Ginni Rometty, IBM Corp.’s Chairman, President and CEO, says that cyber crime is the greatest threat to every company in the world. She is best known as head of one of the world’s largest and most prestigious corporations, but in cyber circles Rometty is best described as Commander-In-Chief and supreme leader of the world’s largest and most formidable security organization.
IBM Security is a $1.5 billion business and partly the result of fifteen security acquisitions over the past decade. Rometty says the security business unit marshals the knowledge of 6,000 experts. IBM calls itself the third biggest security software player in the world. Research firm Gartner calls it the largest security vendor selling exclusively to enterprises.
Marc van Zadelhoff, Vice President, Strategy and Product Management at IBM Security, has been promoted by Rometty’s executive staff. He will become General Manager at IBM Security in early 2016. van Zadelhoff was previously Vice President of Marketing and Business Development at Consul Risk Management, a global IT security software provider, which was acquired by IBM in 2007. For the past 9 years, van Zadelhoff has worked in various strategic roles for IBM security brands. Brendan Hannigan, IBM Security’s General Manager for the past 4 years, is leaving to spend more time with his family, according to a source at IBM.
The appointment of a new field general to lead IBM’s cyber troops is an important one, and it comes at a crucial time for IBM. The company has suffered through 14 consecutive quarters of sales declines as they continue shifting from legacy mainframe hardware and consulting services to next generation technologies including cloud, big data, analytics, and security. To reach its destination of profitability, IBM will need smart, aggressive business unit leaders who bring next generation strategies to fully exploit the next generation market opportunities they are pursuing.
IBM and van Zadelhoff have a major announcement this week, and it sounds like they’ve taken a page out of Salesforce.com’s playbook. Salesforce, the undisputed market leading online CRM company blew the doors off that market when they launched their AppExchange - which became a business app store featuring thousands of Salesforce add-on apps from a community of certified developers. It was a brilliant and groundbreaking move when Salesforce decided that a community of users and developers could do a better job at enhancing their CRM than they could do on their own. AppExchange generated a groundswell of industry support which catapulted Salesforce into the cloud computing stratosphere. Today Salesforce is the multi-billion dollar darling of the cloud industry.
IBM will be announcing this week it is opening its security analytics platform, IBM Security QRadar, enabling customers, business partners and other developers to build custom apps that take advantage of the platform's advanced security intelligence capabilities. The IBM Security App Exchange will be a marketplace for the security community to create and share apps based on the company’s security technologies.
The opening of its security analytics platform is the second major step IBM has taken this year to advance industry collaboration and innovation to battle highly organized cybercrime. When speaking at the IBM Security Summit earlier this year, Ginni Rometty had this to say on IBM’s new security technology: “We announced that more than 1,000 organizations across 16 industries are participating in our X-Force Exchange threat intelligence network. We only launched the network a month ago, so its rapid growth speaks to significant need. And we’re bringing a potent weapon to the fight – a 700 terabyte threat database including two decades of malicious cyber attack data from IBM’s security operations, as well as anonymous threat data from more than 4,000 organizations, which have contributed 300 new collections of data in the last month.” X-Force Exchange has a lot of wind in its sails and has grown to 2,000 participating organizations since it was announced in April.
This latest move can be a tipping point for IBM Security and the entire security industry. It has the potential to create a global corps of cyber fighters who band together - if they buy-in to IBM’s battle cry that by joining together the cyber good guys can defeat the cyber bad guys. A large unified manhunt is the most effective way to track down and thwart cyber criminals. "We need to remember that 80% of cybercrime is committed by highly organized gangs that are sharing data and applications” says IBM’s van Zadelhoff. “Unfortunately, sharing is not happening at the same scale between the good guys looking to defend themselves against attacks.”
Competition between security vendors and service providers can be a barrier to executing on IBM’s new model, but Marc van Zadelhoff says otherwise. He is welcoming all security vendors and service providers - including real and perceived competitors - to join in and build apps on the IBM Security App Exchange. The security space is still a cottage industry with only a handful of large vendors who focus exclusively on battling cyber crime. The rest of the field are VC funded and fledgling product companies and a growing legion of pure-play cybersecurity services firms who are ideally situated to leverage IBM’s threat intelligence network and their new App Exchange.
QRadar, IBM’s security intelligence platform, uses data analytics and threat intelligence to detect security incidents for thousands of security operation centers across the globe, including almost half of the Fortune 100. IBM Partners have already developed dozens of customized apps that extend IBM Security QRadar security analytics in areas like user behavior, endpoint data and incident visualization.
“Today, every organization and device is a target for cyber attacks” says Patrick Morley, CEO at Bit9 + Carbon Black, the endpoint security market share leader according to IDC. “The attackers have become organized and united. The security community must do the same. Cyber-security vendors must collaborate on integrated, unified solutions so we can take back the advantage from the attackers. Bit9 + Carbon Black is committed to delivering open, integrated security solutions. IBM's new App Exchange is a big step toward bringing our shared vision for collaborative security to life. The Carbon Black app we developed for IBM QRadar empowers our joint customers to see threats more quickly and stop them before they can do damage.”
Some other security vendors who have joined the App Exchange are BrightPoint Security, Exabeam, Resilient Systems, STEALTHbits and iSIGHT Partners. IBM will need to continue recruiting security product developers like these, plus get support from the security service provider community - if they are going to turn App Exchange into community with scale.
root9B, headquartered in Colorado Springs, Colo., with regional offices throughout the U.S., is a pure-play information security advisory, consulting, and professional services firm led by former U.S. Government cybersecurity experts. “The IBM Security App Exchange should be good for a growing pure-play community as it supports more open access to a platform with agile plugin development to easily integrate into a diverse client set” says John Harbaugh, root9B’s Chief Operating Officer. CISOs (chief information security officers) often look to root9B and other highly specialized security firms to help defend and protect their enterprises against cyber threats. “One of the challenges for this community is that the client base has a mix of deployed solutions and network devices that requires a flexible front-end to manage and analyze data (across all clients)” adds Harbaugh. “This type of move provides a potentially strong opportunity for standardization, while at the same time, allowing agile development in an environment of diverse "cybersecurity as a service” offerings.”
Marc van Zadelhoff is excited about his new role. He views IBM Security as a startup with huge growth potential. If the security business unit is going to be a major contributor to IBM’s next generation play, then they’ll need to step up the revenues. Consider some of IBM’s latest sales figures: Cloud revenues are up 65% year-to-date; Business analytics are up 19% year-to-date; Mobile revenues have more than quadrupled year-to-date; Social revenues increased 32% year-to-date; and Security increased 6%. Right now IBM Security accounts for roughly 2% of IBM’s total revenues - and it recorded the slowest growth amongst the next generation sectors that are central to IBM’s transformation.
Can an App Exchange do for IBM in Security what is has done for Salesforce in CRM? That is the big question for IBM Security in 2016.
