IBM's Big Gamble

12:45 PM -- Say the letters "IBM" out loud. What images come to mind? Big, "iron" mainframes with spinning reels of tape, circa 1972. Gray-haired men wearing three-piece, dark blue pinstriped suits and starched white shirts. The salesman in the old joke, sitting on the edge of the bed and telling his new bride how great it's going to be. Conservative. Safe. Dull.

Certainly, the word "gambler" doesn't appear in any of these images; in fact, many in the industry might consider the words "gamble" and "IBM" to be antonyms. But if you are among that crowd, you haven't been tracking IBM's efforts in the IT services industry. And I don't just mean on Wednesday, when Big Blue bet $3.1 billion with its buyout of Integrated Security Systems (ISS), but over the last 20 years.

Don't believe me? Get out your old trade pubs (sadly, most of them are not available online, and probably never will be. But that's why God invented bookshelves). Let's take a walk down memory lane and see where IBM's services business has been.

Wednesday, IBM bought one of the oldest independent names in security services, ISS, and told the world that it thinks large enterprises are ready to give up their point products and sign on with a single solution provider. And that, my friends, might be its biggest services gamble of them all.

Big Blue spouted estimates that predict a $22 billion market for managed security services (we're not sure where IBM got that figure, but there's a two-year-old report from IDC that predicts a market of $21.7 billion by 2007). But there’s no hard evidence that this prediction will come true. Oh, managed security services have made some headway in small businesses that don't have the on-staff skills to handle the security problem. But there's virtually no precedent to support the notion that large, Fortune 500 enterprises (IBM's sweet spot) are ready to turn their security problems over to a third party. If they were, wouldn't Accenture have more big-name security clients? Wouldn't Cisco and VeriSign? Sure, those companies have a few large security customers, but it's not exactly Sutter's Mill in 1849.

No, Big Blue is gambling that, with the help of ISS, it can actually create an industry movement to the security-as-a-service model. Val Rahmani said it at yesterday's conference: "Companies have not felt comfortable outsourcing security, until now." The inference: Enterprises previously didn't have a single company they could trust to handle the whole security task, but now that they do, they will flock to it. If you build it (or pony up a billion three), they will come.

It's possible that IBM is right about all of this. But having covered IBM services initiatives for nearly 20 years, I can't help but wonder if Big Blue isn't a good five years, if not a full decade, ahead of its time. It wouldn't be the first time that IBM gambled, and lost, on a new services venture.

— Tim Wilson, Site Editor, Dark Reading