
“Years ago security was very binary, it’s now about managing the risk to information and figuring out how to best manage the risk. In most cases [businesses] are selecting the one, two or three pieces of information that matters, it's the top level data whether its consumer data, source code or intellectual property," he said.
According to Craig Shumard, chief information security officer at health care giant CIGNA, although the issue is in its early stages, the complexity of the issue continue to be a challenge.
"The risk is going to continue to increase as companies continue to implement outsourcing and third-party affiliates" Shumard said.
He added: "Blocking sites isn’t something that can be easily sustained. As newer generations come through there are issues around the mechanisms of blocking sites instead. Business need to look at different methods."
Tony Spinelli chief security compliance officer at US-based Equifax said since 2005 his company has helped support 600 organisations deal with the consequences of lost data from laptops and handhelds.
He said security needs to be embedded in the data itself even though it appears many people don’t understand that.
Information centric security, the hot topic for RSA 2008, has changed the way businesses think, added Ansanelli.
Agreeing, Francis de Souza Symantec Senior VP advised security professionals that it’s still critical to protect the infrastructure but the forefront of security is now managing the risk.