IBM ushers in compliance products and services
Published:15-May-2007
By BR staff writer
Calling it a beginning, not an end, IBM is rolling out the first of a new series of product and service offerings targeted around governance, risk, and compliance. IBM is initially targeting three areas, including IT security, business resilience, and service management.
With the exception of design of new dashboards, repurposing consoles from the IBM Tivoli NetCool technology (originally designed for network node management), for the most part this is a regrouping of existing IBM products and services that have added some new content and focus.
For instance, IBM's Service Management body of offerings starts with a new "Business of IT Workshop" where CIOs are directory-level staff are taught the essentials of demonstrating the IT is, in effect, running the trains on time and meeting the demands of the business. It then drills down to more hands-on workshops covering service management strategy and planning and staff assessment.
And then it involves use of IBM Software products such as Rational Method Composer for planning the strategy. For implementation and managing service delivery, it involves IBM's Change and Configuration Management Database (CCMDB), for tracking the software and infrastructure elements of delivering service; Tivoli Service Request Center, for responding to trouble tickets; Rational Portfolio Manager, for assessing software investments; and WebSphere Service Registry and Repository, for governing web services.
And the implementation and manage phase may also involve supporting disciplines relating to quality management, architecture and design, enterprise asset management, and others for which IBM has service offerings.
IBM's GRC offerings for business resilience and IT security rely on a similar varied patchwork of products and services. Obviously, IBM is not the only player in this game, as enterprise app vendors like SAP and Oracle have products that deal heavily with policy compliance.
For instance, SAP offers a repository for corporate policies; risk analysis and reporting of business activities; and various vertical offerings targeting compliance across B2B relations and government environmental, occupational safety, and product safety controls. Meanwhile, Oracle's GRC offerings heavily leverage its recent Stellent content management acquisition.
Additionally, there are specialized offerings from niche providers such as BPS, many of which are driven off financial audit and risk, and in some cases provide targeted offerings such as Basel II, which is intended to improve the consistency of the way that banking institutions manage capital risk. And of course, consulting firms have added new practices focused specifically at GRC.
But what's interesting about IBM's is that compliance, which is usually thought of as driving GRC initiatives, is relatively far down the list. It's not in the first batch of offerings, although, along with data governance, it's likely to be in the next.
"We've identified the areas that are at top of mind for our customers," said Kristen Lovejoy, who directs strategy for IBMs GRC offerings.
"A lot of people are spending money on compliance, but compliance is not the [central] issue," she said, adding that instead compliance has become a "catalyst." Instead, GRC is about dealing with the issues keeping CIOs awake at night, such as how to more effectively spend IT dollars or dealing with the perennial issue of IT alignment with the business.
The IT Service Management bundle will adapt the NetCool network monitoring dashboard (from the Micromuse acquisition) to chart the performance of various IT assets. Covered by the new Tivoli Service Manager, this marks the first time that IBM has fully integrated NetCool technology. It combines the NetCool technology with Tivoli's existing Business Systems Manager, providing real time service scorecards and key performance indicators.
For the Security piece, IBM will also release an enhanced version of Tivoli Security Operations Manager with real-time dashboard new real-time displays to assist in maintaining operations during security attacks by malicious outsiders, employees or contractors.
In turn, next month IBM will release a new version of Rational Portfolio Manager with a new Web 2.0-style interface that will help team members submit time and expense reports, and some new links to other Rational tools to better align decisions during software development. That will presumably be released during next month's Rational user conference.
"This release is heavily focused on dashboards and management for risk assessment," said Lovejoy, who joined IBM as part of this year's Consul acquisition of security administration tools that pick up where IBM's existing offerings, such as RACF, left off. Those tools will be more closely integrated to Tivoli Access manager, and in turn with IBM's GRC offerings, in a later release.
Our View
As mentioned previously, IBM is hardly the only player in the GRC game. But with an arguably broader array of consulting, infrastructure management, and content offerings, IBM has had a greater challenge on its hands rationalizing its offerings in a GRC context compared to enterprise software providers like Oracle or SAP, or niche providers that come out of auditing or security fields.
So maybe it shouldn't be surprising that IBM is adding a broader context than compliance, which has driven most rival offerings. Then again, we are surprised that compliance wasn't on the short list for round one.
