It's been just over two years since IBM bought its way into the security market, purchasing Internet Security Systems (ISS) for $US1.3 billion. Analysts say this week's fusillade of new product and product update releases indicates that IBM is giving the ISS folks some room to flex their muscles in the market as they work through what security means in IBM's overall strategy.
"ISS is getting itself back on track and finding its way," said Gartner analyst Greg Young. "There's a period of considerable distraction for ISS, which is not unexpected, particularly in a company as large as IBM. There are some hard decisions along the way. Do they do things for the ISS business unit or for the greater benefit of IBM? Those are some of the tough trade-offs they've been trying to rationalize as they move forward."
The over-arching strategy, said Josh Corman, principal security strategist for IBM, is to give organizations tools and options for dealing with spiraling security costs. He cites five sources of this dilemma: evolving threats, the burden of regulatory compliances' new IT technologies that change the landscape, fluctuations in the global economy, and changes in individual corporations' business priorities
"At this point in history, the confluence of changes across these five vectors has led to a state where the cost and complexity is far greater than people can handle," Corman said.
A study this year conducted by Forrester Research Inc. showed that security will account for about 10% of IT spending in 2008, up from 8% in 2007, and is expected to grow next year. In one fell swoop, IBM announced:
- A new release of its unified threat management (UTM) tailored for small business, including, for the first time, an SSL VPN.
- A virtual appliance version of its network intrusion prevention system (IPS).
- An update to its network enterprise vulnerability scanner.
- An IPS controller, effectively a load-balancer to aggregate IPS appliances to achieve a greater throughput of up to 10 Gbps.
- A new release of Proventia Management SiteProtector, IBM's security management console.
"This may seem like a collection of announcements," Corman said. "Some of this is a natural opportunity to introduce refreshes or reboots and new products at one time, but another factor you're going to see is taking a lot of the legacy portfolio and new introductions and steer away from point products and more to reducing costs and reduce complexity and more to reduce business issues."
To a more cynical observer, all this may be a new variant of the venerable argument of all large IT vendors: Buying multiple managed products from us makes more sense than a collection of incompatible point products from different vendors. And, by the way, our products are best of breed.
Corman concedes the danger of vendor lock-in if enterprises commit too much of their security infrastructure to a single provider, but he also said the risk is greater with pure-play security vendors than with more diverse IT companies like IBM.
"IBM or other integrators solve a number of issues outside security," he said. Security really becomes an attribute of the existing infrastructure that IBM sells. People are expecting all their infrastructure products to make more things secure by default." |
