Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

10/29/2018
05:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Security Implications of IBM-Red Hat Merger Unclear

But enterprises and open source community likely have little to be concerned about, industry experts say.

The full implications of IBM's planned $34 billion purchase of Red Hat could take several years to play out. But from a security perspective, don't expect the merger to change things very much for enterprises and the open source community, several industry experts said this week.

In a surprise move, IBM on Sunday announced its intention to acquire all issued and outstanding common shares of Red Hat at $190 per share in cash. The deal represents a value of roughly $34 billion and is by far the biggest technology acquisition that IBM has made in its history. In fact, the planned purchase is one of the largest technology deals ever, behind Dell's mammoth $67 billion acquisition of EMC in 2016.

Red Hat is expected to significantly bolster IBM's capabilities in the cloud space, especially in hybrid-cloud environments. The two companies have partnered with each other on Linux initiatives for some 20 years, including most recently on hybrid-cloud and Kubernetes container orchestration technologies.

Many major companies looking to leverage open source software and components currently have Red Hat Linux running on data center servers. Red Hat's OpenShift container application platform, which combines Docker and Kubernetes container technologies, is popular within the developer community and organizations looking to develop applications capable of running in multicloud and hybrid-cloud environments.

The merger will help such enterprises more quickly create, deploy, and manage secure cloud-native business applications that are portable across public and private clouds, the two companies said in a statement.

"IBM is committed to being an authentic multi-cloud provider, and we will prioritize the use of Red Hat technology across multiple clouds," said Arvind Krishna, senior vice president, at IBM Hybrid Cloud. "In doing so, IBM will support open source technology wherever it runs, allowing it to scale significantly within commercial settings around the world."

Analysts say it is far too early to predict how successfully IBM will be able to leverage Red Hat's strength in growing its own cloud business.  

"Cloud security is an essential topic for any customer as they are planning their cloud strategy and looking at migrating applications to the public cloud," says Dennis Gaughan, an analyst with Gartner. "Helping clients with this migration is what IBM highlighted as a key motivation for the deal."

In announcing the planned merger, the two companies highlighted security as a key element that customers want from cloud providers. "But at this point, there are no details as to how the combination of offerings from the two companies will change or improve cloud security as a result of the acquisition," Gaughan says.

In previous years, a merger as big and as complex as this one would likely have entailed a lot of issues, including ones related to security, says Todd Matters, co-founder and chief architect of RackWare. "But cloud has done a good job of raising security parity across different environments," he says.

Regulations such as PCI, HIPAA, and GDPR have also driven broad adoption of a number of security standards and best practices, so merging technologies, data centers, and clouds have become less of a security issue, Matters says.

For the broader open source community, a lot will depend on how much Red Hat will be allowed to operate independently. "Red Hat has done a pretty good job of maintaining the open source community," Matters notes. "If Red Hat is allowed to operate independently, I wouldn't see any issues or disruptions for open source security."

If anything, IBM's investment in Red Hat will likely elevate security for enterprises, adds Tim Beerman, CTO at Ensono. Strong security capabilities have become table stakes in today’s environment, and enterprises can expect to see IBM continuing to make investments in the security of any newly acquired platforms.

If regulators and shareholders approve the planned acquisition, Red Hat will become a fully owned IBM subsidiary but will continue to operate as an independent unit within IBM's Hybrid Cloud Group. IBM will maintain Red Hat's current headquarters in Raleigh, N.C., and also all of the company's brands and practices, both companies said in a joint statement. Red Hat CEO Jim Whitehurst will continue to lead the unit, along with members of his current management team. Whitehurst will report directly to IBM CEO Ginni Rometti.

IBM and Red Hat together will have a leading container-based, cloud-native development platform and a very broad portfolio of open source middleware and tools, Forrester analyst Dave Bartoletti said in a statement. "While any acquisition of this size will take time to play out, the combined company will be sure to reshape the open source and cloud platforms market for years to come," he said.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/31/2018 | 10:38:35 PM
Re: RedHat stays RedHat
@Dr.T: I really don't think we're going to see much difference. Red Hat, despite being an open-source firm, is a for-profit company. It was really a matter of time before a more traditional and larger tech firm sunk their teeth into them to help gain a bigger open-source foothold.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/31/2018 | 10:35:56 PM
Re: Reuters
@Dr.T: Sure, but no more than any other big open-source tech firm, more or less. I was just pointing out some of the bad reporting on this when the news initially broke.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:23:15 PM
INM
IBM and Red Hat together will have a leading container-based, cloud-native development platform and a very broad portfolio of open source middleware and tools, I think this is the reason IBM buys RedHat, their cloud solutions.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:21:25 PM
RedHat stays RedHat
Red Hat will become a fully owned IBM subsidiary but will continue to operate as an independent unit within IBM's Hybrid Cloud Group This may nbe good for the industry, we need RedHat stays RedHat
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:19:50 PM
Re: Reuters
Red Hat isn't exactly what one would describe as a security company. Agree. I do not this RedHat is a security company. At the same time all the companies are today probably.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:18:42 PM
Re: Reuters
I think the biggest implication I've see so far: confusion I think they are clear with what they are doing, iBM needs things already used by enterprises, otherwise they will go out of business soon.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:17:13 PM
RedHat
I am not ready that excited about this merge, it is like one dynamic good company will be lost in IBMs complex and slow business.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/29/2018 | 9:21:53 PM
Reuters
I think the biggest implication I've see so far: confusion. After the news broke, Reuters reported that IBM was acquiring "security company Red Hat".

And, of course, Red Hat isn't exactly what one would describe as a security company.
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12420
PUBLISHED: 2019-12-12
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
CVE-2019-16774
PUBLISHED: 2019-12-12
In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver.
CVE-2018-11805
PUBLISHED: 2019-12-12
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf ...
CVE-2019-5061
PUBLISHED: 2019-12-12
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table att...
CVE-2019-5062
PUBLISHED: 2019-12-12
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of...