Large organisations tend to be like applications. They have a bunch of divisions that do particular things but each tends to be siloed. And most of the communications coming from such companies tends to be in siloed format.
As an example, the Information Management group at IBM recently announced that it was acquiring Guardium, the database activity monitoring vendor. Now, that’s very good. It’s an excellent product and it fits well within the information management story. Arguably, IBM may have paid a bit too much but never mind. Taken in isolation this makes complete sense.
The potential problem is that you can’t take it in isolation. Databases don’t exist in isolation, they exist as part of the corporate infrastructure. Similarly, monitoring database activity doesn’t exist in isolation but as a part of an entire environment that has to be monitored for security events and audited for compliance and analysed forensically. This is generally referred to as the SIEM (security information and event management) market though I happen to think this is poor nomenclature (Gartner invented it – surprise!) because it implies that this is only about security or mostly about security, when it clearly isn’t: according to IBM’s own research 70% of companies investing in this technology listed compliance as their main driver or an auditor’s note on the accounts. Only 30% regarded security as the main driver.
Anyway, leaving that aside, the point is that the people in IBM researching the SIEM market is the Tivoli group. And that’s because Tivoli is a major player in the SIEM market.
So, why isn’t Guardium in the Tivoli group rather than IM? Of course, the problem is that it has to be somewhere and it can’t be in both places given IBM’s organisational structure. And while you could change the structure to suit this particular issue it would just cause other problems: it’s a result of the fact that organisations are siloed.
In fact, IBM has a security steering committee that oversees all aspects of security across IBM divisions, so it is aware of both Guardium and Tivoli SIEM and will work with both groups to ensure that the two get integrated over time and with other relevant products as appropriate.
So, IBM has what might be described as an integration layer across its siloed applications. But, and here is actually the issue, it doesn’t talk about it much or market it. There wasn’t even a mention of Tivoli or the overall security strategy in the press releases about the acquisition of Guardium and there really should have been.
Moreover, it is not as if IBM cannot integrate across its silos when in needs to. For example, the Smart Archive Strategy announced at the recent Information on Demand conference brings together elements from content management, Cognos, Optim, Tivoli and hardware groups as well as services and even semantics. What I’d like to see is IBM going public about its broader plans for Guardium because we believe that there is, and needs to be, a clear synergy across the Tivoli and IM groups in this respect. Perhaps we could have a Smart Security Strategy?