February 6, 2007 2:04 PM PST

Security on demand heads for mainstream

Related Stories

Securing the data, not the perimeter

February 6, 2007

IBM completes ISS takeover

October 20, 2006
Businesses are warming up to the idea of letting outsiders handle security for their networks, bringing the idea more into the mainstream, according to industry veteran Thomas Noonan.

Noonan, general manager of IBM Internet Security Systems, which provides such on-demand protective services, said in an interview Monday that the efficiency of response to new malicious software is a driver for adoption.

"If I'm connected to customers (every minute of the day), I can preemptively protect them from threats--threats they didn't even know about five seconds ago," he said.

Tom Noonan Tom Noonan

Security on demand has matured in the past year, moving from a concept to a workable reality, Noonan told CNET News.com. He said he intends to address the topic in detail at his keynote speech Wednesday at the RSA Conference 2007 in San Francisco.

"Last year, we discussed many of the concepts of on-demand security and why we believed it would be a tremendous benefit to customers, who struggle with the cost and complexity of managing their security," he said. "This year, we'll talk about the realities of that and how on-demand models can be enabled from a security platform perspective."

In the wider software industry, providers are moving toward offering their products on demand--either their entire lineup or just part of their portfolio. In an on-demand model, the software is hosted on systems outside the customer's site, and the customer "rents" access to the programs as needed. Salesforce.com was created from the ground up with an on-demand model, while industry titans such as business software maker SAP are beginning to test the waters.

Noonan noted that the security industry's shift to on-demand is driven by slightly different customer needs than that of the overall software industry.

special coverage
Unlocking security at RSA 2007
All the latest from the security confab in San Francisco.

Companies offering on-demand software hope to appeal to customers by pitching lower costs and ease of use with enterprise software applications. But security on demand also provides businesses with an efficient response to emerging threats, Noonan said.

He also noted that it allows customers to switch their weekend and late-night monitoring of threats to the outside security vendor, then switch the responsibility back to in-house systems during normal work hours.

ISS is not the only company to offer on-demand security services. Its competitors include McAfee, via its Foundstone division, and Symantec.

Ongoing shakeout
Other security trends Noonan expects to accelerate include the rapid consolidation of the security industry. Last, for example, IBM acquired Noonan's ISS for $1.3 billion and storage giant EMC snapped up RSA Security for $2.1 billion.

"Our studies show that the average customer has about 32 independent security vendors that they use. I don't think that's sustainable," Noonan said.

He added that those figures do not include the growing number of IT vendors incorporating security features into their flagship products, such as Cisco Systems with its networking gear, and Microsoft with its Vista operating system.

IBM is another example of an IT vendor looking to grow its security offerings. IBM's acquisition of ISS, which closed in October, has lead to an "epic" 90 days for the former standalone security company, Noonan said.

ISS, which retains its offices in Atlanta and operates a business unit within IBM Global Services' infrastructure management services organization, has more than doubled its research and development staff since the acquisition, he said. It has also doubled its sales team.

The new ISS is focused on areas where it can leverage its security offerings with other areas of IBM, such as the Tivoli and Lotus product teams, Noonan said. For example, ISS is working on tweaking its core Proventia product line to work on IBM's blade server architecture. The division also wants to integrate its security lineup with IBM's Lotus Notes e-mail software.

The merger has also helped bump up ISS' customer base, Noonan said. "It's just been amazing to me how IBM has been able to open up new customer doors and new partners for us to talk to," he said.

The division's quarterly retention rate and customer satisfaction level have both increased in the fourth quarter, he added.

"Our fourth-quarter maintenance and support contracts have had the strongest renewal rates that they've had in the past year, and probably two years," Noonan said.

In addition, ISS has been able to retain all of its executives since the merger occurred and has lost very few employees.

"Our attrition rate has gone down since the merger and, in part, I think people want to see how this will all work out," said Noonan. "We're creating new jobs, and new projects are being funded."

See more CNET content tagged:
on-demand, information technology company, RSA Security Inc., IBM Corp., R&D


Join the conversation!
Add your comment
Art Coviello--Self-righteous and Smg...INDEED!
Mr. Coviello is typical of today's large security company executive mentality. You either do it our way or you'll perish. His puffed up proclamation of a pending boom in new viruses is self-serving hype. Claiming that everyone should forget about being secure and just focus on protecting data is a laughable admission that despite all the technology and huge investments...all these sages of security won't make someone secure! Gee whiz, I wonder what's next. Are the makers of the self-defending networks, zero administration devices and all-in-one protection suites going to put out a warming: All marketing claims are subject to the reality that you are only as secure as you think.
Posted by Schratboy (122 comments )
Reply Link Flag
Outsourced Security (* ROFLOL *)
Security is one of the few things you DON'T want to outsource!!!

It places your company in jeapordy of the 3rd party... something I perosonally shudder the thought of.

If you don't have the security budget to do it in-house yourself... them you're doomed from the start.

Posted by wbenton (522 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.