IBM has detailed its plans to spend $1.5 billion on security product development in 2008, reflecting an intensifying focus in this area. This figure it independent from what IBM is spending on acquisitions, such as when it acquired Internet Security Systems Inc. for $1.3 billion and Watchfire Corp. for at least $100 million.
While IBM executives would not give any figures on what is traditionally spent, analyst Charles King of Pund-IT Research believes that $1.5 billion is twice what IBM usually spends in security research and product development annually.
"Our approach is that security is kind of broken," McIrvine [Director of IBM's Corporate Security Strategy] said. "Companies are leaving security in the hands of IT and operations people, looking at servers, databases and putting up firewalls and updating antivirus signatures. But they have no real view of what they are protecting from a business strategy viewpoint, understanding the core objectives and risks to meeting those objectives."
IBM's aims to engage the business side to surface key processes and systems, and from a top down to understand objectives and risk, and then to mitigate the risk with the available budget. "We are in the mitigation business, helping companies decide what risks to accept," McIrvine said.
Corporations worldwide spend as much as $100 billion on security and IBM is probably eager for a slice of the pie.
While we are on this topic, do you think that your company is spending enough on IT security? What do you consider the bare minimum and can more be done?
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.