Feeds

IBM beefs up security in global services

Good news for big business, but what about SMBs?

Internet Security Threat Report 2014

Comment Last week IBM announced that it was acquiring US-based Internet Security Systems (ISS) for $1.3bn.

ISS's specialty has been the proactive security for the enterprise through automation and focusing on vulnerabilities in the ever-evolving IT infrastructure.

IBM believes the acquisition, its largest since it acquired PWC, will advance IBM's strategy to use IT services, software and consulting expertise to automate labour-based processes into standardised, software-based services for its clients.

IBM also believes it will help advance its position in Managed Security Services, which addresses issues ranging from data theft to implementing regulatory requirements.

ISS is one of the largest providers of security products and managed security services in the industry, with more than 11,000 customers worldwide, including many of the largest banks, public insurance companies, and national governments. ISS will join IBM as a business unit within IBM Global Services' Security organisation.

ISS has been admired for a while for its approach to security. While many are still trying to protect objects or systems, ISS has been evolving a holistic approach that respects that the environment is ever-changing, and that looks at automating systems as the way to respond in a proactive manner.

In this respect its philosophy is close to that of IBM which has also embraced a holistic approach and has had a self-healing approach for its systems and software along with other automated capabilities for years. Both companies understand that evolving IT security requires an architectural, big-picture approach rather than a point-product, perimeter-centric approach.

In that sense, the combination of the two should bode well for both vendors' customers. IBM customers will see the inclusion of a strong security vendor's products and services beefing up IBM's offerings, which have not been as strong as those of some of its competitors.

For ISS, IBM's scope gives it access to a greater number of customers than it could have reached alone, and adds credibility to both companies' reputations as trusted corporate advisors. Customers of either company should feel secure that IBM and ISS are committed to proactive, automated security and managed security services.

Next we will be waiting to see what the company does with identity management, a hot topic on its own that is tightly connected to many other security issues.

In some ways, it is sensible for IBM to place ISS within Global Services. The product would be awkward in any other part of IBM, even if it is largely a software capability. However, that said, putting ISS within Global Services also makes us uncomfortable.

Global Services is the biggest part of IBM, and it is important, in that frequently Global Services acts like a laboratory where large customers with specific needs can work with IBM to make solutions that solve specific problems, and then that intellectual property can be shared internally within IBM to help productise it for a larger market or share it in some way with services partners who can offer it in appropriate form to the SMB market.

This is a nice idea in theory, but the problem is that we haven't really seen that happen. For many reasons, most of them quite sensible, Global Services is unable or unwilling to deal with entities smaller than roughly 1,000 employees.

In the grand scheme of IT, this leaves an awful lot of the market open. Global Services' business model is not designed to deal with the mid-market, nor should it necessarily do so, but IBM still does not have a way to capture the extensive IP it is building within Services to leverage it across the company or the market.

We fear that ISS's products and approach will continue to benefit large companies but that an awful lot of the mid-market will not have access to those capabilities. While this may not seem terrible from a near-term revenue viewpoint, from a security viewpoint it should be viewed with alarm.

Organisations interact, especially within supply chains, and partners need to be inculcated in the same methodologies, approaches, and philosophies as the larger players. IBM has a significant partner organisation although it is essentially a tactical unit for helping partners navigate IBM.

However, we strongly urge IBM to work with its product groups, Global Services, and the partner organisation to figure out ways to take the great ideas in Global Services and bring them out of the ivory towers of the consultants and academicians and down to the larger masses of IT managers worldwide.

Copyright © 2006, IT-Analysis.com

Choosing a cloud hosting partner with confidence

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.