – based on statistics – that let them know if I'm a good investment."
Thompson listed education as another key strategy that security professionals could use to cost-effectively boost businesses' defences.
"People are all on LinkedIn, Facebook and Twitter. But we still need to educate them about what is OK to do. We need to get them to understand; you should feel free to talk about your cat and what you had for dinner on these services, but don't put a post up about your IT project, that's not cool," he said.
The comments from Thompson counter those of the chairman of John Lewis who said earlier this year that firms must learn to listen to IT teams and to sometimes accept no for an answer when considering new tech projects.