IBM Thinks the Securiy Business is Dead
At the RSA Conference 2008 taking place in San Francisco, IBM stated they are going to leave the security business to start providing sustainable solutions instead. This declaration has been given by Val Rahamani, general manager of IBM ISS and of security and privacy for IBM Global Technology Services and then quoted by Dark Reading:
The security industry is flying by the seat of its pants,” Rahamani said. “Security infrastructure has been dictated by the bad guys… as new threats arise, we put new products in place. This is an arms race we cannot win.”
So, how does IBM define the creation of sustainable business?
Business sustainability is all about building security into systems and processes, she said. “If we really want to get ahead of the threat, we need to start thinking about re-engineering our businesses and processes. We need to make them more secure and compliant by design, and we need to move more security and compliance technologies into the fabric of our standard infrastructure and application environments.”
“It’s time to give up on the fantasy that education and antivirus will cure consumer security woes. It is not up to consumers to protect themselves. It is not their problem. It is our problem, because online commerce is not sustainable if it is not inherently secure. And the only way to make it inherently secure is to take ownership of the security problem.”
Fighting Trojans, worms, insider attacks, and outsider attacks one by one is futile, she said.
Interesting approach indeed! However, I can’t help noticing how the security industry is limited to antivirus applications (antispam solutions are not even mentioned). In a technological world where most security solutions are moving towards standard compliance, where niche security fields, such as endpoint security, stress the need to manage threats and benefit from advantages instead of blocking threats and benefits alike, the IBM position seems to come a bit late. IT security is definitely more than trying to keep viruses away, maybe someone should tell IBM about it.
April 17th, 2008 at 3:04 pm
Most interesting hypothesis from Val and just as provoking as the “de-perimeterization” hypothesis. They have not much in common, but both of them leave the room for mitigating solutions wide open and empty.
I found that sustainability is one of the main characteristics of a good architecture hence also of a good security architecture.
Openness is another important characteristic of architecture hence I recommend to “Val Rahamani” that she takes a look at “OPENSECURITYARCHITECTURE.ORG”.
BR
Claudio