IT professionals need to stop buying security performance and move to buying and selling business performance, Eric Domage, program manager for IDC in Europe told attendees at the analysts Security Conference 2011 in London.
"Performance is not a differentiator, it is expected. The real value of security is to help business to be better, to be more competitive," he added.
This was echoed by Des Powley, director of security and IDM at Oracle, which he said had made a conscious effort to get beyond an insurance sell: "Oracle has acquired around 500 products from 75 companies in the past five years to be able to sell security on value."
HP this week backed up a similar approach of infrastructure-wide integrated security by announcing an enterprise security division to exploit the various technologies it has acquired in the past two years.
IT professionals should stop thinking about full security, said Domage, "Their role is shifting towards thinking about security management at an executive level."
A security management approach ensures that business is addressing all the key elements of security - cost, threat, compliance and skills, he added.
IDC views complexity as the next big risk, as the number and type of cyber threats and regulatory requirements continue to proliferate.
"Now is the time to focus on security management," said Domage, pointing out that the most effective way of dealing with the fact that everything is a target, as shown by recent attacks on SCADA and other systems previously thought to be highly secure, is at the planning and process level, not at the technology level.
This story written by Warwick Ashford first appeared on www.computerweekly.com