One of the things that distinguishes security from other IT disciplines is its massive scope.
In simple terms, if you own the corporate network, you care about switches, routers, and traffic going from Point A to Point B. If you own security, you have to look up and down the old "technology stack" while keeping an eye of physical security and cross-company business processes. Little wonder why so many companies experience so many data breaches.
For years, the security industry seemed to disregard the broad scope of problems faced by enterprise organizations. Instead, even the biggest security firms like Check Point and McAfee simply offered the threat management widget du jour. This is like your local tire store saying that it is in the business of selling automobiles. Something had to give which is why big enterprise-savvy companies like EMC, Hewlett-Packard, and IBM entered the market.
I met with IBM at last week's RSA Conference in San Francisco, Rather than talk about threat management products from ISS or identity management software from Tivoli, IBM presented a few interesting things:
A comprehensive security framework based upon enterprise user security requirements rather than its portfolio of products.
Integration between security and business processes.
IBM now has a single person, Chris Lovejoy, who is responsible for coordinating security activities across IBM product and business units.
An aggressive partnering program to enhance its homegrown offerings.
No, IBM doesn't have all the answers. And there are probably lots of areas where others have better products. That said, IBM has organized its security portfolio in a way that meets enterprise requirements at the board level--and not just in the security products test lab.
Between this user-centric framework and its deep resources, IBM ought to win its fair share of security deals moving forward.