Big Blue Buys a Corporate Traffic Cop

Seeking to fill a security software gap in its Tivoli portfolio, IBM  agreed to buy privately-held Consul risk management Inc. for an undisclosed sum.

Consul, headquartered in Delft, Netherlands with a U.S. office in Herndon, Va., makes compliance and security audit software that helps companies detect and investigate unauthorized activity on computer systems by IT administrators or other users within the company.

The unauthorized activity can be intentional, such as when an employee pilfers personal information about another employee or a client. Or it be unintentional, such as when an employee stumbles across a co-worker’s health records or the company’s finances.

Either scenario puts corporations at great risk of violating compliance regulations such as HIPAA for health care providers, and Graham Leach-Bliley in the financial services sector. The regulations include tighter security and accountability mandates for corporate computers that handle this data. Failure to comply can cost companies thousands of dollars in fines after an audit.

So, in a way, Consul’s software is acting like a traffic cop that watches over the good citizens on the corporate network.

Consul’s compliance software monitors business processes for compliance, triggers alerts when information or technology assets are at risk, when data is inappropriately accessed or if compliance processes have been breached, said Joe Anthony, program director of identity management for IBM’s Tivoli software group.

“Consul assets will go in and look at what kind of user activity has gone on as well as what type of machine,” Anthony said. So you can set a corporate policy that says ‘here’s the type of users that should access to certain resources, they should only do it from 8 to 5,’ etcetera.”

Anthony also said the software keeps all of the original source data used for the compliance audit, and provides IT admins analyses when necessary.

The software, used by customers such as Ford, Hanes and Fidelity Bank, employs a single management dashboard that watches over distributed Unix, Windows and Linux systems, IBM mainframes, databases and applications.

IBM plans to tuck Consul assets and its staff into its Tivoli management software line when it closes the deal in the first quarter 2007.

The Tivoli line already employs several security applications to help businesses shore up their computers’ defenses.

These include Tivoli Security Compliance Manager, which analyzes the security configurations for desktops and laptops, and Tivoli Security Operations Manager, which IBM created to manage networks.

But Anthony said Consul goes places Tivoli currently can’t.

“Consul went deeper and broader from a compliance management perspective then we had with out Tivoli security offerings, so there’s not any overlap,” Anthony said.

Anthony also said IBM feels it has rounded out the security software offerings in Tivoli to the point where the company is comfortable with its position in the security software market; IBM has no current plans to buy more security software.

“There are no short-term things we are looking at,” he said.

The explosion in compliance regulations over the last few years has spurred vendors such as IBM, HP , Oracle , Sun Microsystems , CA Compliance is a key rung on the security software latter, which has included improvements from CA and HP as recently as last week.

News Around the Web