Based in Atlanta, Ga., ISS specializes in software, appliances and services that help IT shops monitor and manage network vulnerabilities. It's ISS X-Force intelligence service has been credited with discovering a number of recent Microsoft security holes. IBM said it will use that expertise to "automate labor-based processes into standardized, software-based services that help clients optimize and transform their businesses."
"Companies recognize that rapidly evolving security threats and complex regulatory requirements have turned security into a mission-critical priority," Val Rahmani, general manager of infrastructure management services at IBM Global Services, said in a statement.
Rahmani went on to call ISS "a strategic and valuable addition to IBM's portfolio of technology and services. This acquisition will help IBM to provide companies with access to trained experts and leading-edge processes and technology to evaluate and protect against threats and enforce security policies."
The acquisition is subject to ISS shareholder and regulatory approvals and other customary closing conditions, IBM said. The transaction is expected to close in the fourth quarter of 2006.
ISS CEO Tom Noonan said in a statement
"Clients increasingly recognize that security must become a network-integrated business process rather than a reactive response to individual threats," he said. "By delivering an integrated security platform that is adaptable and extensible to address new threats and business requirements without incremental complexity and cost, ISS has delivered the foundation for delivering security as a service. These on-demand capabilities, together with our managed security services, appliances and software will further bolster IBM's leading security services and products as we take this innovation out to a larger, global stage."
ISS claims to have more than 11,000 customers worldwide, including 17 of the world's largest banks, 15 of the largest governments, 11 of the top public insurance companies and 13 of the world's top IT organizations.
ISS to operate independently
During a press conference Wednesday morning, Noonan and Rahmani said that while ISS and IBM will work to integrate technology, especially in the area of managed security services, ISS will operate as an independent business unit within IBM's global services organization and the current management team will remain intact. The company will keep its Atlanta headquarters and no job cuts are anticipated.
"We'll use this as a base for managed security services going forward," Rahmani said. Noting that IBM already includes security software in its Tivoli product line and offers some managed security services already, she added, "Tivoli, in particular, will work lock-step with ISS, as new products are developed. Managed security services is our big thing, something that has become critical for our customers."
They noted that a partnership between ISS and IBM has existed since 1999, and the acquisition came about from ongoing discussions the two companies have had over the years as part of the partnership.
"The industry realizes that the complexity of managing multiple solutions and point products has become a massive drain on IT budgets," Noonan said, adding that while the Internet has helped companies increase productivity, it has also placed them at greater risk of attack from organized online groups. In this environment, he said, "There's a strong desire among CIOs for a single-source vendor who can help them meet all their complex needs."
That's why IBM's acquisition of ISS makes sense, he said.
'Maybe it's time to stop dating'
IBM and ISS executives said the seeds of the deal were planted at the beginning of 2006, when Julie Donahue, the vice president and general manager of security and privacy services at IBM, called Noonan to talk about the state of the security market. The two had worked together many years before at Dun and Bradstreet, and Donahue -- who was new to the security industry – asked Noonan for guidance on the mandate she had been given by IBM management to rethink the company's security offerings.
"Tom told me that security was moving toward services, that it had to move that way," Donahue said. "There is a huge customer need to reduce complexity and one of the best ways to do that is through the use of managed services."
IBM and ISS have been partners since 1999 and, after a few months in her new job, Donahue began thinking that a closer relationship would be beneficial for both companies. She pitched the idea to senior management, stressing the strength of ISS' managed services business and the voids in IBM's own offerings – voids that ISS' appliance and software products could fill.
"At that point in time I approached Tom and said, 'The partnership has been great, but maybe it's time to stop dating and get married,'" Donahue said.
Both Donahue and Peter Evans, vice president of marketing at ISS, said that although the managed services business was the main impetus for the acquisition, IBM plans to develop and sell ISS' Proventia appliances as well as its various software applications.
"I couldn't have built the case for this acquisition on the back of services alone. We will continue to invest in Proventia and the software platforms," Donahue said.
"There isn't an on-demand model without the technology behind it," Evans said. "IBM had an absolutely similar vision for delivering on-demand security services [as ISS does]. The more we talked, the more sense it made."
News Director Dennis Fisher contributed to this story.