Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

10/29/2018
05:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Security Implications of IBM-Red Hat Merger Unclear

But enterprises and open source community likely have little to be concerned about, industry experts say.

The full implications of IBM's planned $34 billion purchase of Red Hat could take several years to play out. But from a security perspective, don't expect the merger to change things very much for enterprises and the open source community, several industry experts said this week.

In a surprise move, IBM on Sunday announced its intention to acquire all issued and outstanding common shares of Red Hat at $190 per share in cash. The deal represents a value of roughly $34 billion and is by far the biggest technology acquisition that IBM has made in its history. In fact, the planned purchase is one of the largest technology deals ever, behind Dell's mammoth $67 billion acquisition of EMC in 2016.

Red Hat is expected to significantly bolster IBM's capabilities in the cloud space, especially in hybrid-cloud environments. The two companies have partnered with each other on Linux initiatives for some 20 years, including most recently on hybrid-cloud and Kubernetes container orchestration technologies.

Many major companies looking to leverage open source software and components currently have Red Hat Linux running on data center servers. Red Hat's OpenShift container application platform, which combines Docker and Kubernetes container technologies, is popular within the developer community and organizations looking to develop applications capable of running in multicloud and hybrid-cloud environments.

The merger will help such enterprises more quickly create, deploy, and manage secure cloud-native business applications that are portable across public and private clouds, the two companies said in a statement.

"IBM is committed to being an authentic multi-cloud provider, and we will prioritize the use of Red Hat technology across multiple clouds," said Arvind Krishna, senior vice president, at IBM Hybrid Cloud. "In doing so, IBM will support open source technology wherever it runs, allowing it to scale significantly within commercial settings around the world."

Analysts say it is far too early to predict how successfully IBM will be able to leverage Red Hat's strength in growing its own cloud business.  

"Cloud security is an essential topic for any customer as they are planning their cloud strategy and looking at migrating applications to the public cloud," says Dennis Gaughan, an analyst with Gartner. "Helping clients with this migration is what IBM highlighted as a key motivation for the deal."

In announcing the planned merger, the two companies highlighted security as a key element that customers want from cloud providers. "But at this point, there are no details as to how the combination of offerings from the two companies will change or improve cloud security as a result of the acquisition," Gaughan says.

In previous years, a merger as big and as complex as this one would likely have entailed a lot of issues, including ones related to security, says Todd Matters, co-founder and chief architect of RackWare. "But cloud has done a good job of raising security parity across different environments," he says.

Regulations such as PCI, HIPAA, and GDPR have also driven broad adoption of a number of security standards and best practices, so merging technologies, data centers, and clouds have become less of a security issue, Matters says.

For the broader open source community, a lot will depend on how much Red Hat will be allowed to operate independently. "Red Hat has done a pretty good job of maintaining the open source community," Matters notes. "If Red Hat is allowed to operate independently, I wouldn't see any issues or disruptions for open source security."

If anything, IBM's investment in Red Hat will likely elevate security for enterprises, adds Tim Beerman, CTO at Ensono. Strong security capabilities have become table stakes in today’s environment, and enterprises can expect to see IBM continuing to make investments in the security of any newly acquired platforms.

If regulators and shareholders approve the planned acquisition, Red Hat will become a fully owned IBM subsidiary but will continue to operate as an independent unit within IBM's Hybrid Cloud Group. IBM will maintain Red Hat's current headquarters in Raleigh, N.C., and also all of the company's brands and practices, both companies said in a joint statement. Red Hat CEO Jim Whitehurst will continue to lead the unit, along with members of his current management team. Whitehurst will report directly to IBM CEO Ginni Rometti.

IBM and Red Hat together will have a leading container-based, cloud-native development platform and a very broad portfolio of open source middleware and tools, Forrester analyst Dave Bartoletti said in a statement. "While any acquisition of this size will take time to play out, the combined company will be sure to reshape the open source and cloud platforms market for years to come," he said.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/31/2018 | 10:38:35 PM
Re: RedHat stays RedHat
@Dr.T: I really don't think we're going to see much difference. Red Hat, despite being an open-source firm, is a for-profit company. It was really a matter of time before a more traditional and larger tech firm sunk their teeth into them to help gain a bigger open-source foothold.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/31/2018 | 10:35:56 PM
Re: Reuters
@Dr.T: Sure, but no more than any other big open-source tech firm, more or less. I was just pointing out some of the bad reporting on this when the news initially broke.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:23:15 PM
INM
IBM and Red Hat together will have a leading container-based, cloud-native development platform and a very broad portfolio of open source middleware and tools, I think this is the reason IBM buys RedHat, their cloud solutions.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:21:25 PM
RedHat stays RedHat
Red Hat will become a fully owned IBM subsidiary but will continue to operate as an independent unit within IBM's Hybrid Cloud Group This may nbe good for the industry, we need RedHat stays RedHat
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:19:50 PM
Re: Reuters
Red Hat isn't exactly what one would describe as a security company. Agree. I do not this RedHat is a security company. At the same time all the companies are today probably.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:18:42 PM
Re: Reuters
I think the biggest implication I've see so far: confusion I think they are clear with what they are doing, iBM needs things already used by enterprises, otherwise they will go out of business soon.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:17:13 PM
RedHat
I am not ready that excited about this merge, it is like one dynamic good company will be lost in IBMs complex and slow business.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/29/2018 | 9:21:53 PM
Reuters
I think the biggest implication I've see so far: confusion. After the news broke, Reuters reported that IBM was acquiring "security company Red Hat".

And, of course, Red Hat isn't exactly what one would describe as a security company.
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17210
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
CVE-2019-12934
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
CVE-2019-9229
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can...
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
CVE-2019-13569
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.