SIs partner to add security to portfolios

To enhance existing products and buffer customers’ hesitancy toward security outsourcing, professional-services companies are aligning with security and systems management vendors.

As customers struggle to assume greater control of security management and business processes, the role of outsourcers is shifting to a complimentary but necessary component, analysts said.

Systems integrator Deloitte & Touche, for instance, last week joined forces withTivolito bolster quick-start provisioning and identity management.

Also, EDS and Unisys have partnered with BBX Technologies to help integrate the security newcomer’s ImmuneEngine intrusion-prevention software.

A brand-name, third-party services presence behind security offerings can help allay end-user concerns over lingering technical issues, including customization, project management, complexity of integration, and data-recollection issues, said Roberta Witty, an analyst at Stamford, Conn.-based Gartner.

“A lot of companies aren’t willing to relinquish this type of security activity to a hoster,” Witty noted. “There is a lot of [need for] business-process reengineering. That is where I see a big systems integrator coming in.”

Witty said system integrations can play a vital role to not only change business processes and politics, but also carry the technical expertise to blend a heterogeneous infrastructure with multiple security tools.

This week, Deloitte & Touche unveils ID Accelerator, its new services and software package to help customers ramp up a user provisioning strategy and platform. ID Accelerator is powered by Tivoli Identity Manager software and Deloitte & Touche’si-MAAP (identity-Management, Authentication, Authorization, and Protection) identity management services, said Jeff Drake, director Security Strategy for Austin, Tex.-basedTivoli.

“The problem with a lot of security solutions is there is no ROI, it’s a fear sale. ‘If you don’t do these things then bad things will happen to you,” Drake said. “Either services or technologies, you need some quick bang for your buck or you’re not going to have another demonstration.”

Professional-services players are working to broaden customers’ transition to a security management framework which shies away from a compartmentalized view of attacking specific security areas, such as provisioning, access management, and director services, separately.

System integrators are also infiltrating the highly competitive landscape of intrusion prevention and malicious code protection.

BBX Technologies unveiled its ImmuneEngine software at Demo 2003 late last month [[February]]. The product creates an audit log to track executables anywhere on a Microsoft system. If the writing of an illegal executable is detected, ImmuneEngine pushes it off and deletes it from the memory stack, said Jim Kollegger, CEO of New York City-based BBX.

The product features a workstation version and another version for servers to protect directories and Web folders to combat Web site defacing. BBX recruited EDS for its integration muscle, as well as to soon allow SNMP output from its management server to be picked up by system management software, such as Hewlett-Packard OpenView and Computer Associates Unicenter, Kollegger said.

The one-two punch of a security vendor in tandem with a professional-services arm can prove critical to prevent customers from falling prey to mercurial blended security threats.

Peter Roselli, controller at Bluewater Music Services inNashville, Tenn., said his music publishing company has been hit hard in the past from e-mail spreading worms. “It just looks bad for a company to have hundreds of e-mails go out containing a virus. It was pretty embarrassing for us.” Roselli said.

Despite their benefits, Witty cautioned that system integrators cannot “just fall on their laurels” in the security market with the emergence of more sophisticated security offerings combating the idea of outsourcing.

Predictive Systems is among a new breed of enterprise security vendors aiming to quash the security outsourcing in favor of improved in-house security management.

To create an ISOC (integrated security operations center) closely aligned with NOC (Network Operations Center) and SLA requirements, Predictive Systems has partnered with InfoVista for performance management, Micromuse for security event correlation, Cisco for event management and change configuration, NetForensics for reporting, as well as Remedy for workflow, said Eddie Schwartz, an executive vice president at Predictive Systems in New York.

“If you’re an outsourcer and you’re managing IDS and firewalls, the whole event-correlation model that occurs is incomplete because data that comes out of Web logs and system logs can be a trigger to tell you that performance could be a bigger security vulnerability threat or attack,” Schwartz said.