Linux systems

Taking security to the next frontier

Share this post:

From time to time, we invite industry thought leaders to share their opinions and insights on current technology trends to the In The Making blog. The opinions in these blogs are their own, and do not necessarily reflect the views of IBM.

Attackers always have the upper hand on the information security battlefield. They can test their attacks over and over just as Luke Skywalker and the Rebel Alliance did with the first Death Star. Although the Death Star practiced defense in depth, its own complexity (and a single fatal flaw) brought about its downfall.

IT security is no different. We operate complex infrastructure with a myriad of entrances and exits that allow users to do their work. Application developers and system administrators must keep pace with attackers to prevent the next breach.

Defense becomes much easier when people, process and technology work in tandem. That’s easier said than done:

  • People will still click on phishing emails, no matter how much training they receive.
  • Process will always be circumvented when it stands between an employee and a solution for a customer.
  • Technology will always have vulnerabilities.

For many organizations, a new strategy is needed to wrestle with this problem: make security invisible. That sounds great on paper, but what does it mean in practice?


Humans will inevitably make mistakes. George Bernard Shaw once said: “Success does not consist in never making mistakes but in never making the same one a second time.” We should all learn from our mistakes, but even that first one could lead to a security incident.  If a company of 500 people allows each one to make one security-related mistake, it could be very costly.

What if there was a way to prevent someone from putting themselves in a position to make a mistake?


In many companies, simply saying the word “process” will clear out a room. Organizations use process to reduce risk and variance. Excessive processes create burden for employees and they eventually find a way around them. This always reminds me of Dr. Malcolm’s famous line in Jurassic Park: “Life, uh, finds a way.”


It’s no secret that we depend upon technology during every moment of our modern lives. Technology gives us flexibility in our life, but it is also the most rigid weapon we have in our arsenal for security. I’m not asserting that being rigid is equal to being secure, but being rigid means that one plus one always equals two. Our technology does what it is programmed to do — no more and no less.

We can enforce processes with technology and prevent the users from being in a position to make a mistake. The process burden does not disappear, but it becomes clearer and enforceable. How can we reduce the burden but keep the process? It’s called secure-by-default.

More technology embraces the secure-by-default strategy now than ever before.  Our mobile phones often have encryption enabled by default, we rely on more factors for authentication, and the Chrome web browser puts each tab into its own sandbox. These security layers protect users from known and unknown threats without their knowledge.

Application developers need a way to deploy applications securely, but they are often not security experts.  Technology must provide a way for an application developer to hand off their software to a system and have that system operate the software in a secure way.

Virtualization technologies, especially containers, are surrounded by other technologies that provide strong security controls by default. Linux systems automatically apply capability restrictions, namespace isolation and mandatory access controls to these virtualized instances. These controls deliver security benefits right from the start and they allow for customization at any time.

In summary, technology works best when it prevents people from ever being in a position to make a mistake. The most successful technology enforces processes without placing a burden on the people that use it. I’m always eager to find technology that goes beyond this and decreases risk while enabling users to be more productive.

Find out more about how to protect your brand with the security of LinuxONE.

More Linux systems stories

Protection against malware: IBM AIX has your back

IBM Systems Lab Services, Power Systems, Security

“How can we protect our IBM AIX systems from malware attacks?” As a cyber security consultant, I come across this question more than any other when it comes to securing servers running IBM AIX. Most security breaches today are based on malware attacks, especially in banking sector. The infamous FASTCash malware has infected many banks’ more

The unbearable lightness of being: mainframe on the cloud

Cloud computing, Mainframes, Servers

Some time ago, having the words “cloud” and “mainframe” in the same phrase was considered implausible or even impossible. Working with mainframe-related technologies or even directly with any mainframe applications was always associated with green screens, blocky letters and this feeling of old technology. We could say this feeling still exists among a lot of more

The next big leaps for IBM modern data protection

Data security, Multicloud, Storage

Recent analyst research indicates why hybrid multicloud support is becoming increasingly important. According to a 2019 ESG report [1], 67 percent of organizations surveyed currently use public cloud services in their data protection environment. Among those companies, on average 26 percent of their protection environments (measured by amount of data) are housed in the cloud, more