IBM Adds Security To Its IT Services Menu With ISS BuyIBM Adds Security To Its IT Services Menu With ISS Buy

Last week at McIntosh's, a clubby steak house popular with the executive set in Charlotte, N.C., IBM services chief Mike Daniels was looking to close a deal with a customer who has several million dollars to spend. In addition to footing the bill for a couple of prime filets, Daniels was able to throw in an appetizer--earlier in the day, he signed off on an agreement to acquire Internet Security Systems for $1.3 billion, adding an enticing range of new security offerings to his own menu of tech services.

ISS is largely a software company, but it's moving into IBM's $47 billion Global Services division, not the software group. That's because IBM wants to sell middleware that keeps finicky business apps like those from Oracle and Siebel running smoothly, and it also wants to operate, host, and maintain that middleware for customers. IBM's betting that adding a layer of security services will make its outsourcing offerings more appealing.

Ingersoll-Rand CIO Barry Libenson, Daniels' dining companion that evening, says he just might go for it. The company, which makes Bobcat construction vehicles and other industrial equipment, pays a small staff to do nothing but monitor its networks for signs of hackers, worms, and other threats. Turning the job over to IBM would cut labor costs and provide access to top-notch pros that Libenson says are in short supply. Part of Daniels' pitch between courses: "We'd have the guys that created the technology managing it and running it on our behalf," Libenson says.

ISS's offerings include its Proventia network protection software and RealSecure server security system. IBM says the products complement its Tivoli security and infrastructure management products, which focus primarily on end-point security such as user authentication. IBM hasn't decided whether it will continue to sell ISS's security software and appliances as standalone products carrying the ISS brand.

Most big security vendors offer standalone products that lack a strong services component. They could take a hit if customers decide they'd rather let IBM monitor and defend their networks. Given the growing complexity of the threats, there's a good chance the market will turn in that direction, says Jon Oltsik, an analyst at the Enterprise Strategy Group. "Companies are looking to outsource security, and it's just the tip of the iceberg," he says. And specialized sellers of managed security services also could find themselves outflanked because they lack IBM's full range of IT services offerings. Few businesses want a different outsourcer for each task.

Ingersoll-Rand protects its networks with technology from Cisco Systems that it maintains in-house. But Libenson is intrigued by IBM's plans for security services. "It would be nice not to have to have five guys on staff for that and have security be a component of our broader outsourcing relationships," he says.

Rethinking Software

Through a spate of recent acquisitions and internal development, IBM is compiling a stable of software that it plans to use to automate and remotely manage many mundane but vital IT tasks--network monitoring, server administration, desktop provisioning, and the like--that keep many tech staffers busy and cost businesses millions in overhead and salaries.

It's a services push, but IBM's software unit is a key part of the plan. For years, the group has existed as a silo within the company, churning out products primarily designed for customers to buy and use in-house. Now its focus has shifted to building systems that can be deployed as a service, on demand and remotely manageable. "They're doing a lot of things that traditionally would have been implemented as software by the customer and moving it to an on-demand type service," says Cindy Shaw, an analyst at investment bank Moors & Cabot.

To that end, IBM is designing more of its software with a services environment in mind. "The services business is solving problems for customers and they're using our software assets to do that," says Deborah Magid, director of strategy for IBM's venture capital group. "There's a lot more cross-talk" between IBM groups, she says.

Software that automates processes and is delivered as a service sounds simple, but IBM says the market for such "information on demand" technology will reach $69 billion by 2009. Security will be a big part of that.

Share Of Wallet

IBM spent August rounding out other parts of its software portfolio with an eye to enriching its services toolkit. On Aug. 1, the company bought privately held Webify Solutions, a developer of service-oriented architecture software, which helps companies link business applications without messy, manual integration projects. On Aug. 10, it announced a $1.6 billion offer to purchase content management software vendor FileNet. And last week, it completed the $740 million acquisition of MRO Software, an enterprise asset management specialist.

Buying smaller niche players means that IBM needs fewer partners to fulfill a services engagement, and that means less revenue sharing. And it could use the revenue. The company's services sales have been flat in recent years and software has grown only modestly. IBM is adding a lot of homegrown software to the services mix as well. Earlier this year, it rolled out a number of enhancements to its Tivoli line aimed at automating routine IT management processes.

Services deals also mean IBM can leverage its offshore delivery centers in lower-cost India. The company is adapting many of the management tools needed to keep a close eye on IT infrastructures so they can be operated from offshore.

It's all meant to help increase so-called share of wallet at big-business customers like Ingersoll-Rand. IBM already hosts and manages the company's Siebel and Oracle systems, but Libenson wants to hand off a lot more to an outsourcer--everything from manufacturing applications to supply chain systems is up for grabs. He says he'll choose a vendor in 60 to 90 days for a multiyear contract worth $40 million annually. IBM's not a shoo-in: he's also taking a close look at Hewlett-Packard. Libenson says vendors that lack in-house technology--including CSC and EDS--need not apply. "If there's a problem with one of the boxes running my systems, I want to know that some of the best hardware minds in the industry are on it," he says. IBM's given him a lot to chew on, including one fine 13-ounce filet at McIntosh's.