The Security Business 'Has No Future'

IBM is getting out of the security business. “The security business has no future,” Val Rahamani, general manager of IBM ISS and of security and privacy for IBM Global Technology Services, told attendees here yesterday in a keynote address. Rahamani said the security industry as it is today is not sustainable, and that IBM is instead going into the “business of creating sustainable business.”

“The security industry is flying by the seat of its pants,” Rahamani said. “Security infrastructure has been dictated by the bad guys... as new threats arise, we put new products in place. This is an arms race we cannot win.”

Business sustainability is all about building security into systems and processes, she said. “If we really want to get ahead of the threat, we need to start thinking about re-engineering our businesses and processes. We need to make them more secure and compliant by design, and we need to move more security and compliance technologies into the fabric of our standard infrastructure and application environments."

Rahamani didn’t go into detail on IBM’s product plans for this approach, but she did say security companies must sell their customers solutions that assume “everyone is infected” so that they can safely do business, which makes a business sustainable. “It’s time to give up on the fantasy that education and antivirus will cure consumer security woes. It is not up to consumers to protect themselves. It is not their problem. It is our problem, because online commerce is not sustainable if it is not inherently secure. And the only way to make it inherently secure is to take ownership of the security problem.”

Fighting Trojans, worms, insider attacks, and outsider attacks one by one is futile, she said.