I recently attended IBM’s fifth annual Security Summit in New York City, an exclusive event for a who’s who of IBM’s security customers. This is my third year attending, and I always look forward to going for a few reasons: 1) This is a small, targeted half-day security conference — perfect for a forced extroverted misanthrope like me; 2) I can take the train and not feel as guilty about my carbon footprint; 3) IBM recruits the top industry and IBM security presenters to wow its best clients; and 4) it always uses this flagship event to launch some of its most awaited solutions. Last year, it launched its mobile cyber range (Cyber Tactical Operations Center). This year, it launched its multicloud security management and intelligence solution, IBM Cloud Pak for Security.
With IBM Cloud Pak for Security, IBM is making a huge bet that the future of computing will be multicloud and hybrid, and if security leaders thought their footprint of digital assets was difficult to protect now, it’s only going to get far worse. IBM isn’t wrong: Our research comes to these same conclusions. With Cloud Pak, IBM hopes to give security teams a platform through which it can:
- Integrate telemetry from a variety of sources regardless of the hosting model or location. Do you have multiple SIEMs (security information and event management solutions), an EDR (endpoint detection and response), and other security solutions with valuable telemetry hosted in multiple clouds and on-premises? Not a problem — Cloud Pak will allow you to search across all of those repositories for threat indicators as if they were a single data lake. IBM demonstrated this capability, and it impressed. That said, this is a hard problem, so enterprise clients should make sure that IBM proves this outside of a scripted demo.
- Reduce the management complexity of your security estate through integration. The typical large enterprise has dozens and dozens of security controls deployed in their environment, sourced from a plethora of vendors — and, for the most part, they don’t really integrate with each other. This outcome will be the hardest to achieve in the long term. Integrating IBM’s own security controls will likely come first, but to integrate heterogeneous security controls will require partnerships and agreements on standards with other vendors — and we all know how well security vendors love to cooperate with each other.
- Automate and orchestrate security process from the mundane to the more complex. Cloud Pak includes the functionality of IBM Resilient, so there is already a lot of strong security automation and orchestration capabilities built into this offering right out of the gate.
As part of the announcement, IBM repeatedly emphasized how it had built Cloud Pak on Red Hat Enterprise Linux (RHEL) + OpenShift and that it was containerized so that security teams could run it anywhere, on-premises or in any hosting model. I suppose if I had just spent $34 billion on an acquisition, like the proud, exhausted parent of a new puppy or baby, I’d be eager to show her off to everyone who came over. The good news for the security industry is that we are no longer reliant on innovative startups to containerize their security solutions. Larger vendors — in this case, one of the largest — have also taken this approach. Other analysts on the team also wondered if security leaders would care what was under the covers if the solution delivered on the three bulleted outcomes above. Powered by hamsters in tiny jumpsuits running happily on their wheels? Great! Who cares, as long as it delivers on its stated outcomes?
I’ve had a change of heart, however, since attending the summit. Yes, the cloud-native architecture is in fact important for the necessary flexibility to support large clients with hybrid, multicloud environments, but the biggest differentiator, in my opinion, of the RHEL + OpenShift architecture is the infusion of an open source development mentality into IBM Security first and then — hopefully — into the broader security ecosystem. I agree with IBM’s take that the security industry is too closed and too proprietary and that there is a complete lack of standards to support integration. Every control you deploy in your environment is another island of management complexity. And defenders need to collaborate and crowdsource effort as much as attackers do because, right now, they are moving faster than we are, and some of that is because we’ve kept a legacy enterprise mindset to solutions.
In contrast, Red Hat’s culture and motto is enterprise software in an open model. RHEL benefits from a vast open source community that develops upward of 30,000 projects each year (about 3K make it to the software after thorough testing). Imagine if that kind of community of innovation existed for security solutions! IBM is also pushing several alliances and initiatives aimed at improving more interoperability and integration among security vendors with standards including the Open Cybersecurity Alliance, launched initially with McAfee but hopefully will include more vendors (and even enterprises) in time.
Cloud Pak for Security is an exciting announcement, but I’m more excited to see if this is the catalyst that triggers a fundamental shift in the security vendor ecosystem from closed to open, one that fosters a community passionate about uniting against growing and dangerous cyberthreats, not just to our enterprises but to our cities, critical infrastructure, and to individuals and one that does more than maximize profits at all costs or make a boatload of cash selling a startup/feature to the next big portfolio vendor.