SAN FRANCISCO -- RSA Conference 2008 News flash: IBM is getting out of the security business.
The security business has no future, Val Rahamani, general manager of IBM ISS and of security and privacy for IBM Global Technology Services, told attendees here yesterday in a keynote address. Rahamani said the security industry as it is today is not sustainable, and that IBM is instead going into the business of creating sustainable business.
The security industry is flying by the seat of its pants, Rahamani said. Security infrastructure has been dictated by the bad guys... as new threats arise, we put new products in place. This is an arms race we cannot win.
Business sustainability is all about building security into systems and processes, she said. If we really want to get ahead of the threat, we need to start thinking about re-engineering our businesses and processes. We need to make them more secure and compliant by design, and we need to move more security and compliance technologies into the fabric of our standard infrastructure and application environments."
Rahamani didnt go into detail on IBMs product plans for this approach, but she did say security companies must sell their customers solutions that assume everyone is infected so that they can safely do business, which makes a business sustainable. Its time to give up on the fantasy that education and antivirus will cure consumer security woes. It is not up to consumers to protect themselves. It is not their problem. It is our problem, because online commerce is not sustainable if it is not inherently secure. And the only way to make it inherently secure is to take ownership of the security problem.
Fighting Trojans, worms, insider attacks, and outsider attacks one by one is futile, she said.
But theres no way to stop chasing the threats, says Jeremiah Grossman, CTO of WhiteHat Security. "When you go into this room, how can you make sense of any of it? It takes a genius to bucketize it all," said Grossman outside the exhibit hall here today. "Well never get away from chasing the threats around."
The sustainable business approach makes sense for IBM, he says, given its existing business continuity service offerings.
IBMs Rahamani, who recently replaced the now-retired IBM ISS co-founder Thomas Noonan, also talked about how the industry is in another transformational period, not unlike the emergence of the PC 25 years ago, and then LANs and WANs 20 years ago. Ten years ago, it was the emergence of Internet-based computing. Today, it is the advent of secure Internet-based computing, she said.
But Internet-based computing is not secure, she said, and is actually getting less secure all of the time. Security is a big problem right now [with Internet-based computing], but we will innovate and solve it, just as we have in the past.
Rahamani said that when she speaks to CSOs about threat statistics such as 7 percent of the worlds computers are infected, it doesnt faze them. But when I say, The Storm botnet could already shut down your company if it so chose. So what are we going to do when 20 percent of the worlds computers are infected? they sit up in their seats.
Its all about putting security into the context of business operations, she said. Parasitic threats are only a metaphor for the greater issue -- there will always be new threats to business sustainability, ranging from parasites to regulations to insiders to global politics. We cannot achieve true sustainability if we continue to focus on individual threats. We can only achieve true sustainability if we design security and continuity into our processes from the beginning.
The traditional security industry is simply not sustainable... We have a historic opportunity to change our mindset from IT security to secure business. We have the technology, services, and expertise available today to create truly sustainable business, even in a world where we assume everyone is infected.
The security industry is dead, Rahamani said. Long live sustainability.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.