IT security still has "perilous gaps of risk": RSA

Vendors must club together to fix the "perilous" gaps dogging security implementations, according to the president of security company RSA.

In his opening keynote at the annual RSA Conference, Art Coviello called for the improved collaboration.

"Today security is viewed as way too costly and not effective enough," he told the conference in San Francisco. "Security technologies are still applied piecemeal from multiple vendors, cluttering the information landscape, leaving perilous gaps of risk," he said.

He added: "One of the reasons why the fraudsters are so successful is they poke at the infrastructure until they find a weakness in the system. Today's security products tend to protect an element of the infrastructure against a defined set of threats, so what do fraudsters do? They just work around those products."

Coviello argued that vendors need to work together better because hackers and fraudsters are already working in their own "fraud ecosystem" stuffed with innovation, and said hackers use an "amazingly sophisticated supply chain" when putting their attacks together.

"It cannot be solved by a suite of products from a single vendor. It must be solved by the vendor community," he said. "In the web 2.0 world, we have seen the power of mash-ups - so why not in the security world?"

Coviello said suppliers have to collaborate on standards, even though progress can be slow, and share technology, thereby cutting the time and cost of developing enterprise security products.

What does Coviello think the response will be from IT security professionals to all these initiatives? "I believe all of you will be saying 'it's about time'," he concluded.