The story starts with an acceptance within the company that it has not been making the most of its own security credentials. IBM has a long history of thought leadership in security, stretching back to its involvement in the development of the first encryption standard, DES, in the early 1970s. But IBM is not usually the first name that comes to mind when you think ‘security’. It is this that Martin Borrett intends to change.
Borrett is the Director of the IBM Institute for Advanced Security in Europe, founded at the beginning of last year and centered in Brussels. He told Infosecurity how IBM has been strengthening its security stance through internal development and external acquisitions, culminating in January 2012 with the purchase of Q1 Labs. This, he said “added a capability that was missing from our security framework – it provide IBM’s security intelligence platform.” It is that security intelligence that underpins much of IBM’s new holistic approach.
But there are two other pieces to this jigsaw. Firstly, computing is going through a huge upheaval – it is migrating from the computer room to the cloud; and it is changing from structured databases to mixed structured/unstructured big data. In neither of these areas is business yet adequately served. Much of the existing and established security is based on perimeter defense; but the cloud removes perimeters, or at least replaces one perimeter with multiple perimeters. There are few solutions for the cloud and big data – there’s Hadoop, but Hadoop yet has few applications to use it.
The second aspect is just the timing. “Last year,” Borrett told Infosecurity, “was a very significant year for us because there were so many significant and very public breaches that affected very well known brands. That ultimately has driven security to become much more of a boardroom discussion - including our own boardroom. And that has resulted in us creating a Security Systems Division focused on technology and software, which became effective on 1 January this year. It is the Security Systems Division that has pulled together much of the security technology that existed within IBM - and this has all been brought together into a single focus group resulting in the new holistic approach to security we’re announcing today.”
These two factors, the right time and the right opportunity, have combined with IBM’s hidden strength in depth to result in these new product announcements, which especially focus on enterprise use of the cloud. Noticeably, for example, they bring security to Hadoop, with real time monitoring and automated compliance reporting for Hadoop-based systems such as InfoSphere BigInsights and Cloudera. And improvements to data encryption management allow organizations to automate key recovery and support the latest version of the Key Management Interoperability Protocol (KMIP) standard.
But perhaps the real importance today is not so much these specific announcements – certainly important in themselves – but the clear statement that IBM is now focusing its unrivaled history and expertise on security in general, and the cloud in particular.