
IBM CEO Arvind Krishna—who calls cybersecurity the “biggest issue” of the next two decades—said he feels “sorry” for SolarWinds, which has been hit hard by what is considered one of the most damaging cyberattacks in the history of computing.
“First of all, I feel sorry for them [SolarWinds] because it was a really sophisticated and a vicious attack; it went on over a long period of time,” he said, referring to the SolarWinds breach that took place in December and has reverberated throughout the technology landscape, including Microsoft. “So to the best of our knowledge, we were not impacted. I’ll just leave it at that.”
The lesson from the SolarWinds breach is that the technology industry has a lot of work to do, said Krishna. “You always should be paranoid, you always should be very, very careful.”
It’s a “massive investment” for companies like IBM to stay secure in the current threat landscape, said Krishna. “If I took away that investment I would probably add multiple points to IBM’s bottom line. But I would be then afraid if something happens maybe the whole business goes away. It is a huge cost of doing business.”
[RELATED: IBM CEO Arvind Krishna’s 10 Boldest Statements From CRN’s Exclusive Interview]
IBM has had rigorous “secure engineering practices” for multiple decades, said Krishna. “You have got to make sure that your code supply chain is really, really secure,” he said. “Because when you are a provider to banks and governments and health-care providers, you don’t want to be the source of carrying infections and malware and all those things.”
IBM has a long history of secure engineering practices, said Krishna. “Secure engineering practices are fundamental to us,” he said. “It is how we build our mainframe. It is how we build our software. It is how we build Linux. You have got to go do that. We work very deeply, by the way, with all of the agencies, both government and private sector who do these things to try to make sure we stay ahead of the vulnerabilities.”
IBM has long established best-in-class secure engineering practices centered on “code signing” and “encryption” with regard not just to data but to how software is built, said Krishna.
That is no small matter in a software landscape where some software products have “30,000 other packages embedded in them,” said Krishna. “Now whenever something happens you have got to grab the latest version of one of those packages and put it in there. So you have got to have the discipline to make sure that you are not getting lazy and letting something filter in.”
The bad actors wait for the “one open door or window” and then use that to get access to the entire building, said Krishna. “That’s exactly what happened here [with the SolarWinds breach],” he said.
As to just how important security is going forward, Krishna said the cybersecurity wars takings place between nation states is a sign of just how valuable data and information is in the current geopolitical environment.
“The world goes through these phases around what is valuable,” he said. “So why did people fight physical wars [in the past]? You fought physical wars because you wanted their land and their factories. The land to grow crops and by the World War II time you wanted the economic benefit of the factories and the people. Today that is irrelevant. What you want is the IP and the data. So you don’t fight physical wars anymore. You fight cybersecurity wars.”
Given that paradigm shift, all businesses must “step up” to meet the cybersecurity challenge, said Krishna. “We all spend money on policing,” he said. “We all spend money on locks and gates and doors. You are going to have to spend a lot more on cybersecurity because all of that other stuff is not that important anymore.”
IBM has one of the “biggest security businesses” of any technology company considering its combined software and services security footprint, said Krishna. “We intend to keep investing in that,” he said. “I see a lot of opportunity for growth in there for us.”
John O’Shea, president of distribution behemoth Tech Data, which is partnering with IBM on hybrid cloud and AI, said he sees IBM’s security prowess as a big advantage for partners.
Tech Data, in fact, is offering IBM’s Cloud Pak for Security as part of its Cyber Range, a virtual environment for training and testing security procedures.
“The security opportunity is all around us right now, so our ability to enable more of our partners to leverage these technologies is just going to help with the adoption of hybrid cloud,” said O’Shea.
Mark Wyllie, CEO of Flagship Solutions Group, a Boca Raton, Fla.-based IBM cloud partner, is betting big on IBM’s QRadar On Cloud (QRoc) threat intelligence platform.
“A little-known fact is that IBM is the No. 1 security provider,” said Wyllie, who expects drive double-digit growth in his IBM security practice. “They need to do a better job marketing their security technology.”
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

EPOS
EPOS

Fujifilm
Fujifilm

Dell Technologies
Dell Technologies Storage Learning Center

Mimecast
Mimecast

Carbonite
Cloud Storage 360

Application Integration 360

Hitachi Vantara
Hitachi Vantara

Dell Technologies
Dell Technologies Cloud Learning Center

Tenable
Cyber Risk 360

Webroot
Webroot Learning Center

NPD
Industry Trends 360

BlackBerry
BlackBerry Learning Center

Symantec
Symantec Business Security Learning Center

Sherweb
Sherweb

Acer
Remote Workforce 360

APC by Schneider Electric
Digital Services for Edge Learning Center

Channel Chief Showcase

StorageCraft
Disaster Recovery Learning Center

Vertiv
Edge Computing Learning Center

Wasabi
Wasabi

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Cradlepoint
5g for Business 360

Comm100
Collaboration & Communications 360

Veeam
Veeam

Smart 3rd Party
3rd Party Maintenance 360

Sophos
Sophos Cybersecurity Learning Center

Trend Micro
Trend Micro Learning Center

VMware

Dell Technologies
Dell Technologies Server Learning Center

HubStor
Cloud Backup 360

eSentire
Managed Detection and Response 360
