IBM Takes Holistic Security Stance

IBM Corp. this week restructured nearly its entire portfolio of security products and services to provide a more strategic and proactive approach to protecting computer systems and users from abuse, unauthorized access and identity theft.

The initiative is one of the most extensive in the company’s history since it impacts more than 200 product and service offerings and cuts a wide swath across a variety of focus areas within IBM, especially those that concern business strategy and process consulting.

“The sophistication and complexity of attacks are getting very, very difficult to deal with and obviously create some sensitivity,” said Cal Slemp, IBM’s vice president of security and privacy services, in a teleconference briefing. So, “we are taking a more holistic view to focus on policies as well as technologies.”

A key element in this view is the launch of IBM’s Identity Management Services (IDMS), which is a collection of software applications and safeguards that are designed to protect identity systems and customer information data bases. Rather than take a single approach, IDMS can be implemented at multiple points throughout a company’s IT infrastructure and support a variety of different operating environments, says IBM.

Solutions in the IDMS portfolio are also designed to streamline access control processes, and assist company’s in complying with complex regulations and rules – which are especially important in heavily regulated industries like healthcare.

The new strategy also includes IBM’s Information Security Framework (ISF), introduced this week, which positions IBM’s intellectual property assets as a base to educate companies about and help them to understand their entire security landscape.

“While people often think of identity management in ‘defensive’ terms, one of the most important benefits of IDMS is that it can help organizations to enable new services and business models that might otherwise be too risky too implement,” said Slemp.

A good portion of the IDMS approach consists of briefings, assessments and workshops that are presented by IBM to client companies. All of this is included under the umbrella of IBM’s Information Security Framework (ISF), which is more or less an education effort to help clients better understand their security risks and assess what can be done in terms of protection. The ISF focuses on eight core areas: Governance, Privacy, Threat mitigation, Transaction and data integrity, Identity and access management, Application security, Physical security, and Personnel security.

But, the bulk of the effort involves the use of industry-specific identity management architectures and custom design services; identity management products and technologies from IBM Tivoli and IBM business partners. These partners include ADT Security Services, Cogent Systems, Verisign, GE Security and others.

Much of IBM’s effort is designed to protect a company and its IT systems against identity theft, which is becoming a more serious concern among its client base. Corporations, for example, report growing instances of spear phishing, which is a highly targeted form of spam e-mails that cause much of today’s identity theft, says a recent Global Business Security Index Report, published by IBM’s Global Security Intelligence team.

Phishing in general is also on the rise, accounting for an average of one in every 304 emails, compared to one in every 943 in 2004, the report said.

“This framework is a way to provide intellectual property and best practices and help companies understand the exposures and risks to make informed decisions,” says Michel Bobillier, Global Offering Executive, IBM Security Services. “It also provides a way to address the skill shortage we all face in the market and help clients with security tasks over time.”

While IBM refers to this multi-level business process approach to security as ‘holistic’, some analysts believe it signals a further push by IBM into the world of Big Five consulting business companies. “It sounds like they will be acting more like an Accenture than just a technology consulting firm,” says Craig Mathias, principal at Farpoint Group, a technology research company.

As part of its homework in developing IDMS and reworking its security strategy, IBM analyzed roughly 40 customer projects around the world and across multiple industries. The initial goal was to learn more about core security concerns, but what surfaced was a strong demand for identity management protections and solutions that targeted individual business processes.

“It’s a hot topic today,” says John McKeon, Identity Management Executive, IBM Security Services. “There are already a number of initiatives in both the government and public sectors, and we are all aware of emerging Homeland Security type programs on a national and international level. But, “there are emerging requirements that are stretching traditional definitions of identity management.”

News Around the Web