Cloud

10/29/2018
05:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Security Implications of IBM-Red Hat Merger Unclear

But enterprises and open source community likely have little to be concerned about, industry experts say.

The full implications of IBM's planned $34 billion purchase of Red Hat could take several years to play out. But from a security perspective, don't expect the merger to change things very much for enterprises and the open source community, several industry experts said this week.

In a surprise move, IBM on Sunday announced its intention to acquire all issued and outstanding common shares of Red Hat at $190 per share in cash. The deal represents a value of roughly $34 billion and is by far the biggest technology acquisition that IBM has made in its history. In fact, the planned purchase is one of the largest technology deals ever, behind Dell's mammoth $67 billion acquisition of EMC in 2016.

Red Hat is expected to significantly bolster IBM's capabilities in the cloud space, especially in hybrid-cloud environments. The two companies have partnered with each other on Linux initiatives for some 20 years, including most recently on hybrid-cloud and Kubernetes container orchestration technologies.

Many major companies looking to leverage open source software and components currently have Red Hat Linux running on data center servers. Red Hat's OpenShift container application platform, which combines Docker and Kubernetes container technologies, is popular within the developer community and organizations looking to develop applications capable of running in multicloud and hybrid-cloud environments.

The merger will help such enterprises more quickly create, deploy, and manage secure cloud-native business applications that are portable across public and private clouds, the two companies said in a statement.

"IBM is committed to being an authentic multi-cloud provider, and we will prioritize the use of Red Hat technology across multiple clouds," said Arvind Krishna, senior vice president, at IBM Hybrid Cloud. "In doing so, IBM will support open source technology wherever it runs, allowing it to scale significantly within commercial settings around the world."

Analysts say it is far too early to predict how successfully IBM will be able to leverage Red Hat's strength in growing its own cloud business.  

"Cloud security is an essential topic for any customer as they are planning their cloud strategy and looking at migrating applications to the public cloud," says Dennis Gaughan, an analyst with Gartner. "Helping clients with this migration is what IBM highlighted as a key motivation for the deal."

In announcing the planned merger, the two companies highlighted security as a key element that customers want from cloud providers. "But at this point, there are no details as to how the combination of offerings from the two companies will change or improve cloud security as a result of the acquisition," Gaughan says.

In previous years, a merger as big and as complex as this one would likely have entailed a lot of issues, including ones related to security, says Todd Matters, co-founder and chief architect of RackWare. "But cloud has done a good job of raising security parity across different environments," he says.

Regulations such as PCI, HIPAA, and GDPR have also driven broad adoption of a number of security standards and best practices, so merging technologies, data centers, and clouds have become less of a security issue, Matters says.

For the broader open source community, a lot will depend on how much Red Hat will be allowed to operate independently. "Red Hat has done a pretty good job of maintaining the open source community," Matters notes. "If Red Hat is allowed to operate independently, I wouldn't see any issues or disruptions for open source security."

If anything, IBM's investment in Red Hat will likely elevate security for enterprises, adds Tim Beerman, CTO at Ensono. Strong security capabilities have become table stakes in today’s environment, and enterprises can expect to see IBM continuing to make investments in the security of any newly acquired platforms.

If regulators and shareholders approve the planned acquisition, Red Hat will become a fully owned IBM subsidiary but will continue to operate as an independent unit within IBM's Hybrid Cloud Group. IBM will maintain Red Hat's current headquarters in Raleigh, N.C., and also all of the company's brands and practices, both companies said in a joint statement. Red Hat CEO Jim Whitehurst will continue to lead the unit, along with members of his current management team. Whitehurst will report directly to IBM CEO Ginni Rometti.

IBM and Red Hat together will have a leading container-based, cloud-native development platform and a very broad portfolio of open source middleware and tools, Forrester analyst Dave Bartoletti said in a statement. "While any acquisition of this size will take time to play out, the combined company will be sure to reshape the open source and cloud platforms market for years to come," he said.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/31/2018 | 10:38:35 PM
Re: RedHat stays RedHat
@Dr.T: I really don't think we're going to see much difference. Red Hat, despite being an open-source firm, is a for-profit company. It was really a matter of time before a more traditional and larger tech firm sunk their teeth into them to help gain a bigger open-source foothold.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/31/2018 | 10:35:56 PM
Re: Reuters
@Dr.T: Sure, but no more than any other big open-source tech firm, more or less. I was just pointing out some of the bad reporting on this when the news initially broke.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:23:15 PM
INM
IBM and Red Hat together will have a leading container-based, cloud-native development platform and a very broad portfolio of open source middleware and tools, I think this is the reason IBM buys RedHat, their cloud solutions.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:21:25 PM
RedHat stays RedHat
Red Hat will become a fully owned IBM subsidiary but will continue to operate as an independent unit within IBM's Hybrid Cloud Group This may nbe good for the industry, we need RedHat stays RedHat
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:19:50 PM
Re: Reuters
Red Hat isn't exactly what one would describe as a security company. Agree. I do not this RedHat is a security company. At the same time all the companies are today probably.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:18:42 PM
Re: Reuters
I think the biggest implication I've see so far: confusion I think they are clear with what they are doing, iBM needs things already used by enterprises, otherwise they will go out of business soon.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/31/2018 | 1:17:13 PM
RedHat
I am not ready that excited about this merge, it is like one dynamic good company will be lost in IBMs complex and slow business.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/29/2018 | 9:21:53 PM
Reuters
I think the biggest implication I've see so far: confusion. After the news broke, Reuters reported that IBM was acquiring "security company Red Hat".

And, of course, Red Hat isn't exactly what one would describe as a security company.
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20029
PUBLISHED: 2018-12-10
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-1279
PUBLISHED: 2018-12-10
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ...
CVE-2018-15800
PUBLISHED: 2018-12-10
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
CVE-2018-15805
PUBLISHED: 2018-12-10
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
CVE-2018-16635
PUBLISHED: 2018-12-10
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.