IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses.
Much as security segment leaders Symantec and McAfee have retooled their own marketing strategies in hopes of appealing to large customers who find themselves drowning in a sea of security and compliance-related work, IBM contends that it can help companies craft more intelligent top-down strategies that allow them to save time and money.
The idea behind IBM's strategy is much the same as its security rivals in that it maintains that many businesses can improve their security and compliance efforts by planning the two types of projects in closer coordination and buying technologies that can aid in both efforts.
However, unlike those companies' strategies, which revolve primarily around integrating various types of security and compliance applications, IBM is hoping to help companies shift the manner in which they think about the problems in general, company officials said.
A key element of the strategy being proposed by IBM is that customers should also be able to procure IT products and services that can be applied to multiple security and compliance issues rather than individual problems. In many cases, IBM officials said, most of the needed technologies are already in place within customers today.
Enterprise businesses have struggled to move away from projects that are focused on addressing single compliance regulations or security issues because it has been hard to create best practices that appeal to both business and IT management camps, according to the firm.
IBM maintains that through a range of products and services delivered in pre-packaged combinations, it can allow companies to begin planning projects and budgets more closely along lines of organization-wide risk and governance oversight.
"Compliance has been the top area of spending for a lot of these companies over the last several years, but there's been a backlash from IT as it struggles with a constant flow of new demands around both compliance and security," said Chris Lovejoy, director of governance risk management strategy at IBM. "CIOs are looking at this from the perspective of dealing with new threats and regulations, and there is always pressure from business to improve quality of services; IT is having a hard time prioritizing where it will focus limited resources."
Lovejoy said that IBM will specifically aid customers in creating a process-based approach -- built around multiple industry standards -- that helps businesses better prioritize projects and technology procurement aimed at carrying out multiple security and compliance efforts.
"We can make sure that these customers can understand, execute, and measure the outcomes of these types of projects in a centralized manner; it's hard for them to do this today because they don't have unified technologies and processes to get visibility into the alignment of business and IT," Lovejoy said. "Companies want to know how to do this without boiling the ocean, so when it comes to enabling effective governance and risk management you need to start with a standardized approach that allows you to reuse tools for different types of problems."
The types of standards IBM has integrated into its IT governance and risk management offerings are best practices taken from initiatives like COBIT and COSO, the executive said.