Along with augmenting its perimeter protection capabilities via ISS, expanding identity management tools across many of its business lines, and fostering data governance efforts to benefit issues like compliance and data leakage prevention, IBM is, however, focused on growing its presence in some burgeoning security niches.
Among those are management of encryption technologies and enterprise data discovery, which will fold accordingly into many of Big Blue's existing offerings, McIrvine said.
"Encryption key management has been around a long time, but because encryption is growing so quickly and there are so many different areas that require keys, companies are struggling with the overall process of adopting it more broadly," McIrvine said. "It's a very complex area, and admittedly we still have a lot of work to do on it ourselves, but there's an opportunity for tools and services that manage the entire encryption key lifecycle, and we're doing a lot of research and development in that area."
One of the hallmarks of companies trying to avoid data breaches and comply with state and federal data-handling regulations is that most of the organizations still have problems figuring out where all of their sensitive information is stored and how it is accessed, the executive said.
Those factors will continue to drive interest in so-called e-discovery tools, and IBM can parcel the systems into its data governance, compliance management, and managed services businesses as demand for the technology evolves, according to McIrvine.
"Discovery is an example of a less mature market that will become increasingly mainstreamed over the next two to three years and where we think it makes sense for us to invest," he said.
Industry watchers observed that it is sometimes hard to understand exactly what IBM's overarching security strategy may be, but the experts admitted that the challenge therein may lie in taking account of the diverse range of products and services that the company is adding security components in support of.
IBM will likely deal with growing pains as it works to integrate all of its security acquisitions and products, said Paul Stamp, analyst with Forrester Research. However, the company has added some compelling security assets over time, he said.
"I don't think you'll ever see IBM go out and try to buy all the pieces needed to become a true security player, as it were, but they can offer customers a significant portion of what they might need, especially in relation to their other products," Stamp said. "They have made a lot of investments; the difficult part for them will be putting everything they have together."
Stamp said that IBM will likely use security most effectively to continue to grow the margins of its massive services business.
Other experts agreed that IBM has never had a particularly clear security strategy but observed that it has added pieces that fit its corporate goals around building true "solutions" packages."
"The problem in understanding IBM's security vision is that it is scattered around so many divisions, and something like risk management is not a product that we can talk about in traditional terms," said Andrew Jaquith, analyst with Yankee Group. "I don't think we'll ever look at IBM as a security company in the pure sense, it's not in their DNA, but we will see that they provide elements of security throughout their offerings."
"I typically avoid the word 'solution' as it's usually misleading, but in this case with IBM and security is actually fits because they have hardware software and services, and they will continue to pull those packages together in a way that also includes security," the analyst said.