IBM: The Security Business 'Has No Future'

IBM executive tells RSA attendees that the security business is dead - and sustainable business is the future

SAN FRANCISCO -- RSA Conference 2008 – News flash: IBM is getting out of the security business.

“The security business has no future,” Val Rahamani, general manager of IBM ISS and of security and privacy for IBM Global Technology Services, told attendees here yesterday in a keynote address. Rahamani said the security industry as it is today is not sustainable, and that IBM is instead going into the “business of creating sustainable business.”

“The security industry is flying by the seat of its pants,” Rahamani said. “Security infrastructure has been dictated by the bad guys... as new threats arise, we put new products in place. This is an arms race we cannot win.”

Business sustainability is all about building security into systems and processes, she said. “If we really want to get ahead of the threat, we need to start thinking about re-engineering our businesses and processes. We need to make them more secure and compliant by design, and we need to move more security and compliance technologies into the fabric of our standard infrastructure and application environments."

Rahamani didn’t go into detail on IBM’s product plans for this approach, but she did say security companies must sell their customers solutions that assume “everyone is infected” so that they can safely do business, which makes a business sustainable. “It’s time to give up on the fantasy that education and antivirus will cure consumer security woes. It is not up to consumers to protect themselves. It is not their problem. It is our problem, because online commerce is not sustainable if it is not inherently secure. And the only way to make it inherently secure is to take ownership of the security problem.”

Fighting Trojans, worms, insider attacks, and outsider attacks one by one is futile, she said.

But there’s no way to stop chasing the threats, says Jeremiah Grossman, CTO of WhiteHat Security. "When you go into this room, how can you make sense of any of it? It takes a genius to bucketize it all," said Grossman outside the exhibit hall here today. "We’ll never get away from chasing the threats around."

The sustainable business approach makes sense for IBM, he says, given its existing business continuity service offerings.

IBM’s Rahamani, who recently replaced the now-retired IBM ISS co-founder Thomas Noonan, also talked about how the industry is in another transformational period, not unlike the emergence of the PC 25 years ago, and then LANs and WANs 20 years ago. “Ten years ago, it was the emergence of Internet-based computing. Today, it is the advent of secure Internet-based computing,” she said.

But Internet-based computing is not secure, she said, and is actually getting less secure all of the time. “Security is a big problem right now [with Internet-based computing], but we will innovate and solve it, just as we have in the past.”

Rahamani said that when she speaks to CSOs about threat statistics such as 7 percent of the world’s computers are infected, it doesn’t faze them. “But when I say, ‘The Storm botnet could already shut down your company if it so chose. So what are we going to do when 20 percent of the world’s computers are infected?’ they sit up in their seats.”

It’s all about putting security into the context of business operations, she said. “Parasitic threats are only a metaphor for the greater issue -- there will always be new threats to business sustainability, ranging from parasites to regulations to insiders to global politics. We cannot achieve true sustainability if we continue to focus on individual threats. We can only achieve true sustainability if we design security and continuity into our processes from the beginning.”

“The traditional security industry is simply not sustainable... We have a historic opportunity to change our mindset from IT security to secure business. We have the technology, services, and expertise available today to create truly sustainable business, even in a world where we assume everyone is infected.”

“The security industry is dead,” Rahamani said. “Long live sustainability.”

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights