IBM's acquisition of ISS for $1.6Bn
It was inevitable that ISS would eventually be acquired. As network, systems and security management are all converging, and security technology starts becoming assimilated by the gorillas into networking fabric (Cisco) and operations systems (Microsoft), and the lines between security & network management start to blur, it stands to reason that ISS on its own would eventually be orphaned in 2-3 years time. This move does signal a milestone however, for convergence of security.
If all proceeds according to plan, IBM will leverage ISS in three ways.
- It will integrate ISS as a business unit within the infrastructure management services unit, part of IBM Global Technology Services - this is a good move as we will see below, security belongs in infrastructure management and not on its own
- It will integrate some of ISS's technologies and consoles into its Tivoli systems-management software - less convincing long term benefit I think.
- It will mandate IBM Global Services to promote and sell ISS-derived managed security services to enterprise customers -obviously just continuing off their existing relationship but these services will become indistinguishable over time with those provided by the infrastructure management BU as we discuss later.
The acquisitionn of ISS is an investment by IBM in a security technology company that derives a huge chunk of its services revenues from maintenance sales and support of enterprise software agreements made 4-5 years ago with large clients who still have a lot of shelfware on their hands from the heady days when ISS made a name for themselves in the IDS market. ISS also sells newer IPS and management technology under its Proventia range. It is debatable how well they are faring in the rapidly growing IPS market space which seems to be dominated by Cisco, McAfee and 3Com (Tipping Point). Yes, ISS do have security consulting divisions and do have some traditional "remote managed security services" offerings, but once again I have yet to see anyone making major inroads into the traditional MSSP space, let alone stop losing money. Since the consulting and MSSP components of ISS are not that substantial in relation to the rest of their revenues its questionable if those parts of ISS can add any major incremental value to IBM other than the existing relationship in the short term.
IBM is a technology company too, and with the acquisitionion they get good security technology to flog to their clients. In fact, much of the press is touting the acquisitionion as a good move to "bolster IBM's existing security portfolio". Well I suspect a massive chunk IBM's existing security portfolio comes from Cisco and I just cannot see Cisco being very enumerated with having their technology "bolstered" by arch-enemy ISS in the security space. This is going to be interesting.
I have long held the controversial view that the pure-play MSSP (Secure Operations Centres and bunkers with people in white lab coats scanning your logs for nasties and configuring your security devices for you) is an endangered species. In fact, customers have never quite embraced this business model en-masse as everyone predicted, and in fact if they have gone this route it was probably to get a tick in the compliance checkbox more than anything else.
Three things are going to disintermediate the traditional MSSP. The 1st is Convergence of security, systems and network management as networks and operating systems embed more and more security. The 2nd is IPS and vulnerability management technology which will keep evolving and making a dramatic difference through automation and increased intelligence. The 3rd nail in the coffin is admission controlled architectures such as NAC, NAP and TNC. The security management function will become more about infrastructure, configuration, asset and identification management coupled with the activities to ensure smooth running of automated IPS/VM/NAC ecosystems and less about managing discreet security boxes and looking at alerts. More intelligent & automated technologies coupled with admission controlled architectures form the basis of the "adaptive self defending network" concept and this is where I believe clients are going to want to throw their dollars, not for people in a remote SOC. Granted,the need for managed services will indeed increase to ensure these converged, intelligent and automated admission controlled networks are running smoothly, but the need for discreet security management will wane (but not disappearear).
As this trend evolves, clients will repeatedly look to one service provider to manage and secure their infrastructure, desktops, servers and operating systems as a cohesive whole. This sets the stage for systems integrators and infrastructure management companies, maybe even Telcos, to dominate the security services market, and the role of the pure play MSSP and security boutiques will diminish over time as a result.
So lets summarize:
IBM have seen the convergence trend and their Global Services business unit probably stands to gain the most from this. Their integration of ISS into Global Services under the infrastructure management group therefore makes sense. But for now they bought a technology company with a lot of services around that specific technology.
It is also unclear how this technology is going to keep from being disintermediated as Cisco & Microsoft continue embededd more security functionality into their products. After all they literally own the infrastructure and desktop/server space. The true self defending network will have various embedded products closely working together and the ISS technology could become orphaned over time. So the placement of existing ISS technology into Tivoli doesn't make long term sense from this aspect, but could yield short term benefit for the swing toward IPS and automation currently underway.
Finally IBM are going to push ISS's MSSP service. As stated above I am very sceptical of this as a standalone answer to clients security management needs in the short term, unless some very problematic areas need critical addressing or there is a compliance need. Clients should be rather investing in infrastructure with embedded security capability, investing in IPS and other automation and start laying the groundwork for NAC. Any dollars spent on security services should be around the assurance of the above ecosystem and the proper operational management of all the components as opposed to management of discreet security products and alerts.
Note : the views expressed here are not necessarily those of Dimension Data!
CATEGORIES : 1aquisitions, 1trends, 1convergence, 1NAC, 1mssp, 1IBM, 1ISS