Skip Links

Network World

  • Social Web 
  • Email 
  • Close

IBM spells out IT governance and risk strategy

New security division will offer professional services
By Ellen Messmer , Network World , 05/15/2007

IBM today outlined its strategy towards IT governance and risk management, a phrase that security professionals use to describe the management of IT assets and processes, including enforcing security policy and ensuring business continuity.

IBM, which has been on a buying spree of companies in the risk-management arena, says the IBM Governance & Risk Management division will be providing professional services, combined with tailored product offerings, to customers seeking help in coming up with corporate plans and implementing them.

Don't Miss!Read the latest WhitePaper - Monitor the core and troubleshoot the access layer with integrated network analysis solutions

“There are basically two holes in IT governance -- how to get reliable information about current applications and architectures in order to set the direction of policies, and then where do you enforce that policy,” says Bob Madey, vice president of strategy and business development at IBM Tivoli.

During the past year, IBM has seen IT governance and risk management as a growing market, and to beef up its product portfolio, has sought out and acquired smaller vendors with specific product expertise, including Consul, FileNet, Micromuse and Internet Security Systems.

Related Content

The products obtained in these acquisitions, such as the Micromuse Netcool security-information management that has been integrated into the Tivoli Business Systems Manager, are the arrows in IBM’s quiver in the effort to convince customers that it can help with their risk-management concerns.

However, Madey says it’s not necessary to be an IBM Tivoli customer to benefit from the IBM’s IT governance and risk management services.

IBM says its learning curve on the security topic has accelerated through a group it established three years ago called the Data Governance Council, which comprises 34 IBM customers and 12 IBM business partners and vendors.

Steve Adler, IBM program director of the Data Governance Council, says the group is comprised mainly of CISOs, CIOs and some CEOs. They meet regularly to discuss in private the impact that regulations such as Gramm-Leach-Bliley and numerous data-privacy regulations are having on their organizations, he says.

“There are data-use issues when companies are outsourcing application development offshore, for instance, or merchants are holding sensitive data” Adler says. “We spend the time talking about these problems. And we’ve come up with a list of best practices we see as a ‘maturity model.’”

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed
Save The Date!
What They Are Saying

If the IT manager is knowledgeable regarding Cisco technology, he would have 2 options. Option 1 - Consult...- Anonymous

Join the Discussion