The company pledges to spend $1.5 billion for security next year to help businesses protect data.
IBM touched off a major push for security
that will include spending $1.5 billion on security-related efforts in 2008 to help businesses protect data and manage risk.
Company officials said the money will be spent on developing
security products and services as part of a strategy to make IBM a more
prominent player in the estimated $100 billion global security market.
The company has carved security into five domains: Information
Security; Threat and Vulnerability, Application Security; Identity and
Access Management and Physical Security.
"If you want to provide a comprehensive set of security
capabilities, you cannot just provide security around the
perimeter-there's a lot more to it than that," said Stuart McIrvine,
director of IBM's Corporate Security Strategy.
The holistic approach, which will include 200 IBM researchers,
is partly meant to reconcile the acquisitions IBM has made in the
security space of late, especially the $1.3 billion purchase of ISS
(Internet Security Services) in 2006.
Click here to read about
IBM's data management security strategy.
The company's ISS unit is partnering with a number
of data security vendors, including Application Security, Fidelis
Security Systems, PGP Corporation and Verdasys and leveraging
technologies from IBM Tivoli to deliver new services designed to
improve protection of data throughout the information lifecycle.
But the unit is also focused on delivering new technologies
like the Proventia Content Analyzer, now built into the Proventia
Network Intrusion Prevention System product line, which analyzes data
as it moves across the network.
IBM also introduced a host of new data security
and compliance management tools Nov. 1 as part of the strategy,
including: IBM User Compliance Management Software, which performs
audits using established work policies and generates alerts when
violations are detected; IBM QuickStart Services for Tivoli compliance
Insight Manager; and IBM Online Application Security and Compliance
Management, which is based on vulnerability scanning technology from
recently acquired Watchfire.
"[IBM is] in a position that few others in IT can match or
challenge when it comes to having a fairly complete story across
multiple aspects of enterprise IT and systems integration-but security
had long been an obvious gap in that story," said Scott Crawford, an
analyst with Enterprise Management Associates. "What they are pushing
towards with this announcement is a strategy that takes a more
comprehensive approach to security across multiple fronts."
"With the rise of focus on a more strategic approach to GRC, I
would expect more vendors to take a more strategic approach to the IT
security and risk management market," he continued. "This is an example
of a company that can take on such an initiative with more credibility
Check out eWEEK.com's
Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.