Over the last decade cybersecurity spending by organisations has increased to such an extent that it now represents the largest part of many IT budgets but during that time breaches, and the costs associated with them have increased faster than the increase in spending says VMware CEO Pat Gelsinger.
He told Which-50, “I am spending more and I am losing more. It’s insanity.”
And it is also the reason Gelsinger says security is fundamentally broken.
There are estimated to be 1,200 cybersecurity companies operating in the market today, and the VMware chief likes to compare the industry to what he calls “bad attorneys.”
“They chase after an accident and show up to remediate the situation. You get a breach, you know, that’s when you get more security spend. Companies buy products to respond to the latest breach and it’s like getting budget approved after the accident.”
The focus of spending is also out of whack, according to Gilsinger. Typically security products fall into one of three areas; protect, detect and respond.
“But today, if you look at some of the Gartner research, 80 per cent of security products deployed are detect and respond. The benefits of protect products are five times those of detect and respond, but yet protect only represents 20 per cent of security spend. So our view is this is all wrong.”
VMware’s position is that there is a fundamental change needed towards a model where the large majority of security capabilities are inherently provided when an application is released, rather than bolted on afterward.
“So that’s what we call intrinsic security. And what we just announced with Pivotal (which VMware just acquired) and Tanzu (its major announcements at the VMworld conference this year). When customers hit push to production on the application, all of the security is inherently built, understood and deployed simultaneously.”
If VMware’s vision proves true, then expect to see a shakeup and aggressive consolidation in the security market.
“Most companies have two or three or four network providers, and the same with storage providers, or server providers, but they have hundreds of security providers.”
A very different approach is required he said. “There are way too many products, way too many vendors and my dream would be that we end up with maybe a quarter of the products and vendors that we have today in five years.”