Not so long ago, major organisations would plug their IT security holes with an assortment of discrete products drawn from any number of vendors. But as the threats to corporate security have multiplied, the costs of maintaining such a fragmented security environment have ballooned out of control.
Today, security officers are crying out for low-cost, easy-to-maintain, integrated IT security platforms and are increasingly opting for products and applications with enhanced security built it. That change in demand is fuelling widespread consolidation in the sector, as the giants of IT jostle for larger slices of the expanding security pie.
IBM is a case in point. Its aggressive push into the security market in 2006 with the acquisition of network security provider Internet Security Systems and risk management provider Consul was followed up last month with the purchase of privately-held application security vendor watchfire. Its chief product, AppScan, is an application security testing suite which enables organisations to seek out vulnerabilities in their web applications and guard against the proliferation of online threats.
The move forms part of IBM’s broader strategy to target the growing IT governance and risk management space, which it estimates will be worth a chunky $30 billion by 2008.
IBM intends to roll Watchfire’s technologies into its Rational Software division – which in June ensured its dominance of the higher end of application development with the purchase of Swedish software development specialist telelogic for Skr5.2 billion (£380m) – see Company Analysis.
The strategic value of vulnerability management was not lost on IBM rival hewlett-packard, which snapped up Watchfire’s chief competitor, SPI Dynamics, in the same month. As with IBM, the application security vendor should provide a strong complement to the HP’s 2006 acquisition of Mercury Interactive, the automated software quality assurance provider.
Security was also high on the agenda for information infrastructure vendor EMC in June; in this case the focus was on identity management. Adding to its RSA Security operation, acquired in June 2006, the company bought identity authentication technology provider Verid.
Florida-based Verid’s Knowledge-Based Authentication process is used to initially vet and verify the identity of consumers as they open new accounts or enroll for new services. It will sit alongside RSA’s existing tools and processes for on-going authentication.