IBM Advances Database Security For Mainframes

First product out of IBM acquisition of Guardium expands transaction monitoring and vulnerability assessment for DB2 on the mainframe
Transitions after a big acquisition are never a slam dunk, no matter how closely allied the two organizations were beforehand. But when the acquired company goes into the deal with a leading market position, it's mostly given a free reign to operate as it once did and merely gets fine-tuned to align with the buyer's broader strategies and technologies, and the acquisition is typically more successful.

That's the M&A blueprint IBM is following with Guardium, which has been adjusting to its role as an IBM subsidiary for nearly ten months now and just this week released its first major product update since the November 2009 acquisition. Analysts believe the integration has largely been a success for IBM, which has been leveraging the database security subsidiary to better advance its strategies in mainframe, database and overall information management.

"I've watched what IBM has been doing in the compliance and governance area and my sense is that it's been a very smooth integration," says Judith Hurwitz, president and analyst for Hurwitz and Associates. "They've really taken the core competencies of that organization, taken those capabilities and expanded them, really deepened them."

Among the new features Guardium and IBM are touting are expanded mainframe transaction monitoring and vulnerability assessment for DB2 on the mainframe.

"That technology was developed by IBM's mainframe team," says Phil Neray, vice president of security product strategy and marketing for Guardium. "We supported the mainframe before, but we've enhanced it. We think that's a key differentiator because mainframe customers are very concerned with performance and reliability and knowing that they're installing a piece of software on the mainframe to monitor database activities that was developed by IBM is going to be a big differentiator."

The added capabilities are no surprise to anyone who's followed Guardium's progress both before and after the acquisition.

"It's evolution in a completely expected direction," says Scott Crawford, analyst for Enterprise Management Associates. "They're becoming more compatible with IBM's strategic initiative around the mainframe and around activity monitoring itself. They're basically reinforcing and supporting IBM's positioning in that market and that was overall job number one, anyway, for this acquisition."

Guardium also says that this release is making good on its promise to continue its third-party platform support, in spite of its tie-in to IBM.

"We're still committed to this heterogeneous strategy and this release shows that, because we're adding support for SharePoint, SAP, plus Postgres SQL, and Netezza," Neray says.

In particular, Crawford finds the expanded SAP support another addition that serves the IBM vision well. "SAP is a very strong IBM partner," he says. "This strengthens IBM's co-op-petitive position, if you will, vis a vis Oracle."

There are some analysts out there, though, who believe that while the latest update since the acquisition doesn't point to anything that the deal may have broken within Guardium, the added technology is hardly earth-shattering.

"Since they claimed they had [mainframe support] for the last couple of years, I am not sure how it could be new," says Adrian Lane of Securosis. "They are also touting a lot of application layer support, but all of the applications use one of their supported databases. This appears to be the same product with a few SAP/Peoplesoft/Sharepoint policies. More marketing than new technology."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading