IBM expands its managed security services

IBM took another step into the managed security services market recently with its purchase of Internet Security Systems, a publicly traded Internet security provider.

The all-cash transaction, valued at about $1.3 billion or $28 per share, is the fifth largest purchase in IBM’s history and Big Blue’s fourth acquisition of business processing and management software companies in the past few months.

The company expects the deal to close by the end of the year.

ISS software and services monitor and manage network vulnerabilities and thwart potential threats. The Atlanta-based company has almost 11,000 customers, including many of the world’s largest governments.

IBM said it intends to integrate ISS’ operations within its Infrastructure Management Services unit, part of IBM Global Services. It also plans to continue to offer ISS’ X-Force security intelligence service, which protects networks by analyzing online vulnerabilities and threat conditions.

The acquisition is “an important addition to IBM’s leading security and privacy services business,” said Val Rahmani, general manager of Infrastructure Management Services at IBM Global Services. “ISS is a strategic and valuable addition to IBM’s portfolio of technology and services,” she said.

“IBM has been investing in strategic acquisitions to help us target new market opportunities and extend our ability to help our clients innovate,” Rahmani said.

She said security is a strategic growth area for IBM, adding that surveys show organizations want to manage their own Internet security. That has become a $22 billion market opportunity.

“IBM believes the market is clearly heading toward demands for security as a service,” she said. “ISS shares this view and has been building toward this vision for several years.”

The deal will help both companies in the federal marketplace, said Paul Stamp, a senior security analyst at Forrester Research. “But IBM stands to be the bigger gainer,” he added.

“Government clients are more likely to prefer dedicated security services providers,” Stamp said. By the same token, they are less likely to want their security services outsourced.

“In the past IBM has had to partner on many such [security] projects,” he said. “Now it can be the prime [contractor] more often” because it will have in-house products to offer.

Stamp said ISS benefits from the purchase because it has been struggling to find new business opportunities.

The merger is “a giant step toward simplifying and scaling the complex security management model in enterprises today,” said Tom Noonan, president and chief executive officer of ISS. The complexity of managing multiple solutions and products has become a massive drain on information technology budgets, he added.

That sentiment is shared by Philippe Courtot, chairman and CEO of Qualys, a vulnerability management solutions provider based in Redwood Shores, Calif.

Courtot said IBM’s move makes a lot of sense and predicted the company will make similar purchases in the future because it’s no longer economical to sell old enterprise software solutions. “That’s why there’s consolidation,” he said. “You don’t find growth, and the margins are going down the tubes.”

Consolidation of the security solutions market will accelerate significantly. “There’s no question about it,” Courtot said.