Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, August 23, 2006

IBM Up-Ends Security Services Market

An 800-pound gorilla threw its weight into the security market today, and analysts say the impact could send the industry reeling in a whole new direction.  IBM bought Internet Security Systems (ISS), one of the industry’s oldest and best-known independent security vendors, for a tidy $1.3 billion in cash.  The security software vendor, which has been a supplier of point products for more than a decade, will be integrated into Big Blue’s managed security services business, transforming it from software vendor to service provider in a single move.  With their joint entry into the managed services arena, IBM and ISS will challenge popular industry notions that such services are only for small businesses that lack security expertise, and that large enterprises would never consider handing over their security functions to an outsourcing vendor.

“We see a $22 billion market opportunity in managed security services, and we intend to offer a single solution for companies that have not felt comfortable outsourcing until now,” says Val Rahmani, general manager for IBM’s Infrastructure Management Services unit.

“IBM has been showing a tendency to move back, in many ways, to the old mainframe days, where it owned an account top to bottom,” says Rob Enderle, president of the Enderle Group, an IT consultancy.

“I think this acquisition is definitely part of an overall trend, where the more mature parts of the security industry—things like firewalls—are aggregated into fewer, larger companies,” says Robert Richardson, editorial director at the Computer Security Institute.

Big Blue has been carefully vendor-neutral in its approach to managed services in the past, but it seems unlikely that the company will be able to maintain that stance as it integrates the ISS technology into its offerings.  The acquisition comes less than two months after IBM storage rival EMC picked up RSA Security for $2.1 billion.  “RSA had been shopping itself for some time, and I assume they probably spoke with IBM.  But a deal that size [EMC-RSA] probably woke up a lot of larger vendors that this is going to be a major issue going forward, and it’s better having the IP and services in house than relying on partners.  “The only thing that is similar is when EMC wanted to jump into the security space they went for a household brand.

Posted on 08/23