Chris Young, senior vice president at the security supplier, told delegates today at the annual RSA Conference in London that there were seven key security principles they should follow as threats change.

Resisting new technology such as cloud computing and social networking was "futile", he said.

"The first principle is that businesses must embed their security as a core part of their strategy," he said. "By doing that, companies can spot sensitive data in motion and apply the right policy in real time."

Secondly, companies needed to make sure they had a security ecosystem rather than using point products, in order to ensure a coordinated approach. Thirdly, security should be "seamless and transparent", in order to ensure users are "protected from themselves", he said.

Security must also be content aware and correlated, Young said. This would enable businesses to recognise the nature and risk of particular data, and to correlate different events to raise red flags.

"Fifth, businesses must have both an outside-in and inside-out approach," he said. They needed to be aware that the normal perimeter had disappeared, with users accessing key information on multiple devices.

Security also needed to be "dynamic and risk-based", he said, "instead of static and reactive". He added: "You want to know if a user is accessing the same data simultaneously from his mobile and home PC, for example, or if a chief financial officer is supposedly accessing sensitive data outside when at the same time he is in the office logged in."

"Last but not least, your security infrastructure must be self learning -- knowledge fed and behaviour based," Young said. This would enable firms to tackle all the threats, and evolve in time with the cybercriminals.

"Humans can't keep up with all the security threats," he concluded. "But with the right policies and systems you can be faster and more flexible than the criminals."