Friday, November 02, 2007

IBM dips its toe into Data Security

IBM made a rather long winded and all encompassing announcement today around a bunch of Risk Management initiatives. In true IBM style, there's too much information for the average person to take in and understand at first glance. They are offering a heck of a lot and very few organisations will need everything they are announcing here. In fact, you probably don't even need half of what they are offering unless you have a HUGE security need and not much of an IT security department. Of course, they'll gladly send out a sales rep to sell it all to you. Don't buy it all. You don't need it all.

Now that I've done my IBM bashing for the day, I want to point out the data security piece:

"To deliver a total data protection solution throughout the information lifecycle, IBM ISS is partnering with leading data security vendors, including Application Security, Inc., Fidelis Security Systems, PGP Corporation, and Verdasys, Inc. By leveraging key technologies from these partners and IBM Tivoli, IBM ISS will offer a comprehensive set of asset-based data security services:
  • IBM Data Security Services for Activity Compliance Monitoring and Reporting -new services that help protect companies from insider abuse and enhance audit preparedness by assessing, monitoring, and alerting on malicious and non-compliant database activity and vulnerabilities.
  • IBM Data Security Services for Endpoint Data Protection - new services that help clients encrypt and manage data on endpoint devices, such as laptops and PCs.
  • IBM Data Security Services for Enterprise Content Protection - new Data Loss Prevention services that monitor and help protect against intentional and inadvertent leakage of critical data."

In other words, IBM can offer you a Managed Security Service around data security and leakage prevention (aka DLP). So even though IBM aren't doing anything in terms of acquiring software in the DLP space (yet), they are flexing the might of their services arm in an attempt to service the need. It is worth noting that they need to partner with other vendors because they don't have the software portfolio to do it. Which brings me to my next point.

It would do them a lot of good to have a software solution in this space. The most logical place to slot the acquisition would be in Tivoli, but they could also put it into their Information Management brand. It makes perfect sense to tie data/information monitoring and leakage prevention into Identity Management, Access Controls/Entitlements Management, Compliance Monitoring/Reporting and Security Event Management and Correlation. It's a big hole in their portfolio. Once they get that, they'll need to start looking at the network layer.

I know they got out of that business a long time ago and said they would never go back...but hey, they bought ISS didn't they (incidentally, they could also roll DLP software into ISS). Stranger things have happened.

2 comments:

Danny Lieberman said...

Actually - although Fidelis is based (technically) a Layer 2 content interception (which makes it a network security product) - from an application perspective, Fidelis XPS is really a tool for detecting and preventing threats that exploit human, system and network vulnerabilities. My experience with Fidelis is that it is implemented by fraud, compliance and security staff not by the network security people.
So - it makes eminent logic for IBM to team up with Fidelis imho

Danny Lieberman

Anonymous said...

http://documents.iss.net/literature/proventia/ContentAnalyzerGde.pdf

Proventia already has the capacity in some respect from the hardware IPS platform