Original URL: http://www.theregister.co.uk/2006/12/18/ibm_to_acquire_consul_risk_management/

IBM snaps up Consul

Risky business

By Tony Lock

Posted in Financial News, 18th December 2006 10:27 GMT

IBM recently announced that it has entered into an agreement to acquire Consul Risk Management Inc, a privately held software company headquartered in the Netherlands and with a US base in Virginia.

Consul was founded in 1989 and currently has 89 staff in Europe and the US. The company specialises in supplying compliance and audit software that helps organisations track and investigate non-compliant behaviour such as unauthorised access.

Consul's software supplies an "auditor-in-a-box" for compliance programs utilising a single management technology dashboard. The software's monitoring and auditing capabilities operate over a wide range of systems, applications, and resources, including IBM's System z mainframe platform.

The technology provides customers with the ability to actively monitor insider threats and comes complete with dedicated reporting capabilities designed to help ensure that compliance activities related to various regulations can be handled effectively.

Consul also provides solutions designed to simplify administration activities on the IBM Mainframe. As is usual in such deals, no financial details were disclosed and it is expected that the acquisition will close in the first quarter of 2007 subject to the usual conditions being met. At the time of writing Consul has over 350 customers. On closure of the deal, Consul will become part of IBM's Tivoli software unit headed by Al Zollar.

There is no doubt that almost every organisation, large or small, has risk management very high on its current list of priorities. More important, this is an area where it is increasingly the case that not only must organisations manage risk effectively but that they must also be seen so to do.

When it comes to the small matter of "inappropriate access" to information and systems it has always been the case that breaches occur more often from internal sources than from external, although most attention has usually been focused on the latter.

However, off the record, everyone agrees that internal sources, whether from users having the wrong access granted to them or privileged users misusing their rights accidentally or by design, are a major concern. The acquisition of Consul by IBM offers significant opportunities for IBM to strengthen even further the depth of its secure platform capabilities.

The integration of Consul with IBM's existing portfolio of security and audit offerings, most notably its Identity Management capabilities, will allow organisations to better police their mission-critical systems and other important line-of-business platforms.

With the mainframe still the gold standard of IT systems security against which other platforms measure themselves, the addition of Consul's capabilities illustrate yet again that the mainframe continues to be a major focus of investment for IBM as it remains a mainstay of business systems.

Risk management is important; internal risk management is even more so. Who guards the guards? Consul and IBM on the Mainframe may be a very good answer.

Copyright © 2006, The Sageza Group