IBM Pulse, in Orlando, Florida, did not strike us as very security focused. The only significant announcement was a new version of Tivoli Federated Identity Manager (TIM). It now supports Identities frameworks like OpenID, Microsoft Windows Cardspace and Higgins. FIM is now also compatible with .NET, WebSphere, SAP NetWeaver, Oracle and CA authentication methods. It's worth to note that with FIM, IBM is the first vendor to our knowledge to support OpenID in an Identity Federation solution. But even if that's a great initiative, the market showed us that Federation projects are still very rare, companies being already pretty much tied-up with their Identity & Access Management projects. So while a new FIM version (available in June 2008) is a nice touch, it might not be what the market needs the most.

We are indeed expecting much more from a major player like IBM. The company comes straight out of a twenty acquisitions streak started in 1996, including many in the field of IT security. Three among those define, more than anything else, Big Blue as an ITsec vendor : Tivoli, Micromuse and ISS.

The former was also the first, in 1996. Under IBM's guidance Tivoli became it's fastest growing division, going from 50 million dollars in revenue to 1 billion. More important than revenues, Tivoli gave IBM the opportunity to get a foot in the systems management business, and part of it now touches to security management. IBM Tivoli now claims 20% market share and is a leader in network management tool. And that's where lies the core of its security offer.

From systems to services management, there's only a short step, that IBM made in 2006 with MRO Software's acquisition. It gave Tivoli the much needed keys in developing what we could now call a "users management" offer. That's how IBM Tivoli was able to make a difference in Identity & Access Management (IAM). Today, not less than nine products make up its IAM offering.

IBM's ITsec portfolio was also strengthened in 2005 when it snatched Micromuse, an expert in security events correlation and reporting. That's when IBM was able to bring together systems and security management.

The last piece of the puzzle is ISS, bought in 2005. This acquisition served two main purposes : to strengthen IBM's Managed Security Services (MSS) offering, and to get its hands on a great Intrusion Prevention (IPS) solution. And even though IBM seems to be more interested in MSS than anything else ISS had to offer, Steve Mills, Senior Vice President for IBM Software Group reminds that it may not be that way forever. "We aim to increase our market share in sofware. Regarding ISS our strategy is still very much focused on products". 

IAM, MSS, security management, intrusion prevention and threat management are pillars for IBM's security offering. Big Blue is able to cover subjects as diverse as data classification for data-driven access control, intrusion prevention, vulnerabilities management or even crypto keys management. But the downside of such a diverse portfolio is its lack of integration. What was achieved in the systems management world (integrating the Change and Configuration Management Database with other Tivoli products) does not exist yet within the ITsec portfolio. But this, as well, could be coming up : "It's among a number of integration initiatives we are working on. Every Tivoli product and the CCMDB (Change and Configuration Management Database) will eventually share the same security model, and all will benefit from common security functions", says Al Zollar, IBM Tivoli General Manager.

The problem here seems a lack of global vision regarding security. IBM's security offering was build up along the years from acquisitions. Sure, these always made a great deal of sense and their resources were well used. In just one year IBM used ISS as a lever to become a leader in MSSP worldwide. But Big Blue still appears more like a follower than an innovator. Asked about Data Loss Prevention (DLP), which is a new and sound approach to information security, Al Zollar appears less than convincing. He cites Tivoli Key Lifecycle Manager (a solution to manage storage encryption keys) as the foundation for Tivoli's DLP offering. We can't help but consider it as a narrow field view at best. Especially when IBM is facing players like EMC, Websense or Trend Micro that are seriously engaged in DLP (not to mention Symantec with the recent acquisition of Vontu). Then again, Al Zollar explains that new announcements can be expected from IBM regarding DLP. Yet, two years after BMC tried to offer an interface across IAM tools and the CMDB, and even though Al Zollar seems interested when asked about it, there is nothing on the road map regarding DLP.

We thus find IBM to be lacking a clear security focus. With Tivoli, it has a champion in systems and resources management. More importantly, everything in its offering resolves to data management. And in a time when security management is essentially about proper data management, IBM is very well positioned to offer the right mix of products and services around data protection. It could, for example, build this new offering around its existing portfolio of database, data warehouse, business intelligence and identity synchronization (from the SRD's acquisition in 2005). Now, that would be an innovation.