There was a lot on IBM’s plate in 2007-some 12 acquisitions company officials said worth more than $6 billion. Among those was the deal for Consul Risk Management, which IBM closed on last January for an undisclosed amount.
The acquisition was meant to bolster IBM’s security portfolio by adding data governance and compliance monitoring, auditing and reporting capabilities across mainframe and distributed environments. A year later, the integration of the two companies has yielded positive results, as the company bested its expected sales goals of Consul technology by more than 200 percent.
Kris Lovejoy, IBM’s director of corporate security strategy, counted both IBM’s integration strategy-which involved heavy investing in Consul’s products-and the rising number of global compliance requirements for the software’s success.
“There’s a certain comfort level from customers, knowing that their vendor will be around for years to come,” she said, adding Consul’s 20 years of experience and IBM’s security strategy make for an intriguing mix for customers.
In one year, Consul has become a key pillar in IBM’s planned $1.5 billion security investment for 2008, and has been credited as a major reason revenue for Tivoli software jumped 19 percent in the fourth quarter of 2007 over the same period of 2006. The company launched the first of three new products based on Consul technology in only five months-IBM Tivoli Compliance Insight Manager and the IBM Tivoli zSecure suite-as well as more than a dozen IBM software technologies and services.
Looking back, the acquisition plugged a hole in IBM’s security systems management area, Forrester Research analyst Khalid Kark said.
“It definitely gave them enough credibility to compete with the likes of Symantec and it also brought in fresh perspective that helped IBM define their vision and solutions for the broader IT risk management-what IBM now defines as its GRM (governance risk management) space,” Kark said. “IBM got the expertise in managing security logs, events and systems information….and Consul got a broader set of IT systems management capabilities.”
Consul fit right in.
“Another element of the deal that is often overlooked is the mainframe auditing expertise and capabilities that Consul brought to the table,” he continued. “Consul was such an attractive target for IBM because these capabilities fit right into IBM’s sweet spot, serving large corporations that had several legacy and mainframe applications.”
Looking at the continuously-growing compliance market, Lovejoy sees customers yearning for what she called seamless compliance orchestration.
“They’re seeking closed-loop control for the compliance process-identity control, implementation control, monitoring control and then the ability to measure effectiveness of change and (the) ability to make changes based on the assessed risk.”
Delivering on that, she said, means further integrating IBM’s security event and information management software with software from its Tivoli, ISS, Rational and Information Management product lines.
To Kark, IT managers have had too many experiences with point products that are short on scalability or don’t integrate well within their existing environment, which leads to customers looking for an integrated product suite.
“The end goal is to manage the information risk and regulatory compliance is a means to get there…IBM is in a great position to be able to offer these capabilities to its clients,” he said.