IBM to Spend $1.5B on Data Security

The company pledges to spend $1.5 billion for security next year to help businesses protect data.

IBM touched off a major push for security that will include spending $1.5 billion on security-related efforts in 2008 to help businesses protect data and manage risk.

Company officials said the money will be spent on developing security products and services as part of a strategy to make IBM a more prominent player in the estimated $100 billion global security market. The company has carved security into five domains: Information Security; Threat and Vulnerability, Application Security; Identity and Access Management and Physical Security.

"If you want to provide a comprehensive set of security capabilities, you cannot just provide security around the perimeter-there's a lot more to it than that," said Stuart McIrvine, director of IBM's Corporate Security Strategy.

The holistic approach, which will include 200 IBM researchers, is partly meant to reconcile the acquisitions IBM has made in the security space of late, especially the $1.3 billion purchase of ISS (Internet Security Services) in 2006.

Click here to read about IBM's data management security strategy.

The company's ISS unit is partnering with a number of data security vendors, including Application Security, Fidelis Security Systems, PGP Corporation and Verdasys and leveraging technologies from IBM Tivoli to deliver new services designed to improve protection of data throughout the information lifecycle.

But the unit is also focused on delivering new technologies like the Proventia Content Analyzer, now built into the Proventia Network Intrusion Prevention System product line, which analyzes data as it moves across the network.

IBM also introduced a host of new data security and compliance management tools Nov. 1 as part of the strategy, including: IBM User Compliance Management Software, which performs audits using established work policies and generates alerts when violations are detected; IBM QuickStart Services for Tivoli compliance Insight Manager; and IBM Online Application Security and Compliance Management, which is based on vulnerability scanning technology from recently acquired Watchfire.

"[IBM is] in a position that few others in IT can match or challenge when it comes to having a fairly complete story across multiple aspects of enterprise IT and systems integration-but security had long been an obvious gap in that story," said Scott Crawford, an analyst with Enterprise Management Associates. "What they are pushing towards with this announcement is a strategy that takes a more comprehensive approach to security across multiple fronts."

"With the rise of focus on a more strategic approach to GRC, I would expect more vendors to take a more strategic approach to the IT security and risk management market," he continued. "This is an example of a company that can take on such an initiative with more credibility than many."

Check out's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.