By Dawn Kawamoto
Staff Writer, CNET News.com
February 6, 2007
Businesses are warming up to the idea of letting outsiders handle
security for their networks, bringing the idea more into the mainstream,
according to industry veteran Thomas Noonan.
Noonan, general manager of IBM Internet Security Systems, which provides
such on-demand protective services, said in an interview Monday that the
efficiency of response to new malicious software is a driver for
"If I'm connected to customers (every minute of the day), I can
preemptively protect them from threats--threats they didn't even know
about five seconds ago," he said.
Security on demand has matured in the past year, moving from a concept
to a workable reality, Noonan told CNET News.com. He said he intends to
address the topic in detail at his keynote speech Wednesday at the RSA
Conference 2007 in San Francisco.
"Last year, we discussed many of the concepts of on-demand security and
why we believed it would be a tremendous benefit to customers, who
struggle with the cost and complexity of managing their security," he
said. "This year, we'll talk about the realities of that and how
on-demand models can be enabled from a security platform perspective."
In the wider software industry, providers are moving toward offering
their products on demand--either their entire lineup or just part of
their portfolio. In an on-demand model, the software is hosted on
systems outside the customer's site, and the customer "rents" access to
the programs as needed. Salesforce.com was created from the ground up
with an on-demand model, while industry titans such as business software
maker SAP are beginning to test the waters.
Noonan noted that the security industry's shift to on-demand is driven
by slightly different customer needs than that of the overall software
Companies offering on-demand software hope to appeal to customers by
pitching lower costs and ease of use with enterprise software
applications. But security on demand also provides businesses with an
efficient response to emerging threats, Noonan said.
He also noted that it allows customers to switch their weekend and
late-night monitoring of threats to the outside security vendor, then
switch the responsibility back to in-house systems during normal work
ISS is not the only company to offer on-demand security services. Its
competitors include McAfee, via its Foundstone division, and Symantec.
Other security trends Noonan expects to accelerate include the rapid
consolidation of the security industry. Last, for example, IBM acquired
Noonan's ISS for $1.3 billion and storage giant EMC snapped up RSA
Security for $2.1 billion.
"Our studies show that the average customer has about 32 independent
security vendors that they use. I don't think that's sustainable,"
He added that those figures do not include the growing number of IT
vendors incorporating security features into their flagship products,
such as Cisco Systems with its networking gear, and Microsoft with its
Vista operating system.
IBM is another example of an IT vendor looking to grow its security
offerings. IBM's acquisition of ISS, which closed in October, has lead
to an "epic" 90 days for the former standalone security company, Noonan
ISS, which retains its offices in Atlanta and operates a business unit
within IBM Global Services' infrastructure management services
organization, has more than doubled its research and development staff
since the acquisition, he said. It has also doubled its sales team.
The new ISS is focused on areas where it can leverage its security
offerings with other areas of IBM, such as the Tivoli and Lotus product
teams, Noonan said. For example, ISS is working on tweaking its core
Proventia product line to work on IBM's blade server architecture. The
division also wants to integrate its security lineup with IBM's Lotus
Notes e-mail software.
The merger has also helped bump up ISS' customer base, Noonan said.
"It's just been amazing to me how IBM has been able to open up new
customer doors and new partners for us to talk to," he said.
The division's quarterly retention rate and customer satisfaction level
have both increased in the fourth quarter, he added.
"Our fourth-quarter maintenance and support contracts have had the
strongest renewal rates that they've had in the past year, and probably
two years," Noonan said.
In addition, ISS has been able to retain all of its executives since the
merger occurred and has lost very few employees.
"Our attrition rate has gone down since the merger and, in part, I think
people want to see how this will all work out," said Noonan. "We're
creating new jobs, and new projects are being funded."
Subscribe to the InfoSec News RSS Feed