IBM security boss reveals roadmap

Appointed director of corporate security strategy at IBM in October, Stuart McIrvine is responsible for developing the company's...

Appointed director of corporate security strategy at IBM in October, Stuart McIrvine is responsible for developing the company's roadmap for IT security products, services and partnerships. He spoke to us this week about the company's security offerings and plans.

What's your role at IBM?

I am responsible for the development and enhancement of IBM's corporatewide security strategy - that is, a strategy to address the way the market sees security, wants to buy security products and services, and so on. From an internal perspective, it's very focused on aligning all the pieces we have.

What do you see as some of the key drivers of the IT security agenda at companies?

One of the main things is regulatory compliance, whether it's cross-industry or industry-specific regulation. Controlling access to systems, especially financial systems, and being able to provide audit trails are important. Another big area is preventing business damage from cyber-attacks - the loss of productivity and revenue. Another thing customers are looking at is how to cope with multiple communication mediums, such as the internet, VoIP and wireless, combined with the multitude of devices that people are using to gain access to these systems.

What is IBM doing to help IT managers address such issues?

We have a business unit focused on risk and compliance. It's developed a framework of guidance for all the regulatory compliance needs of companies. Customers can drill down on a specific regulation, such as the Sarbanes-Oxley Act, and we'll show particular focus areas of that regulation and map that to our portfolio.

What about helping them deal with cyber-attacks?

We have about half a million devices worldwide that monitor network trends. Approximately 2,700 IBM security professionals analyse the information that comes out of those monitors and provide daily reports and recommendations to help our customers.

What do you see as IBM's value-add over pure-play security suppliers?

IBM is looking at security not as an IT problem, but as a business problem. It's not just a case of focusing on firewalls and viruses. We're investing heavily in the management of security, access, identity, patch and federated ID. A lot of that is around our Tivoli business.

What can users expect to see from IBM over the next year or so in terms of security products and services?

It's really about tighter integration across our portfolio. You'll see a number of new management services, enhancements to our security management software portfolio and better integration across different departments providing security products. You'll also see a lot more focus on putting more security capabilities into the hardware.

Jaikumar Vijayan writes for Computerworld

Read more on IT strategy