IBM Has Ambitious Governance & Risk Management Plans

IBM today announced a strategic initiative aimed at providing customers with one-stop shopping for tools and services for IT governance and risk management (GRM). But the company was very clear that the initiative is just the start, not the end of the journey.

Under its GRM aegis, IBM  officials are presenting a mixture of existing products and services along with a strategy it said provides businesses with the capabilities they need to satisfy regulators, auditors, and management, ensuring the safety and integrity of their IT infrastructures.

Among the software offerings that IBM is pointing to as being in the vanguard of its GRM initiative are Tivoli Business Service Manager, Tivoli Security Operations Manager v4.1, and the IBM Rational Portfolio Manager v.7.1.

In the services area, the company points to its Business of IT Dashboard (a suite of asset-based services and software based on Tivoli’s Netcool technology), that provides GRM views tailored for different classes of users. Also in the services area, IBM pointed to its IT Lifecycle Management and Governance Services for Tivoli service desk.

“For many years, IBM has had tools [and services] in this area, but a year and a half ago, we decided we needed to focus [on GRM],” Kristin Lovejoy, director of strategy for governance and risk management at IBM, told “CIOs were telling us, ‘We’re spending a lot of money on compliance’,” she said, resulting in push back from IT staffs already short on resources for dealing with those issues.

The idea is, over time, to provide a cross-disciplinary and cross company approach that combines IBM products and services with an emphasis on GRM, Lovejoy said. That may turn out to be attractive to many customers.

“From a customer perspective, I like having one guy to go to, and you feel like you have more coverage,” Bernie Donnelly, vice president of quality assurance at the Philadelphia Stock Exchange, told He said the Exchange has been a customer of Consul (now owned by IBM) for many years.

“It looks like they’re putting a lot more investment into what the rest of the industry refers to as governance, risk management and compliance (GRC),” French Caldwell, research vice president for GRC at Gartner, told He hailed the overall approach as a good start but warned that there is a potential for confusion among customers who may see this as just a marketing move.

In order to combat that perception, IBM needs to “come up with a good GRC management application to tie all their data feeds together and align the controls to the policies you’re complying to,” Caldwell said. “It [the vision] is not complete yet but then nobody really knows what a complete GRC solution looks like.”

And if IBM is looking for its GRM/GRC initiative to drive more business to its ailing consulting services division, it may well be disappointed. “Certainly there’s a services component but I don’t see that as the driver,” Caldwell added. Instead, he sees Tivoli’s products and services as the driver.

Still, IBM sees a large opportunity in the areas of governance, risk management and compliance. In its release, the company cites an AMR Research study that pegs the value of the GRM/GRC marketplace at $30 billion by 2008.

That said, IBM’s Lovejoy said IBM is not trying to present its GRM initiative as a fait accompli. “This is the beginning, not the end of the story,” she said. The next chapter, she said, will come this summer when Big Blue plans more announcements around GRM.

News Around the Web