IBM Launches $1.5 Billion Security Initiative - InformationWeek
Software // Enterprise Applications
02:22 PM
Connect Directly

IBM Launches $1.5 Billion Security Initiative

The program is designed to recalibrate a customer's compliance and security offerings across IBM's five domains of information technology security.

IBM on Thursday announced a major security initiative encompassing products, services, and research to help businesses manage risk and keep information safe. To support the initiative, IBM said it plans to spend $1.5 billion on security-related projects in 2008.

"The way companies do security today is broken, because what companies tend to do is hand security off to the IT department," said Stuart McIrivine, director of IBM Corporate Security Strategy.

The IT department then tries to protect everything and there just isn't enough money to go around, McIrivine explained.

Basically, IBM believes that the siloed approach to information security has failed. McIrivine describes IBM's new direction in terms of risk management rather than protection. It involves looking at security as a finite set of controls that are being monitored rather than an effort to lock up everything.

IBM plans to recalibrate its compliance and security offerings to help companies manage risk through a unified strategic approach across what it calls the five domains of information technology security: Information Security, Threat and Vulnerability, Application Security, Identity and Access Management, and Physical Security.

The initiative has been developed over the past 18 months and is the largest ever undertaken by the industry, according to IBM. It involves a number of recent and past acquisitions, including Internet Security Systems and Watchfire.

"One of the biggest drivers of security spending today is compliance," said McIrivine. "When you think about compliance, usually it's compliance with regulations. But when you boil it down, these regulations are focused on how companies manage information."

IBM refers to one component of its new initiative as security risk management, which aims to provide CIOs and chief information security officers with risk management tools. SRM aims to automate the measurement and assessment of business processes, risks, and costs to make information management more effective and more efficient.

IBM clearly has defense against hackers in mind. IBM ISS plans to work with a variety of data security vendors, including Application Security, Fidelis Security Systems, PGP, and Verdasys, to better protect corporate data from external threats.

But IBM is also focused on internal information management and corporate policies. McIrivine said that customers regularly tell IBM that employees do things they know they're not supposed to do and that such actions pose a management problem.

"This is not hacking, this is people just screwing up," said McIrivine. "Companies are looking for the technology to make sure that doesn't happen."

In keeping with that goal, IBM is introducing services to meet that need, including IBM Data Security Services for Endpoint Data Protection, to help customers protect and control unauthorized use of and access to laptops and PCs, and IBM Data Security Services for Enterprise Content Protection, to help customers protect against deliberate and accidental data leaks.

Through this initiative, which will be supported by 200 IBM researchers around the world, IBM hopes to create "an enterprise free of fear."

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll