Intel’s purchase yesterday of security software maker McAfee, detailed in this News.com story, signals a shift in the tech industry’s view of how to better secure computers, networks, and software programs: Security has to be built in, rather than added on later. It’s the concept of “secure by design.”
At IBM, the secure-by-design concept extends to encompass our Smarter Planet agenda. These days, its not enough to secure the traditional computing infrastructure. You’ve got to protect all of the devices and networks that are now being used to monitor, manage, and analyze everything from smart electrical grids to health care systems. “All of the physical assets of the world are becoming digitized, instrumented, interconnected and intelligent,” says Kristin Lovejoy, head of IBM security strategy. “But the sad reality is that as people develop and design these new technologies they’re not thinking enough about the issue of security. These devices are so critical that if they’re unavailable or if they’re tampered with, it could have a significant negative impact on an individual or a large population.”
When security is an afterthought, it tends to be expensive and not that effective. Plus, organizations typically find out about a vulnerability after it has already been exploited by malicious software programs.
We believe that only by designing products to be secure can organizations gain the protection they need at a reasonable price. With that principle in mind, IBM has established what we call a secure engineering framework. It’s a set of specifications that we are beginning to use in all of our design processes, for hardware and software alike.
Now that the world’s critical infrastructure is being wired and networked, security is becoming more important than ever before. Business-as-usual in the tech industry isn’t good enough any more.