IBM's security offensive

Last week, IBM announced a major new initiative focused on data security and risk management. IBM will introduce new products and services and partner with industry leaders like Application Security, PGP, Verdasys, and Seagate--and spend $1.5 billion in the process. Why is IBM jumping into the security pool?

1. Security has become strategic. CEOs are scared to death when they read the daily headlines about the latest publicly disclosed security breach. You can no longer address this by implementing the security product du jour since confidential data and security vulnerabilities are everywhere from mobile endpoints to mainframes. Executives now realize that they need strong partners and comprehensive security safeguards to protect their business processes, operations, and reputation.

2. Enterprise security expertise remains scarce. Most security vendors sell widgets, but CIOs want end-to-end protection. IBM's enterprise mindset will stand out from the tactical point tools crowd; only Cisco Systems, Hewlett-Packard, and Symantec can compete in the enterprise security space.

3. Security complements other IBM services. IBM can throw managed security on top of IT and business process outsourcing deals to differentiate its offerings and increase deal sizes. Security services will also help pull hardware and software in the rapidly growing SMB space.

This is one of those rare instances in the technology market when demand exceeds supply. IBM is betting that it can fill this gap. Look for IBM to acquire more security start-ups to fill in its portfolio.