Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's Security Forum.
The forum is taking place in Atlanta and brings together a number of influential IT security consultants and researchers along with a range of vendors and end-users to debate pressing issues impacting enterprise businesses today.
Whereas such technology meetings, including Forrester's inaugural 2006 security confab, have historically focused more on the acquisition of new technologies or the latest trends in malware, companies are finally beginning to spend less time on investigating individual attacks and defence mechanisms and more on closely examining the idea of broad-ranging risk management, show organisers said.
"There isn't any hot new technology being pitched at us these days. The process is less about shiny widgets than it is about cohesive programs that combine security and risk management," said Laura Koetzle, a Forrester analyst.
"For a long time, the power in the security industry has been in the hands of the technology providers," she said. "But as enterprise security programs are maturing, we're seeing a shift to more coherent strategies that emphasises specific business needs."
Koetzle said that the annual conference had its fair share of security research reports on emerging threats – including the latest on messaging security trends from specialists with Postini – but the analyst highlighted the increasing sophistication of the discussions, which focus on how companies can work with their customers and business partners to take a more organic approach to security.