Cyber security is next frontier for open source
By Aaron Tan
Open security will facilitate the interoperability and capabilities of cyber security tools while alleviating vendor lock-in for enterprises, says IBM. Cyber security is the next frontier for the open source development model that will improve security visibility and bring different security silos together, according to an IBM Security expert.
Speaking at the recent IBM Security Virtual Summit 2020 in ASEAN, Justin Youngblood, vice-president for IBM Security, said like most IT environments, the security landscape in many organisations is often dotted with security tools that protect a plethora of workloads on the cloud and in the datacentre.
As a result, security teams have been overwhelmed in trying to put together disconnected tools that generate a lot of data but without insights, leaving organisations with little resources left to adequately protect themselves against cyber attacks. “As an industry, we have to reimagine security,” Youngblood said. “We need a different approach than the one that got us here. We must improve security visibility, we must respond faster to the growing threat landscape, we must embed security into and keep up with the pace of business transformation.”
Youngblood suggested that the only viable path forward was to rebase security on the principles of open source, which has proven to be successful in projects like the Linux operating system that powers most of the world’s servers. Open security comprises four dimensions – open standards to facilitate interoperability between security tools; open source code to fill gaps in security products and to create new capabilities; the use of analytics and threat intelligence, as well as sharing of best practices.
Together, they would help to tear down security silos and enable the industry to innovate more rapidly and source ideas from the community, Youngblood said. For enterprises, open security means they will no longer be forced to rely on a single supplier, or just their own developers and security experts, Youngblood said. “You have an entire community lined up in support of a particular standard and to deliver open source codes and technologies,” he added.
Open security will also result in more secure code, as all contributors can review and innovate on the same code base, improve it and share that technology to identify and mediate problems much faster than traditional means. “Having more eyes and a variety of perspectives involved in the development provides more opportunities for improving the code and making it more secure,” Youngblood added.
Efforts are already underway to promote the use of open source development in security. In October 2019, the Open Cybersecurity Alliance was formed to foster an open ecosystem in which products from security suppliers can freely exchange information and insights, as well as orchestrate responses – all underpinned by technology and data standards. Youngblood stressed, however, that the security benefits of open source development are only as effective as the strength of the community and suppliers that are backing the project.
“Having a strong community of reputable organisations that are actively working together gives users confidence in the security of these technologies. Open source technologies with strong community backing have gained trust with users and have seen huge adoption as a result.”