IBM aims for security risk management

IBM aims for security risk management


IBM has announced new security services and products for enterprises

IBM today launched a raft of new technologies and services designed to help senior IT decision makers support the business by managing risk more effectively. The firm also reaffirmed its commitment to security by earmarking $1.5 billion for security-related efforts in 2008.

The new releases include data loss prevention and endpoint data protection services, as well as database activity and vulnerability monitoring and alerting technology, according to the firm.

The IT giant also announced web application security and compliance management software from its recent acquisition of Watchfire. IBM Rational AppScan and Rational Policy Tester enable firms to identify vulnerabilities and thus reduce the risk of data breaches, the firm said.

New security features were announced for the System z mainframe, including capabilities on the z/OS to restrict access to sensitive information like customer credit card details, and a Tivoli zSecure suite which automates security administration and auditing processes.

As part of the announcements, IBM also launched a new program designed to enable full compliance with all 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS).

The strategy is IBM's response to the increasing pressures being placed on CIOs and CISOs to strategically manage their IT assets and inherent risks, in order to support business operations, explained IBM's security strategy manager Eric McNeil.

"We're aiming to fix the IT security model, which is fundamentally broken – we have to move away from securing this or that to securing the business processes," he added. "It has to be managed centrally across all domains: people, technology, information, applications and facilities."

Another central element to IBM's strategy is its Security Risk Management (SRM) initiative, which includes capabilities such as risk quantification and event risk calculation, he added.

"This is meant to be the 'steering wheel' that allows business executives to quantify risk in business terms and help them to optimise investment in security technologies," said McNeil.

Andrew Kellett of analyst Butler Group said that IBM is trying to draw together all its disparate technology products and services – many made from the recent acquisitions of ISS, Watchfire and others – in a coherent and marketable strategy.

"IBM had to come out with something because it had the components but it all looked a bit fragmented and others like CA and Symantec had already gone down the road of repositioning and representing [their offerings]," he argued. " Security vendors are now positioning themselves as solutions providers working alongside your business requirements."