Arsgera - Fotolia
A case of deja vu at VMworld
The idea that the security market is broken is something that Billy MacInnes thinks he has heard before
As I was unable able to attend VMworld Europe this year, I was interested to catch up with the goings on at the event . However, having read the MicroScope report of CEO Pat Gelsinger’s keynote, I couldn’t escape a powerful feeling of deja vu.
“VMware boss takes swipe at ‘broken’ security market”, said the headline, reporting that Gelsinger told the audience: “Today security is broken. You are spending the largest portion and the largest growth of the IT budget in the industry today is security and the cost and the number of breaches is increasing more rapidly than security spend…we need less security products and much more security.”
While I have no disagreement with the substance of his comments at all (who would?), I’m not sure they provide any advance on what he had to say at a press briefing at VMworld Europe 2017 where he claimed security was “the most important topic of them all” and described it as the “fastest growing line item in the IT budget”.
At that briefing, he stated “something's broken, something's terribly wrong” and admitted the “IT industry has failed our customers”. He went on to say that there was a need to try and “flip the security model on its head”
At VMworld Europe this year, he told delegates: “We need to turn the industry on its head and think about security in a fundamentally different way.”
Gelsinger argued that it made more sense to build protection that works on the application layer, profiling apps and determining a baseline for normal behaviour, rather than have to increasingly patch security products onto the environment, a perfectly sensible notion but, as with all sensible notions, not quite as easy as it sounds, purely because organisations are not starting with a clean slate. That doesn’t mean the environment can’t be adapted over time but for many organisations it’s not an overnight phenomenon.
Nevertheless, the fact that Gelsinger was effectively repeating himself 13 months after VMworld Europe 2017, suggests there is still quite a way to go before the industry adopts the new model of security that he is proposing. It will be interesting (and slightly concerning), if he ends up echoing this year’s comments at VMworld Europe 2019.