When you think about security, part of it is recognizing the desired action and stopping the aberrant behavior. Isn't that another way to talk about another space that has a great deal of data and opportunity -- marketing? If we think of security as not something special but instead having more in common with other parts of IT and how they add value, our perspectives can shift -- as you rightly point out.
Security techniques recognize new patterns of behavior -- good, bad or indifferent -- what can the business do with that knowledge?
Security approaches try to identify where people are coming from, where they are going, what they are doing while they are interacting with the business -- what other parts of the business are interested in this sort of metadata?
As I've mentioned to others (particularly around disaster recovery and cyber-attack avoidance), it is not usually our lack of preparedness that we need to worry about, it is our lack of imagination.
I don't know that I can agree with that in all cases.
If you turn the concept of security on its head (at least from today's perpective) and make it a value add instead of a constraint -- some interesting flexibility can develop. The reasons that big data is so applicable to the security space is the same as for big data within the corporation -- it lets you separate the normal from the unique. If you can focus your attention only on the unique, it can be quite liberating.
Instead today most security is defined from a walled, prevention model. We should know by now that the perimeter protection based model of security just doesn't work.