Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

4/10/2008
08:30 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

IBM: The Security Business 'Has No Future'

IBM executive tells RSA attendees that the security business is dead - and sustainable business is the future

SAN FRANCISCO -- RSA Conference 2008 – News flash: IBM is getting out of the security business.

“The security business has no future,” Val Rahamani, general manager of IBM ISS and of security and privacy for IBM Global Technology Services, told attendees here yesterday in a keynote address. Rahamani said the security industry as it is today is not sustainable, and that IBM is instead going into the “business of creating sustainable business.”

“The security industry is flying by the seat of its pants,” Rahamani said. “Security infrastructure has been dictated by the bad guys... as new threats arise, we put new products in place. This is an arms race we cannot win.”

Business sustainability is all about building security into systems and processes, she said. “If we really want to get ahead of the threat, we need to start thinking about re-engineering our businesses and processes. We need to make them more secure and compliant by design, and we need to move more security and compliance technologies into the fabric of our standard infrastructure and application environments."

Rahamani didn’t go into detail on IBM’s product plans for this approach, but she did say security companies must sell their customers solutions that assume “everyone is infected” so that they can safely do business, which makes a business sustainable. “It’s time to give up on the fantasy that education and antivirus will cure consumer security woes. It is not up to consumers to protect themselves. It is not their problem. It is our problem, because online commerce is not sustainable if it is not inherently secure. And the only way to make it inherently secure is to take ownership of the security problem.”

Fighting Trojans, worms, insider attacks, and outsider attacks one by one is futile, she said.

But there’s no way to stop chasing the threats, says Jeremiah Grossman, CTO of WhiteHat Security. "When you go into this room, how can you make sense of any of it? It takes a genius to bucketize it all," said Grossman outside the exhibit hall here today. "We’ll never get away from chasing the threats around."

The sustainable business approach makes sense for IBM, he says, given its existing business continuity service offerings.

IBM’s Rahamani, who recently replaced the now-retired IBM ISS co-founder Thomas Noonan, also talked about how the industry is in another transformational period, not unlike the emergence of the PC 25 years ago, and then LANs and WANs 20 years ago. “Ten years ago, it was the emergence of Internet-based computing. Today, it is the advent of secure Internet-based computing,” she said.

But Internet-based computing is not secure, she said, and is actually getting less secure all of the time. “Security is a big problem right now [with Internet-based computing], but we will innovate and solve it, just as we have in the past.”

Rahamani said that when she speaks to CSOs about threat statistics such as 7 percent of the world’s computers are infected, it doesn’t faze them. “But when I say, ‘The Storm botnet could already shut down your company if it so chose. So what are we going to do when 20 percent of the world’s computers are infected?’ they sit up in their seats.”

It’s all about putting security into the context of business operations, she said. “Parasitic threats are only a metaphor for the greater issue -- there will always be new threats to business sustainability, ranging from parasites to regulations to insiders to global politics. We cannot achieve true sustainability if we continue to focus on individual threats. We can only achieve true sustainability if we design security and continuity into our processes from the beginning.”

“The traditional security industry is simply not sustainable... We have a historic opportunity to change our mindset from IT security to secure business. We have the technology, services, and expertise available today to create truly sustainable business, even in a world where we assume everyone is infected.”

“The security industry is dead,” Rahamani said. “Long live sustainability.”

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • IBM Corp. (NYSE: IBM)
  • WhiteHat Security

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 8/10/2020
    Researcher Finds New Office Macro Attacks for MacOS
    Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
    Hacking It as a CISO: Advice for Security Leadership
    Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Changing Face of Threat Intelligence
    The Changing Face of Threat Intelligence
    This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-15596
    PUBLISHED: 2020-08-12
    The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.
    CVE-2020-15868
    PUBLISHED: 2020-08-12
    Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
    CVE-2020-17362
    PUBLISHED: 2020-08-12
    search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
    CVE-2020-17449
    PUBLISHED: 2020-08-12
    PHP-Fusion 9.03 allows XSS via the error_log file.
    CVE-2020-17450
    PUBLISHED: 2020-08-12
    PHP-Fusion 9.03 allows XSS on the preview page.