IBM’s Security “Tiger Team”

Last month, IBM announced the creation of a security “tiger team” with limited detail on the team itself, its role, or its makeup. I decided to ask IBM for a bit more specifics and I’m glad I did as I came away quite impressed.To summarize, the security tiger team was created to:1. Articulate and sell IBM security solutions to “C-level” executives. In other words, align security solutions to business initiatives.2. Cut across IBM brands. Tiger team members have deep knowledge of IBM security solutions from ISS, Rational, Tivoli, Websphere, etc. The focus is on customer needs rather than internal IBM organizational boundaries.3. Act as security advocates within IBM. Aside from the external focus, the tiger team will act as the security-focused “voice of the customer” back to IBM. This should help IBM get creative with vertical solutions and new product development.The tiger team will also work with IBM security partners such as Application Security Inc. and PGP. I’ve been astounded for years at the tactical nature of security vendors. Most sell products as countermeasures for particular threats but they don’t understand the “big picture.” CEOs don’t care about firewalls and IDS, they want to make sure that their business processes are secure and meet regulatory requirements. IBM’s tiger team not only recognizes — and addresses — this fact.Who else could pull off a similar tiger team? Few vendors come to mind. Systems integrators like Accenture and federal government specialists like SAIC could. HP and Symantec could. McAfee? Check Point? I don’t think so. IBM’s tiger team may be a subtle organizational move, but other security vendors should pay keen attention to it. If IBM can sell “top down” security solutions, it could marginalize the multitude of tactical security vendors hawking point products.