BOSTON --– On the heels of several enhancements to its core Internet Security Systems (ISS) products announced last week, IBM on Wednesday further ramped up its security story by outlining its vision for the integration of security across its product lines and additional announcements around application security, identity management and data protection for retailers.
Steve Mills, senior vice president and group executive of IBM's software group, told analysts and press at the IBM Security Summit that Big Blue'sIBM developers are building security into key offerings such as the WebSphere application server and Lotus Notes. "We see security as a key attribute and capability that IBM delivers," Mills said.
Val Rahmani, general manager of ISS, pointed out that IBM's customers are rapidly evolving or overhauling business models by taking advantage of collaboration technologies and outsourcing options. She stressed the need to integrate security and risk management at the outset of a project, and the importance of the key is the managing ement of access to resources. "CEOs see change, but their ability to manage that change is not keeping pace," Rahmani said. "There's a lot more openness and collaboration from top-performing companies; we want to encourage that."
IBM presented its big-picture vision of security via the release of its first Security Technology Outlook report. Similar to the Global Technology Outlooks IBM has been doing for years, the security version is a high-level view of security trends that IBM should be looking at as a company. The report highlights nine trends:
Al Zollar, IBM Tivoli software general manager, Al Zollar acknowledged that the need for application protection is paramount, and the insertion of security practices during the development lifecycle is a key strategy. Architecturally, Zollar said it's important that IBM internally turn its security capabilities into decoupled services that can be exposed to its programmers via service-oriented architecture (SOA) and Web services standards.
Zollar noted that testing and code scanning is also essential to application security and that IBM is in position to produce safe code via its Rational AppScan product, which is used internally as well as sold to customers. IBM also announced a developer version of AppScan on Wednesday, complementing its Enterprise, Standard and Tester versions. Also, IBM Tivoli Security Policy Manager was also introduced. The software manages application entitlements and SOA security policy management, shoring up access controls to applications and services.
"We find that vulnerabilities in applications happen because of poor knowledge at design time and poor understanding of what classic vulnerabilities might be," Zollar said. "These are not known by application developers."
Data-rich retailers are a big target for hackers. IBM's announcement of its new SecureStore framework addresses this area. SecureStore is a suite of protections and services, an integrated platform that IBM says will help retailers protect customer and financial data and meet compliance requirements.
SecureStore combines products from ISS, Tivoli and Rational to protect against threats to networks and applications, with physical protections, including surveillance and RFID systems to secure physical assets at retail locations.
"We are seeing threat convergence in the retail sector," Rahmani said. "The same organizations perpetrating in-store theft are also attacking retailers online. Retailers are under immense pressure and don't have the resources to cope."
Finally, IBM also announced migration services and pricing in an attempt to lure HP customers. Hewlett-Packard Co. announced recently it was leaving the identity management business.