IBM touts enterprises free of fear and $1.5 billion security spend

IBM touts enterprises free of fear and $1.5 billion security spend

Summary: IBM is marshaling its hundreds of security products and thousands of consultants to enable what it calls “an enterprise free of fear." Given that an enterprise free of fear is like declaring world peace, I asked Stuart McIrvine, director of IBM’s Corporate Security Strategy, to explain the concept.

SHARE:
TOPICS: IBM, Security
4

IBM is marshaling its hundreds of security products and thousands of consultants to enable what it calls “an enterprise free of fear." Given that an enterprise free of fear is like declaring world peace, I asked Stuart McIrvine, director of IBM’s Corporate Security Strategy, to explain the concept.

"Our approach is that security is kind of broken," McIrvine said. "Companies are leaving security in the hands of IT and operations people, looking at servers, databases and putting up firewalls and updating antivirus signatures. But they have no real view of what they are protecting from a business strategy viewpoint, understanding the core objectives and risks to meeting those objectives."

IBM's aims to engage the business side to surface key processes and systems, and from a top down to understand objectives and risk, and then to mitigate the risk with the available budget. "We are in the mitigation business, helping companies decide what risks to accept," McIrvine said.

This wholistic security risk management approach is hardly original. IBM plans to spend $1.5 billion on its security division in 2008 in its effort to soak up as much of the $100 billion security spend by corporations worldwide.

The impetus for the new security initiative is in part a rationalization of its 200 security products and recent acquisitions, including Internet Security Systems and Watchfire. It also gives IBM's small army of 3,500 security consultants (IBM has 355,766 employees worldwide) a more coherent framework for risk assessment. (Information on the new product announcements here.)

About 20 percent of corporations have done a business and risk alignment from a security perspective, McIntyre said. "One customers in the U.S. identified 550 actively managed deployed controls in place. When you look at it from a business perspective, you look at what contributes to 80 percent of the risk. We took it down to just over 50 controls. When you start to align business with IT, it can more costly to have controls than suffer the consequence of the risk."

IBM consultants conduct a number of assessments and audits, such dynamic risk quantification, peer group risk comparison, business controls optimizations and event risk calculation.

McIrvine said the IBM identified five core areas for its security framework: Infrastructure (servers, endpoints, networks), identity and access, information, applications and physical security, such as card readers and video cameras.

McIrvine agreed that an enterprise free of fear isn't realistic. "It goes back to do you really have a handle on what you are protecting, and business guys understanding and working with the IT department to identify real risks and put controls in place to mitigate those risks. It's not covering everything but you can sleep a bit better.

Topics: IBM, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Will not succeed...

    There is no way this will work. I have it on authority from my rep that IBM focuses too much on dinosaur technologies like AIX and Linux. Therefore, security cannot be obtained. I on the other hand stand lord and master hundreds of thousands of Windows servers and workstations, completely secured by MCS gurus.
    Mike Cox
    • you ran out off time 4.3

      you post this way to fast ...... its needed more work more wine ,finer thing in life the opulence of money .... bad bad mr cox

      Next time please more glamor more high end restaurent lobster fillet mignon , cognac sauce ,and then rest


      i will wait
      Quebec-french
  • It's all marketing BS

    The biggest issue tends to be ignorance and the world generally speaking, has it in spades.

    But specifically in the case of IBM, this is "good neighbor" marketing ploy to sing an altruistic song. In actuality IBM wants to get its foot in the door to land their consulting services arm.

    Perhaps that goes without saying but having worked for Andersen Consulting once (nowadays Accenture). Large consulting organizations are leeches - they'll bleed you dry and show very little for it. In fact my current employer showed IBM Consulting Services the door at one point.

    -M
    betelgeuse68
  • RE: IBM touts enterprises free of fear and $1.5 billion security spend

    Sounds like Websphere Application Server Security Edition -- only 4x slower than your current app server, 12x more difficult to manage or even understand, and 100x more expensive.

    I'll pass.
    crypt2121