With quite the task ahead of him, Courtot takes refuge in his experience working with technology that is shrouded in doubt. Citing his work with Qualys in the early days of the cloud, Courtot likened his discourse with the enterprise IT community to Galileo trying to convince the Catholic Church that the earth revolves around the sun.
"In the early days, no one believed us. They'd say, 'How could I have my security outside of my company?' It was like heresy," he says.
Now that Qualys has reached a point at which Courtot can begin to take on other projects, he is looking to offset the widespread criticism of cloud security that has "personally offended" him. To do so, Courtot calls for transparency between cloud vendors and their customers, which he believes will lead to a better understanding of the shift from purchasing a product to paying for a service. Once more customers understand that the risk involved in the delivery of cloud services stems from Internet security problems, more will be willing to deploy the cloud, Courtot says.
"I've always looked at what I call the resistance of deployment," he says. "So you need to identify [the barriers to deployment] and then have a strategy to go around them."
Courtot was hardly the only one at RSA who called for a fundamental shift in Internet security. During his keynote speech at the event, Symantec CEO Enrique Salem called the younger generation the "sledgehammer of change" to endpoint security in the enterprise. Citing the inherent familiarity with technology among those born in the 1990s, Salem predicted a more productive workforce that will also require an entirely new approach to authentication and security.
In this regard, Salem did not stand unsupported. Avecto COO Paul Kenyon agreed and used the comparison as a call for seamless integration of security and productivity applications.
"Just as consumer security vendors are increasingly making their security applications capable of working constantly in the background -- and with minimal involvement on the part of the computer user -- so the security industry on the business side also needs to streamline the endpoint security that the employee sees," Kenyon says.
Courtot, however, is careful not to let the TIM get ahead of itself. If the organization is going to bring about any significant change, it will be by gaining leverage on the pertinent issues and targeting them until they have been resolved, he says.
"We are not looking to be a huge organization which is going to solve every problem on the planet," Courtot says. "It's all about being very pragmatic, picking the balance, finding a leverage point and going about doing it."
Sign up for CIO Asia eNewsletters.