Describing rising cybercrime activity, corporate budget cutting, and lingering legacy security systems as a "perfect storm of security threats," IBM on Thursday waded into the identity and access management market to broaden its managed security offering for businesses.
In addition to promising new identity and access management services, IBM said it is launching a formal program that will allow partners to resell managed security services. It's also offering a free savings assessment that compares an organization's existing security infrastructure management costs to projected costs under IBM's managed security service.
Jason Hilling, management and services strategy executive for IBM Internet security systems, said the company has been considering moving into the identity and access management space for a while, but was prompted to accelerate its plans by a surge in security incidents among its 3,700 corporate clients.
"Over the past four months, we've seen a significant increase in the amount of attack activity being detected," he explained.
IBM X-Force, "an elite team of security experts," as IBM describes the group, saw the number of Web and network security events surge 30% during that period, from 1.8 billion to 2.5 billion, based on data culled from its managed security service clients.
At the same time, Hilling said, IBM noticed a 40% increase in its clients' use of IBM virtual security operations centers, the Web portal the company provides to its security clients to monitor attacks on their networks.
"The organizations themselves are acutely aware that the attacks have increased, otherwise they wouldn't be using the tool," he said.
Hilling attributes the sudden increase in attacks to the dismal economy. "We look at the economic downturn as being one of the most significant contributors to this increase," he said. "It's somewhat clichéd to say, but desperate times require desperate measures."
It may also be fair to say that desperate times require dramatic marketing, and IBM is not alone among security companies linking the economic downturn to a cybercrime upswing. Xerox Global Services, for example, has been warning that employee turnover may lead to data security risks. And Symantec recently cautioned that the global economic crisis will lead to more scams and phishing.
Hilling justified IBM's decision get into identity and access management by saying that IBM statistics indicate that 42% of vulnerabilities are caused by exploits tied to identity and access management.
The company's value proposition, he claimed, is that outsourcing security management to IBM can save companies on average 55% over in-house solutions. Your mileage may vary.
A recent InformationWeek report describes the value of applying risk management principles and logic in your vulnerability management program. Read the report here (registration required).