IBM on Thursday unveiled a slew of new security products and services, and said it would continue to invest heavily in security innovations to address customer needs for a more comprehensive approach to information technology risk.
On the heels of a security-related buying spree, Big Blue said it will spend at least US$1.5 billion during 2008 to round out security offerings with a goal of providing more extensive solutions that address vulnerabilities and threats, application security, identity and access management and physical security as well as data security itself all at once.
“For many enterprises, security is broken,” said Tom Noonan, general manager of IBM Internet Security Systems. The nature of “evolving threats” requires new tactics toward security, he noted.
Advocating New Approaches
“We advocate new approaches to reduce complexities, adapt to new business imperatives and enable business value versus just threat protection,” Noonan added. “The path to a more secure world begins with a risk management strategy that limits the impact of threats, improves business resilience and creates an enterprise free of fear.”
The IBM move comes amid major pushes by rivals to position and portray themselves as vendors whose products and services are built with security “baked in.” Microsoft, for instance, has invested heavily to make its Windows Vista platform more secure, and Cisco Systems has billed its solutions as offering networks built with security in mind.
IBM shares fell slightly in morning trading Thursday, dropping about a half a percent to $115.59.
ISS Is It
IBM’s security push will come largely through its Internet Security Systems unit, which it acquired for $1.3 billion in August 2006. IBM said that unit is working with its research division and its software and systems operations on new solutions.
Among the first wave of new products and services is the IBM Proventia Content Analyzer Technology and related data loss prevention services that IBM provides in conjunction with partners such as Fidelis Security Systems and Verdasys.
IBM is also partnering to provide security services focusing on particular assets in a network, offering compliance monitoring and reporting services, data management and encryption services for laptops and desktops and services meant to prevent both accidental and intentional data leaks.
Other new services include Web Application Security and Compliance Management that leverages another recent acquisition — Watchfire, which IBM bought in July — and new security capabilities being built into the new System z mainframe computing environment, which includes technology from Consul, another privately held firm bought by IBM in December of 2006.
At least one part of the push is aimed at IBM’s key customers in the financial services industry. IBM is calling its Payment Card Industry (PCI) security solution the first true end-to-end approach to security compliance, monitoring and auditing.
The focus on security fits with IBM’s larger push to get more of its revenue from software and services, ThinkEquity Partners analyst Eric Ross told the E-Commerce Times.
“A lot of its acquisitions during its recent spree have been of companies in the security software and services space,” Ross said. “IBM sees a lot of potential in that area to boost its own offerings in other areas by tying it all together.”
IBM will also continue to invest in cutting-edge research aimed at the security question, specifically at the issue of how to reduce risk overall in business processes, a discipline it dubs “Security Risk Management.” It will also continue to support open public standards for security, citing its work to help get the W3C (World Wide Web Consortium) to adopt Web Services Policy 1.5.
IBM will work with key partners to ensure the new security advances are made available to more small and medium-sized businesses (SMBs) as well as enterprises.
IBM has moved aggressively to figure out how to leverage the ISS buy, said Gartner analyst John Pescatore.
While the company’s managed security services immediately boosted IBM’s profile in that space, integrating security into IBM’s software and services lines across the board has taken more time.
Like many companies executing major purchases, IBM has also had to be cautious not to alienate ISS customers and to avoid the appearance that it was heading into direct competition with some network security vendors. Even though third-party security is still a preferred approach, “enterprise customers in particular are interested in buying more solutions from their trusted vendors,” Pescatore told the E-Commerce Times.