The symptoms are all around us: Security spending is growing three times faster than IT spending. Almost half of this spending is on people to manage the ever more complex security infrastructure. But despite the record spending on people and equipment, security breaches and other problems dominate the headlines. According to Javelin Strategy and Research, identity theft cost consumers $45 billion last year. Add it all up and it's clear: the security business is not keeping up with business, or security.
To date, the “security industry” answer to new threats has been to develop a new point product for each threat. And as threats proliferate, so do the point products. Today, we've reached the point where point product proliferation has made security untenable – the costs and complexity have created an environment where enterprises are easy pickings for professional organized criminals. This also has put security professionals in a terrible bind – they spend so much time managing infrastructure that they can't focus on the areas where they can truly add value – using their knowledge of the business to enable new secure processes and capabilities.
So, what's the industry to do? For one, we all need to get out of the security business as it exists today – it simply does not work. We need to get into the business sustainability business. Security can no longer be an afterthought, lagging behind the deployment of the newest systems and technologies, appearing only when threats to those technologies are already causing damage. Security needs to be a part of the technology itself. We don't need to add security to VoIP and virtualization. We need secure VoIP and secure virtualization. Security needs to be intrinsic to the technology.
Making security technology intrinsic to the business means getting out of the business of security and into the business sustainability line of work. It means having the CSO take a more holistic view of what the business is trying to accomplish and making sure security is stitched into that fabric. In doing this, CSOs can take a real seat at the C-level table, because security will be a part of understanding and mitigating risk – not hindering growth, but enabling it.
Val Rahmani is general manager of Internet Security Systems (ISS) in IBM Global Technology Services. She is responsible for the strategic direction, growth and integration of ISS products, services and research into IBM's overall security offerings.
Rahmani has managed diverse areas of IBM's business, from developing the company's overall strategy, with an emphasis on Sales and Distribution and Services units, to running IBM's UNIX business and its fast-growing wireless and mobile initiatives. In the 1990's, Rahmani held numerous positions at IBM, including vice president of sales for the Communications Sector in Europe, and vice president of High End Systems Sales for IBM in Europe.
Rahmani holds a doctorate in chemistry from Oxford University in England. She joined IBM as a Systems Engineer based in London.