Companies told to step up on security

Businesses must provide a secure environment for their customers and partners, Symantec CEO John Thompson tells RSA crowd. Photo: Thompson at RSA

Dawn Kawamoto Former Staff writer, CNET News

Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

See full bio

Dawn Kawamoto

Feb. 7, 2007 9:00 a.m. PT

2 min read

SAN FRANCISCO--In a world where customers, suppliers and partners all tap into corporate networks, businesses must provide a secure environment for all of them, Symantec's CEO urged Tuesday.

John Thompson said that companies need to take responsibility for maintaining customer confidence, especially as people and businesses become increasingly connected via devices such as cell phones and handheld computers.

"What used to be clear lines separating enterprises and consumers have now become blurred, as networks are extended to not only suppliers and partners, but also to customers," Thompson said during a keynote speech at the RSA Conference 2007 here.

He acknowledged that this approach has not been common, despite increases in malicious software and other security breaches. "Accepting responsibility for the security of a device accessing your network, when it's not owned or managed by you, is a radically new concept in our world," Thompson said.

But he urged vendors to take that step in enabling companies to deliver a secure experience to end users, which include customers, partners and suppliers.

"Those that embrace this approach will not only reduce their risks, but, I believe, they will also create a competitive advantage for their companies," he said.

Confidence in the connected world will only come about if information, the infrastructure and interactions are secure and protected, Thompson predicted.

As a result, the role of a business' security officer needs to evolve into one that focuses on IT risk management, he advised. This new role would call for identifying, measuring and developing strategies to weigh IT risks and returns.

The IT risk manager, for example, would examine stumbling blocks to the availability of data, regulatory compliance and overall business performance, Thompson said.

The Symantec CEO outlined technologies and challenges companies may need to consider to bolster their IT risk management and reduce customers' concerns over security issues.

He called on enterprises to introduce identity management systems and extend them to customers, partners and vendors that they do business with. "There is no doubt in my mind that managing user identities is the most pressing challenge facing the industry today," Thompson said.

An approach that focuses on the user, rather than on the technology, is what is called for, he added. "After all, the goal is to protect the user--regardless of the device they use, online transaction they undertake, or threat they may face," Thompson said.