Security Implications of IBM-Red Hat Merger Unclear

But enterprises and open source community likely have little to be concerned about, industry experts say.

4 Min Read

The full implications of IBM's planned $34 billion purchase of Red Hat could take several years to play out. But from a security perspective, don't expect the merger to change things very much for enterprises and the open source community, several industry experts said this week.

In a surprise move, IBM on Sunday announced its intention to acquire all issued and outstanding common shares of Red Hat at $190 per share in cash. The deal represents a value of roughly $34 billion and is by far the biggest technology acquisition that IBM has made in its history. In fact, the planned purchase is one of the largest technology deals ever, behind Dell's mammoth $67 billion acquisition of EMC in 2016.

Red Hat is expected to significantly bolster IBM's capabilities in the cloud space, especially in hybrid-cloud environments. The two companies have partnered with each other on Linux initiatives for some 20 years, including most recently on hybrid-cloud and Kubernetes container orchestration technologies.

Many major companies looking to leverage open source software and components currently have Red Hat Linux running on data center servers. Red Hat's OpenShift container application platform, which combines Docker and Kubernetes container technologies, is popular within the developer community and organizations looking to develop applications capable of running in multicloud and hybrid-cloud environments.

The merger will help such enterprises more quickly create, deploy, and manage secure cloud-native business applications that are portable across public and private clouds, the two companies said in a statement.

"IBM is committed to being an authentic multi-cloud provider, and we will prioritize the use of Red Hat technology across multiple clouds," said Arvind Krishna, senior vice president, at IBM Hybrid Cloud. "In doing so, IBM will support open source technology wherever it runs, allowing it to scale significantly within commercial settings around the world."

Analysts say it is far too early to predict how successfully IBM will be able to leverage Red Hat's strength in growing its own cloud business.  

"Cloud security is an essential topic for any customer as they are planning their cloud strategy and looking at migrating applications to the public cloud," says Dennis Gaughan, an analyst with Gartner. "Helping clients with this migration is what IBM highlighted as a key motivation for the deal."

In announcing the planned merger, the two companies highlighted security as a key element that customers want from cloud providers. "But at this point, there are no details as to how the combination of offerings from the two companies will change or improve cloud security as a result of the acquisition," Gaughan says.

In previous years, a merger as big and as complex as this one would likely have entailed a lot of issues, including ones related to security, says Todd Matters, co-founder and chief architect of RackWare. "But cloud has done a good job of raising security parity across different environments," he says.

Regulations such as PCI, HIPAA, and GDPR have also driven broad adoption of a number of security standards and best practices, so merging technologies, data centers, and clouds have become less of a security issue, Matters says.

For the broader open source community, a lot will depend on how much Red Hat will be allowed to operate independently. "Red Hat has done a pretty good job of maintaining the open source community," Matters notes. "If Red Hat is allowed to operate independently, I wouldn't see any issues or disruptions for open source security."

If anything, IBM's investment in Red Hat will likely elevate security for enterprises, adds Tim Beerman, CTO at Ensono. Strong security capabilities have become table stakes in today’s environment, and enterprises can expect to see IBM continuing to make investments in the security of any newly acquired platforms.

If regulators and shareholders approve the planned acquisition, Red Hat will become a fully owned IBM subsidiary but will continue to operate as an independent unit within IBM's Hybrid Cloud Group. IBM will maintain Red Hat's current headquarters in Raleigh, N.C., and also all of the company's brands and practices, both companies said in a joint statement. Red Hat CEO Jim Whitehurst will continue to lead the unit, along with members of his current management team. Whitehurst will report directly to IBM CEO Ginni Rometti.

IBM and Red Hat together will have a leading container-based, cloud-native development platform and a very broad portfolio of open source middleware and tools, Forrester analyst Dave Bartoletti said in a statement. "While any acquisition of this size will take time to play out, the combined company will be sure to reshape the open source and cloud platforms market for years to come," he said.

Related Content:


Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

About the Author(s)

Jai Vijayan, Contributing Writer

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights