VMware's CEO has a vision that should terrify the security industry: 'Start getting rid of products'
VMwareVMware CEO Pat Gelsinger
- In an interview on Monday at the Best of Breed conference, VMware CEO Pat Gelsinger said that right now, companies are using too many security products - grim tidings for anybody trying to sell security products to those companies.
- By using multiple products, they're creating more cracks in their security infrastructure, where attackers could hypothetically get in.
- Gelsinger says the goal is to reduce the number of security products used to help protect VMware itself down to 15.
- To do this, VMWare will build more security features directly into its own products.
The problem with the security industry, says VMWare CEO Pat Gelsinger, is that companies are using too many security products. If you want to be more secure, he says, "start getting rid of products."
Indeed, Gelsinger's big idea for disrupting cybersecurity is to get companies using fewer security products, and rely more on products that already have security baked in, he said in an interview with CRN on Monday at the 2018 Best of Breed conference in Philadelphia.
About two years ago, VMWare used 30 security products to protect its own employees and systems from cyberattack, but now it uses fewer than 20. The lesson, he says, is that VMware is now both more secure, and less reliant on piling on new tools from outside vendors.
"Your customers are looking for more and just giving them another warm blanket, expecting that's going to stop bullets doesn't do it," Gelsinger said. "Your customers want less products, they want more value - and particularly in the security area that's true. We think VMware is a critical component of that as you're building those capabilities."
Gelsinger says the goal is to reduce VMware's usage of security products even further, down to 15 security solutions, which the company will do by building more basic security functions and encryption directly into its own products, including NSX, vSan and AppDefense. That vision could be bad news for the very many security startups out there, who are all selling to a finite number of businesses in the world.
Having fewer security products may seem counterintuitive as a way to fight cyberattack, but too many security products can create opportunity for attackers. A complicated, patchwork security infrastructure can slow down the detection of threats and makes it easier for attackers to find and exploit any software vulnerabilities. The average enterprise deploys 75 different security products, according to SafeBreach, an internet security company. Gelsinger also cited a meeting he had with a CIO of a top bank, who said that his company uses 250 security vendors.
"How do you make all that work, right? The patches of the patches, and integration-it's just nuts and that has got to get much simpler," Gelsinger said.
It may take a few years before Gelsinger and VMware successfully reduce their reliance on dedicated security tools - but ultimately, the company hopes to have fewer external vendors and platforms to rely on, while making its own infrastructure platform more secure. In the meanwhile, he urges companies to encrypt their data, so it can't be cracked even in the event of a security incident.
"You should always have data encrypted," Gelsinger said. "There's still lots of breaches, but this dramatically reduces the attack surface."
Read the full interview with CRN here.