As director of corporate security strategy at IBM, Stuart McIrvine is responsible for developing the company's overall road map for IT security products, services and partnerships. McIrvine's job, to which he was named in mid-October, involves managing a team that coordinates security-related initiatives across IBM's hardware, software, services and research groups.
McIrvine spoke with Computerworld this week about IBM's security offerings and plans.
What's your role at IBM?
I have the responsibility for the development and enhancement of IBM's corporatewide security strategy -- that is, a strategy to address the way the market sees security, wants to buy security (products and services), etc. From an internal perspective, it's very focused on aligning all the pieces we have.
What do you see as some of the key drivers of the IT security agenda at companies?
One of the main things is regulatory compliance, whether it's cross-industry regulations or industry-specific ones. Controlling access to systems, especially financial systems, (and) being able to provide audit trails are important. Another big area is just basically preventing business damage from cyberattacks -- the loss of productivity and the loss of revenue. Another thing that customers are looking at is really how to cope with multiple communication mediums, such as the Internet, VoIP and wireless, combined with the multitude of devices that people are using to gain access to these (systems).
What is IBM doing to help IT managers address such issues?
We have a business unit that's just focused on risk and compliance. They've developed a framework that is providing guidance for all of (the) regulatory compliance (needs of companies). Customers can drill down on a specific regulation. such as (the Sarbanes-Oxley Act), and we'll show particular focus areas of that regulation and map that to our portfolio.
What about helping them deal with cyberattacks?
We have about half a million devices worldwide that monitor (network) trends. Approximately 2,700 IBM security professionals analyze the information that comes out of those monitors and provide daily reports and recommended action to help our customers.
What do you see as IBM's value-add over pure-play security vendors?
IBM is looking at security not as an IT problem, but as a business problem. It's not just a case of focusing on firewalls and viruses. We're investing heavily in security management, access management, identity management, patch management and federated ID management. A lot of that is around our Tivoli business.
What can users expect to see from IBM over the next year or so in terms of security products and services?
It's really about tighter integration across our portfolio. You'll see a number of new management services, enhancements to our security management software portfolio and better integration across different departments providing security products. You'll also see a lot more focus on putting more security (capabilities) into the hardware.