Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

10/29/2018
05:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Security Implications of IBM-Red Hat Merger Unclear

But enterprises and open source community likely have little to be concerned about, industry experts say.

The full implications of IBM's planned $34 billion purchase of Red Hat could take several years to play out. But from a security perspective, don't expect the merger to change things very much for enterprises and the open source community, several industry experts said this week.

In a surprise move, IBM on Sunday announced its intention to acquire all issued and outstanding common shares of Red Hat at $190 per share in cash. The deal represents a value of roughly $34 billion and is by far the biggest technology acquisition that IBM has made in its history. In fact, the planned purchase is one of the largest technology deals ever, behind Dell's mammoth $67 billion acquisition of EMC in 2016.

Red Hat is expected to significantly bolster IBM's capabilities in the cloud space, especially in hybrid-cloud environments. The two companies have partnered with each other on Linux initiatives for some 20 years, including most recently on hybrid-cloud and Kubernetes container orchestration technologies.

Many major companies looking to leverage open source software and components currently have Red Hat Linux running on data center servers. Red Hat's OpenShift container application platform, which combines Docker and Kubernetes container technologies, is popular within the developer community and organizations looking to develop applications capable of running in multicloud and hybrid-cloud environments.

The merger will help such enterprises more quickly create, deploy, and manage secure cloud-native business applications that are portable across public and private clouds, the two companies said in a statement.

"IBM is committed to being an authentic multi-cloud provider, and we will prioritize the use of Red Hat technology across multiple clouds," said Arvind Krishna, senior vice president, at IBM Hybrid Cloud. "In doing so, IBM will support open source technology wherever it runs, allowing it to scale significantly within commercial settings around the world."

Analysts say it is far too early to predict how successfully IBM will be able to leverage Red Hat's strength in growing its own cloud business.  

"Cloud security is an essential topic for any customer as they are planning their cloud strategy and looking at migrating applications to the public cloud," says Dennis Gaughan, an analyst with Gartner. "Helping clients with this migration is what IBM highlighted as a key motivation for the deal."

In announcing the planned merger, the two companies highlighted security as a key element that customers want from cloud providers. "But at this point, there are no details as to how the combination of offerings from the two companies will change or improve cloud security as a result of the acquisition," Gaughan says.

In previous years, a merger as big and as complex as this one would likely have entailed a lot of issues, including ones related to security, says Todd Matters, co-founder and chief architect of RackWare. "But cloud has done a good job of raising security parity across different environments," he says.

Regulations such as PCI, HIPAA, and GDPR have also driven broad adoption of a number of security standards and best practices, so merging technologies, data centers, and clouds have become less of a security issue, Matters says.

For the broader open source community, a lot will depend on how much Red Hat will be allowed to operate independently. "Red Hat has done a pretty good job of maintaining the open source community," Matters notes. "If Red Hat is allowed to operate independently, I wouldn't see any issues or disruptions for open source security."

If anything, IBM's investment in Red Hat will likely elevate security for enterprises, adds Tim Beerman, CTO at Ensono. Strong security capabilities have become table stakes in today’s environment, and enterprises can expect to see IBM continuing to make investments in the security of any newly acquired platforms.

If regulators and shareholders approve the planned acquisition, Red Hat will become a fully owned IBM subsidiary but will continue to operate as an independent unit within IBM's Hybrid Cloud Group. IBM will maintain Red Hat's current headquarters in Raleigh, N.C., and also all of the company's brands and practices, both companies said in a joint statement. Red Hat CEO Jim Whitehurst will continue to lead the unit, along with members of his current management team. Whitehurst will report directly to IBM CEO Ginni Rometti.

IBM and Red Hat together will have a leading container-based, cloud-native development platform and a very broad portfolio of open source middleware and tools, Forrester analyst Dave Bartoletti said in a statement. "While any acquisition of this size will take time to play out, the combined company will be sure to reshape the open source and cloud platforms market for years to come," he said.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/31/2018 | 10:38:35 PM
Re: RedHat stays RedHat
@Dr.T: I really don't think we're going to see much difference. Red Hat, despite being an open-source firm, is a for-profit company. It was really a matter of time before a more traditional and larger tech firm sunk their teeth into them to help gain a bigger open-source foothold.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/31/2018 | 10:35:56 PM
Re: Reuters
@Dr.T: Sure, but no more than any other big open-source tech firm, more or less. I was just pointing out some of the bad reporting on this when the news initially broke.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:23:15 PM
INM
IBM and Red Hat together will have a leading container-based, cloud-native development platform and a very broad portfolio of open source middleware and tools, I think this is the reason IBM buys RedHat, their cloud solutions.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:21:25 PM
RedHat stays RedHat
Red Hat will become a fully owned IBM subsidiary but will continue to operate as an independent unit within IBM's Hybrid Cloud Group This may nbe good for the industry, we need RedHat stays RedHat
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:19:50 PM
Re: Reuters
Red Hat isn't exactly what one would describe as a security company. Agree. I do not this RedHat is a security company. At the same time all the companies are today probably.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:18:42 PM
Re: Reuters
I think the biggest implication I've see so far: confusion I think they are clear with what they are doing, iBM needs things already used by enterprises, otherwise they will go out of business soon.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:17:13 PM
RedHat
I am not ready that excited about this merge, it is like one dynamic good company will be lost in IBMs complex and slow business.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/29/2018 | 9:21:53 PM
Reuters
I think the biggest implication I've see so far: confusion. After the news broke, Reuters reported that IBM was acquiring "security company Red Hat".

And, of course, Red Hat isn't exactly what one would describe as a security company.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...