IBM Safety and Security Services

Kent Blossom
IBM Safety and Security Services (NYSE: IBM) Kent, please give us an overview of your background.

Kent Blossom: I grew up in Michigan, then enlisted in the Marine Corps right out of high school. After four years active duty with the USMC, I went to engineering school at Michigan Technological University were I received my B.S. degree. IBM hired me right out of school as a Manufacturing Engineer with the Federal Systems Division (now part of Lockheed Martin). That was a great first job - building computers to support the B1, Space Shuttle and other advanced military and aerospace systems. I got restless, though, and went back to school at the University of North Carolina at Chapel Hill for my MBA, a wonderful experience. I rejoined IBM in sales, and over time gravitated to services where my engineering and Federal Systems background served me well. I have been with IBM for over 21 years now, mostly in services solution development, sales and delivery. My career has allowed me great flexibility in choosing where I live, and my family and I have resided in Wilmington, NC for over 15 years.

2. Please tell our audience about the IBM Safety and Security Services Group. When was it formed? How is it staffed? Are there any particular success stories or recent engagements you would like to talk about?

Kent Blossom: IBM's Safety and Security Services unit is what we call an Emerging Business Opportunity, or EBO. EBOs are flexible, specialized business units that address new or unique markets representing growth areas for IBM. Our EBO was formed to help determine how best to extend and apply our security solution capabilities. It is a small team of senior offering development specialists that works very closely with our services delivery and product development teams, and IBM Research. We have many success stories in both homeland and information security. We're very proud of our contribution to the many homeland security projects we're involved in. Over time, though, I think we'll find our information security solutions, especially when applied in critical infrastructure industries, will end up playing an equally important, although less visible role, in homeland security.

3. IBM, together with Activcard, Bioscrypt, ImageWare and VeriSign, recently announced a major breakthrough in identity management with a new security system designed to help businesses and government agencies protect their data, computer systems and facilities from unauthorized users. Can you tell us more about this new security system and the solutions it will bring to the marketplace?

Kent Blossom: There are a number of important business and government issues driving the need for clear, quick, and accurate identification and verification of individuals.
• Regulatory mandates, such as Homeland Security Presidential Directive 12, Sarbanes-Oxley, Gramm-Leach-Bliley, Visa Waiver Program, HIPAA, and others, are elevating "C-suite" executive awareness of security issues. These are the CEOs, CFOs, CIOs, and other key executives responsible for regulatory compliance at their organizations, and they now view security as a business, vs. a technology, issue.
• Enterprises need to collaborate with their partners to control access to information and physical facilities by their business partners, suppliers, and government agencies.
• Identity Theft, a visible and growing problem, could dampen the growth of on-line business if it is not dealt with promptly.
• Many enterprises are exploring ways to integrate their logical and physical access control systems to improve security and cut costs.
• The User ID / Password approach to access control is costly, and isn't very user friendly. Industry analysts estimate 50% of help desk calls deal with User ID / Password issues, and the average password reset call costs $40!

As a result of these and other business drivers, enterprises are turning to a variety of strong authentication methods to securely verify the identity of users, including Smart Cards, biometrics, one-time passwords, electronic signatures, digital certificates, and multi-factor authentication.
The Secure Identity Management solution IBM and our partners recently announced provides a scalable, integrated, flexible and cost effective approach to enterprise-wide secure identity management. We believe this is the first time such a robust system has been demonstrated, including integrated logical and physical access control. The capabilities of the system include:
• Provisioning - Secure, simplified provisioning and de-provisioning to new and legacy systems.
• Credentialing - Support for a wide variety of credentials including passwords, ID cards, digital certificates, and biometrics.
• Smart Card Issuance - Full issuance, personalization, and lifecycle management of smart cards.
• Biometric Enrollment - Easy enrollment, secure and private storage of biometric data.
• PKI Provisioning - Full issuance, personalization, and lifecycle management of PKI credentials.
• Policy Enforcement - Flexible and secure enforcement of a wide variety of authentication policies.
• Integrated logical and physical access control.
• Integration middleware is "pre-configured" to integrate key components and meet typical client needs, but can be tailored to meet a wide variety of custom requirements.

To sum it up, by integrating and simplifying identity management, our solution helps empower organizations to utilize strong authentication technologies.

4. Please give us a brief overview of the strengths and capabilities which ActivCard, Bioscrypt, ImageWare and VeriSign bring to the table.

Kent Blossom: ActivCard, Bioscrypt, ImageWare and VeriSign are all market leaders in their own right, and have proven themselves very capable and willing partners. One of the key benefits of the solution we recently announced is that it integrates advanced but proven components from ActivCard, Bioscrypt, ImageWare, VeriSign, and IBM's Tivoli security software team. Thus, although this is the first time the full end-to-end system has been assembled, we can show our customers where the individual components - or combinations thereof - have been fully implemented in large enterprises. Your readers should also note that this system is intended to be "open" to enable the integration of additional capabilities in the future, and IBM is actively working with other partners to add complementary functions to the system right now.

5. IBM and Cisco Systems recently announced integrated solutions designed to reduce the damage and disruption that viruses, worms and other security vulnerabilities can cause to networks and minimize the impact they have on day-to-day business operations. Please give us an overview of this initiative?

Kent Blossom: When providing access to business systems, it is not just about ensuring the user has the authority to have access. The device (laptop computer for example) used by the user needs to be checked to ensure it is in compliance with business policies before access is granted. The laptop may have malicious software installed, its virus software may not be up-to-date, its personal firewall may not be running, etc. Preventing access for noncompliant devices can provide good protection for the business systems but it also impacts the productivity of the user who may have a critical and urgent business need to access the systems. The IBM integrated security solution for Cisco networks solves these problems.The IBM Tivoli Security Compliance Manager will check the device based on the business security policy. If the device complies, access to the system is granted. If the compliance check fails, Cisco Access Control server will "quarantine" the device by moving it to a safe network. Once in this safe network, the remediation steps are performed automatically using the IBM Tivoli Provisioning Manager. The user will then be notified when the device has been brought into compliance and access to the business systems is now granted. This solution therefore allows protection of the systems whilst maintaining user productivity.

6. We have seen some consolidation in the security industry….do you expect that trend to continue?

Kent Blossom: As indicated by our Secure ID Management announcement, IBM's believes the future lies in integrated, scalable security solutions to enterprise business problems. Acquisition of niche providers is certainly one way to progress in that direction, and some additional industry consolidation could thus result. However, the other trend involves not acquisition but partnership. At a business level, customers' security requirements vary significantly from industry to industry, and even from one customer to another in the same industry. It will be very difficult for any company to amass the business and technical resources to be all things to all customers under one roof. IBM has repeatedly proven - with Cisco, ActivCard, Bioscrypt, ImageWare, VeriSign, and a host of other leading firms - that partnerships offer an attractive alternative, providing a flexible way to deliver best-of-breed, modular solutions that can be tailored to meet specific customer requirements.

7. Kent, many thanks for your time today. Are there any closing comments you would like to make?

Often, security is a "we have no option, gotta do it" kind of investment. Secure ID Management will at times be in that category. It will be much more than that, though, and represents the leading edge of a new wave of security technology that will help solve complex business problems, and deliver a positive return on investment. I've already mentioned the statistics about the cost inefficiencies of User ID / Password. Think about cutting a major enterprises' help desk calls in half, and multiply that by $40 per call. And I haven't yet mentioned other empowering capabilities, such as really enabling secure information leverage among supply chain partners, or helping to improve a financials services firm's brand image by streamlining their consumers' experience, at the same time helping to prevent identity theft. Secure ID Management is an exciting security technology, but not because of the technology itself. I'm excited about it because it represents an opportunity to apply security technology to help solve problems for our clients, deliver significant business value, and help improve their security posture!

Please read our Terms of Use and Disclaimer.
  Investment Guide To 350+ Security Stocks©.