John Thompson said that companies need to take responsibility for maintaining customer confidence, especially as people and businesses become increasingly connected via devices such as cell phones and handheld computers.
"What used to be clear lines separating enterprises and consumers have now become blurred, as networks are extended to not only suppliers and partners, but also to customers," Thompson said during ahere.
He acknowledged that this approach has not been common,. "Accepting responsibility for the security of a device accessing your network, when it's not owned or managed by you, is a radically new concept in our world," Thompson said.
But he urged vendors to take that step in enabling companies to deliver a secure experience to end users, which include customers, partners and suppliers.
"Those that embrace this approach will not only reduce their risks, but, I believe, they will also create a competitive advantage for their companies," he said.
Confidence in the connected world will only come about if information, the infrastructure and interactions are secure and protected, Thompson predicted.
As a result, the role of a business' security officer needs to evolve into one that focuses on IT risk management, he advised. This new role would call for identifying, measuring and developing strategies to weigh IT risks and returns.
The IT risk manager, for example, would examine stumbling blocks to the availability of data, regulatory compliance and overall business performance, Thompson said.
The Symantec CEO outlined technologies and challenges companies may need to consider to bolster their IT risk management and reduce customers' concerns over security issues.
He called on enterprises to introduce identity management systems and extend them to customers, partners and vendors that they do business with. "There is no doubt in my mind that managing user identities is the most pressing challenge facing the industry today," Thompson said.
An approach that focuses on the user, rather than on the technology, is what is called for, he added. "After all, the goal is to protect the user--regardless of the device they use, online transaction they undertake, or threat they may face," Thompson said.