There is a continuing need for effective controls that cost too much for some security budgets.
Speaking at the opening keynote of RSA Conference Europe, executive chairman Art Coviello said that there is an "inertia around security budgets" that is preventing effective controls from being deployed and from information from being shared securely.
Coviello said: “Security models are not moving fast enough to make the transition from perimeter-based to intelligence-based security.”
He later said that the industry is not moving quickly enough between perimeter-based protection and flexible protection, blaming "the difference between perception and reality – the PR gap", and because of, budgets are not as evenly spread across the business.
Coviello also said that there is "too much awareness" around information security, but not enough understanding or context. While controls and analytics provide timely and actionable information, dynamic synergies will give true defence in-depth but personnel with the right skill set are also needed.
He said: “There is inertia around security budgets: 70 to 80 per cent is spent on prevention; 15 per cent on monitoring but only five per cent on response. The vast majority is spent on preventative perimeter-based security. It is static and inflexible.
Coviello addressed the skills gap in information security, quoting Frost & Sullivan estimates that there are currently 2.25 million security professionals but there will be a need for more than four million by 2015.
“There is a severe skills shortage, we have a need for the right level of people with the right level of expertise. Where will they come from? There is a need for more understanding. We need more, we need context and understanding and better collaborative understanding of the problems we are facing and the enemies we are fighting,” he said.