VMware CEO: The security industry has ‘failed its customers’

Pat Gelsinger told a crowd in Washington, D.C., what needs to change if companies are going to truly protect their customers.
CEO Pat Gelsinger, VMware
Pat Gelsinger speaks Oct. 2, 2019, at the VMware Public Sector Innovation Summit presented by FedScoop and StateScoop. (Scoop News Group)

Pat Gelsinger, the CEO of VMware, says the security industry has “failed its customers” and that security must become more intrinsic if enterprises are ever going to keep up with the threats they face on a daily basis.

“Every year we are asking [enterprises] for more money from their security budgets and every year there’s an increasing number and cost of breaches,” Gelsinger said at VMware’s Security Through Innovation Summit produced by FedScoop and StateScoop. “This is a failure.”

He compared the state of the industry to lawyers who make a living chasing after car accident victims in the hopes of scoring a personal injury settlement.

“We show up after the car accident and then we say ‘Here, you need to buy more tools for forensics to tell you what happened in the car accident,'” Gelsinger said. “We are showing up after the fact. We need to have a better model for the future.”


The comments come weeks after VMware announced last month it had purchased endpoint security company Carbon Black for $2.1 billion in order to bolster its security offerings and ability to detect advanced cyberthreats. Gelsinger says the company plans to integrate Carbon Black’s offerings into its popular cloud computing and virtualization products to give enterprises the option to “bake in” security from beginning of the development lifecycle.

The Carbon Black deal comes as money is flying around the cybersecurity industry. Many of the larger companies have spent the past few years acquiring companies meant to complement their core product offerings, while other cybersecurity companies have turned into billion-dollar unicorns or recently become publicly traded companies.

Gelsinger told CyberScoop that no matter the size of the company, the security of an enterprise should be dependent on the features built into other technology products and services. He used another metaphor — house construction — to explain how he believes enterprises will build their systems moving forward.

“You wouldn’t dream of a house that didn’t have doors and windows,” Gelsinger told CyberScoop. “That’s how we have to look at our applications in our infrastructure in the future. They have to be intrinsically secure. We’re not buying a whole bunch of crap that you layer on to fix security that should have been there in the first place.”

Bitcoin is ‘bad’


Gelsinger also said Wednesday he considers bitcoin, the most widely traded and well-known cryptocurrency, to be “bad,” due to the environmental impact caused by the massive energy consumption it takes to mine the coins and its frequent use among criminals who use it a payment mechanism in cybercrime schemes.

He told CyberScoop that until cryptocurrencies are regulated, more readily available to audit and used on a wider scale, they won’t be used for good.

“There is a lot of promise the underlying technology, but I think all the steps that have been taken so far still have a pretty long way to go,” Gelsinger said.

Gelsinger sees more much more promise in the blockchain, the distributed ledger technology that underlies cryptocurrencies. Despite of chorus of people who say other existing technologies can provide the same functionalities, he believes people will find new capabilities that will push blockchain to become widely adopted.

“I compare [blockchain] in some ways to the RSA [algorithm],” Gelsinger said, referring to one of the first public-key cryptography systems to become widely used. “But if you think about what the those security protocols were 35 years ago, they were still pretty raw. … You should think about blockchain the same way. It’s a few years old, but we still have a long way to go into the maturation of the technology itself.”



Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts