IBM launches $1.5bn IT security push
Compliance and control
IBM has launched a major push to grow its presence in the information security market. The initiative is centered around two particular areas - compliance and content control - and weaves together technologies from recent IBM acquisitions Internet Security Systems (ISS) and Watchfire with technologies developed inhouse, many related to its Tivoli systems management arm.
The push will reportedly  double IBM's security-related research and development spending to $1.5bn next year.
In a statement, IBM said the risk management landscape has changed with more collaborative business models evolving alongside more sophisticated criminal attacks. Current security technologies, implemented tactically in silos, are insufficient to deal with current challenges, the firm said.
Big Blue said it wanted to manage risk across an enterprise, with a particular focus on areas including application security, identity and access management, and physical security.
IBM bought security tools firm ISS for $1.3bn in a deal announced in August 2006. It followed up with the acquisition of web application security firm Watchfire in June 2007 in a deal valued at more than $100m. IBM's system rivals have also been active in the information security space, most notably marked with EMC's acquisition of RSA Security for $2.3bn in June 2006.
The introduction of corporate governance regulations such as Sarbanes-Oxley and HIPA have been a major driver for the information security industry as a whole over the last two years and go a long way to explaining why the likes of IBM and HP are looking to get a bigger slice of the action.
IBM's Internet Security Systems unit is a particular focus of the firm's wider push to add improved content inspection and compliance features to its technology portfolio. New data inspection capabilities are to be built into the Proventia Network Intrusion Prevention System line of products to provide increased visibility into data loss issues (eg alerting firms if someone tries to email sensitive data to unauthorised parties and the like).
Big Blue is also weaving technology from its Tivoli systems management arm with products from partners including Fidelis Security Systems, PGP Corporation, and Verdasys to produce new services. These include services that help clients encrypt and manage data on laptops and PCs, snappily titled IBM Data Security Services for Endpoint Data Protection, and IBM Data Security Services for Activity Compliance Monitoring and Reporting, a service for alerting on malicious and non-compliant database activity and vulnerabilities.
Other products, such as IBM User Compliance Management Software include access control and user activity monitoring, providing an electronic Big Brother. In market terms, technologies such as this push IBM into competition with the likes of Websense. In practical terms, it provides tools for firms keen to make sure their workers aren't spending their time playing network games or goofing around on Facebook instead of working.
Big Blue also announced a one-stop program designed to offer compliance with the Payment Card Industry Data Security Standards (PCI DSS), an initiative by the credit card industry to make sure merchants have followed 12 basic security guidelines for processing credit and debit card data. This ties in with a wider push to sell more security products and services to small businesses.
Last, but not least, IBM announced a research project in security risk management.
More detail can be found in IBM's release here . ®