RSA: Businesses need 'air traffic control' style security

The controls management layer should be where firms can provide and monitor security controls, the company says. Establishing this layer offered the opportunity to consolidate numerous security consoles.

Finally, the security management layer would be where policies are defined, governing the business and the IT infrastructure based on compliance requirements, best practice and risk tolerance. It would also be the layer where events and alerts from controls across the infrastructure come together and are correlated to assess compliance.

"The security industry does not have a system that integrates people, process and individual security controls that can be managed with the same kind of correlated, contextual and comprehensive view used by the aviation industry to guarantee the safety of our airways," said Coviello.

He added: "We need a system that enables us to close the gaps of protection and apply controls in a more holistic, systemic manner, centralising management not just for some vendor controls, but for all."