As a lifelong engineer, my career has been dramatically impacted by the open source movement, along with those of my fellow engineers. Growing up in a business environment where closed platforms once dominated, many of us had to recalibrate our thinking as the open source revolution in the 90’s unfolded.

While it is often considered a development concept, I’ve witnessed firsthand how it has extended out of its technical roots to shape the culture of business.

Innovation is one of the better-known benefits of crowd-contributed code — or open source — but what about security? Can open source improve or enhance your security posture?

Open seems like an ironic concept in cybersecurity, but the answer is absolutely yes.

Open Source Closes the Gaps in Security

The open, connected structure of cloud-native applications makes it ideal for sharing data across multiple platforms — this is true across the business, including security operations. As more and more technology moves to the cloud, there is tremendous opportunity for security teams to be a guiding light for the business. One of the biggest areas of potential is weaving security into the fabric of open source initiatives. And while at first glance it might seem far removed from the enterprise security team’s charter, it shouldn’t be.

The same driving principles that make open source attractive to developers — efficiency, effectiveness and trust — actually make it highly beneficial in the security realm.

Cost Control and Efficiency

It can be challenging for enterprise security teams to see how open-source technology is relevant. After all, even if security professionals give thought to how their multicloud applications are built, there is little they can do to influence any change. However, it’s important in the greater scheme of security to not only give thought to how these applications are built, but to demand that all applications being used in enterprise operations are architected securely. For overwhelmed security professionals, selecting enterprise cloud applications designed with security reduces the number of vulnerabilities in the organization’s attack surface.

Similarly, controlling your attack surface by opting for open-source technologies with security helps control costs. This type of cost control can be found in identifying attacks earlier, or by eliminating the need for your most experienced staff to wade through screen after screen of security alerts.

Effectiveness

The beauty of open-source technology is it provides new ideas vetted by industry experts. This combination of innovation, experience and expertise can greatly improve the effectiveness of your security ecosystem. Consider a healthcare organization that has spotted some anomalous activity on its network: When shared with threat intelligence teams across other healthcare systems, the activity can be evaluated in a larger context to provide a more accurate picture of what’s happening.

And, Finally, Trust

Trust is a critical factor in open-source, multicloud development platforms. It’s built on the idea that group contributions and vetting will weed out poorly thought-out processes and structures. But how does this translate to the security realm, where trust is as good as currency when it comes to consumer decisions? To do this, organizations need to look at trust as more than a measure of data protection.

While data privacy and protection is unequivocally important, customers trust organizations that have their best interests in mind. That means a reliable, frictionless user experience. That means a product that is continuously innovated to keep up with changing needs. That means offering a tremendous value by providing all of this at an increasingly competitive price point. And this is where secure open source foundations really shine. Open source grounded in security provides consumers with the data protection they require and the service and reliability they demand.

IBM Security and Red Hat: Champions for Secure, Hybrid Multicloud

The journey to cloud means something different to every organization. For some, a hybrid multicloud environment is a means to connect with customers or a way to manage all their workloads. For others, it’s a way to maximize open source development. Regardless of why or how organizations are moving to hybrid, multicloud and open platforms, the need for security is paramount. Not only that, security must be the vanguard — the front line when it comes to identifying pitfalls and land mines that could derail the organization’s efforts to grow.

IBM and Red Hat together are two powerful forces in open source development that have placed a priority on security. For organizations, a secure development environment offers the solid foundation necessary to infuse security on top of, around and throughout the rest of the business.

With IBM and Red Hat, security no longer needs to be the barrier. In fact, secure open source development builds strength, resilience and trust into the fabric of any hybrid, multicloud business.

Learn More About Securing Hybrid Multicloud Platforms

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today