IBM Corp. Thursday announced its intent to buy Internet Security Systems Inc. for US$1.3 billion, giving the company a berth in the burgeoning managed security services market.
The buy will give IBM access to ISS’s protection platform software and fleet of security consultants. The company is perhaps best known for its X-Force Threat Analysis Service (XFTAS).
Val Rahmani, general manager of infrastructure management services for IBM Global Services, said the acquisition will allow Big Blue to target customers that have “not felt comfortable” outsourcing their security needs in the past.
The acquisition also ties into IBM’s service-oriented architecture strategy – the practice of creating open standards-based applications that can be deployed throughout the enterprise to perform various business processes.
“IBM believes the market is clearly headed toward demand for security as a service,” said Rahmani. “ISS shares this view and has been building towards this vision for several years.”
The nature of enterprise security has shifted away from shielding data from viruses launched by lone hackers, said ISS president and CEO Tom Noonan.
“As an industry, we responded to these problems . . . with simple point products that were not integrated,” he said, adding that the complexity of managing these products, along with the complications of meeting regulatory requirements around data protection “has become a massive drain on IT budgets.”
There is a movement towards more co-ordinated attacks against enterprises, funded and carried out by organized crime syndicates. As a result, ISS has adopted a more “on-demand” style of security services, said Noonan, employing a familiar IBM buzzword, to respond to threats more reflexively.
IBM’s existing security organization should match up well with ISS, said Scott Crawford, senior analyst at Enterprise Management Associates, based in Boulder, Colo. “X-Force in particular brings a good deal of intelligence to (IBM’s) managed security services operation,” he said. “We see the two as being very complementary, really.”
ISS will be maintained as an operating unit within IBM, said Rahmani, and will continue to be run out of its Atlanta headquarters. ISS will be used as the base for additional managed services at IBM, she added. Any future software development will be done in co-ordination with IBM’s Tivoli unit to allow for product integration.
There are no layoffs planned at ISS once the deal has gone though and Noonan will continue to lead the division, said Rahmani. The company employs 1,300 globally, 15 in Canada.
An IBM Canada spokesperson said no decisions have been made as to whether the Canadian employees will be moved into one of IBM’s existing facilities. In 2004 IBM Canada opened a Security Operations Centre in Markham, Ont., and intends to invest more than $80 million in security services over five years.
ISS is Big Blue’s fourth acquisition this month. The other three are MRO Software, Webify and FileNet. The deal marks the company’s biggest buy since its US$3.5-billion purchase of PricewaterhouseCoopers and its fifth largest acquisition ever.
“The big picture is: we want to continue to drive growth for IBM in areas where we see opportunity . . . and drive solutions that meet the needs of our clients,” said Rahmani, adding that this latest round of acquisitions “are, of course, all also part of our SOA strategy.”
The ISS deal is a key example of continued consolidation between security companies and enterprise architecture firms, said Crawford, and one of the biggest since the Symantec/Veritas merger in 2004.
“This will continue to go on,” he said.