[ISN] Security on demand heads for mainstream

From: InfoSec News (alerts@private)
Date: Tue Feb 06 2007 - 22:25:25 PST


http://news.com.com/Security+on+demand+heads+for+mainstream/2100-7355_3-6156826.html

By Dawn Kawamoto
Staff Writer, CNET News.com
February 6, 2007

Businesses are warming up to the idea of letting outsiders handle 
security for their networks, bringing the idea more into the mainstream, 
according to industry veteran Thomas Noonan.

Noonan, general manager of IBM Internet Security Systems, which provides 
such on-demand protective services, said in an interview Monday that the 
efficiency of response to new malicious software is a driver for 
adoption.

"If I'm connected to customers (every minute of the day), I can 
preemptively protect them from threats--threats they didn't even know 
about five seconds ago," he said.

Security on demand has matured in the past year, moving from a concept 
to a workable reality, Noonan told CNET News.com. He said he intends to 
address the topic in detail at his keynote speech Wednesday at the RSA 
Conference 2007 in San Francisco.

"Last year, we discussed many of the concepts of on-demand security and 
why we believed it would be a tremendous benefit to customers, who 
struggle with the cost and complexity of managing their security," he 
said. "This year, we'll talk about the realities of that and how 
on-demand models can be enabled from a security platform perspective."

In the wider software industry, providers are moving toward offering 
their products on demand--either their entire lineup or just part of 
their portfolio. In an on-demand model, the software is hosted on 
systems outside the customer's site, and the customer "rents" access to 
the programs as needed. Salesforce.com was created from the ground up 
with an on-demand model, while industry titans such as business software 
maker SAP are beginning to test the waters.

Noonan noted that the security industry's shift to on-demand is driven 
by slightly different customer needs than that of the overall software 
industry.

Companies offering on-demand software hope to appeal to customers by 
pitching lower costs and ease of use with enterprise software 
applications. But security on demand also provides businesses with an 
efficient response to emerging threats, Noonan said.

He also noted that it allows customers to switch their weekend and 
late-night monitoring of threats to the outside security vendor, then 
switch the responsibility back to in-house systems during normal work 
hours.

ISS is not the only company to offer on-demand security services. Its 
competitors include McAfee, via its Foundstone division, and Symantec.


Ongoing shakeout

Other security trends Noonan expects to accelerate include the rapid 
consolidation of the security industry. Last, for example, IBM acquired 
Noonan's ISS for $1.3 billion and storage giant EMC snapped up RSA 
Security for $2.1 billion.

"Our studies show that the average customer has about 32 independent 
security vendors that they use. I don't think that's sustainable," 
Noonan said.

He added that those figures do not include the growing number of IT 
vendors incorporating security features into their flagship products, 
such as Cisco Systems with its networking gear, and Microsoft with its 
Vista operating system.

IBM is another example of an IT vendor looking to grow its security 
offerings. IBM's acquisition of ISS, which closed in October, has lead 
to an "epic" 90 days for the former standalone security company, Noonan 
said.

ISS, which retains its offices in Atlanta and operates a business unit 
within IBM Global Services' infrastructure management services 
organization, has more than doubled its research and development staff 
since the acquisition, he said. It has also doubled its sales team.

The new ISS is focused on areas where it can leverage its security 
offerings with other areas of IBM, such as the Tivoli and Lotus product 
teams, Noonan said. For example, ISS is working on tweaking its core 
Proventia product line to work on IBM's blade server architecture. The 
division also wants to integrate its security lineup with IBM's Lotus 
Notes e-mail software.

The merger has also helped bump up ISS' customer base, Noonan said. 
"It's just been amazing to me how IBM has been able to open up new 
customer doors and new partners for us to talk to," he said.

The division's quarterly retention rate and customer satisfaction level 
have both increased in the fourth quarter, he added.

"Our fourth-quarter maintenance and support contracts have had the 
strongest renewal rates that they've had in the past year, and probably 
two years," Noonan said.

In addition, ISS has been able to retain all of its executives since the 
merger occurred and has lost very few employees.

"Our attrition rate has gone down since the merger and, in part, I think 
people want to see how this will all work out," said Noonan. "We're 
creating new jobs, and new projects are being funded."


______________________________________
Subscribe to the InfoSec News RSS Feed
http://www.infosecnews.org/isn.rss



This archive was generated by hypermail 2.1.3 : Tue Feb 06 2007 - 22:47:22 PST