IBM: Hacking Cyber Security with App Exchange?

IBM, long a leader in the cyber security space, hacks the market with its App Exchange, highlighting the increasing value of data-centric, and enterprise-wide, approaches to digital trust.

IBM, under Marc van Zadelhoff the newly minted head of the Security Integrated Business Unit, is opening APIs for its QRadar Security Intelligence Platform and creating an open App Exchange for 3^rd party vendors and enterprise security teams. These moves align with our Digital Trust & Security Framework, and both reinforce the Ideals of the As-a-Service Economy, including Holistic Security, the use of Accessible & Actionable Data, Collaborative Engagement, and Plug & Play Digital Services.

This builds off a prior move to open up the X-Force Exchange database of threat intelligence, and reinforces our position that next generation cyber security frameworks will require a strong dose of data analytics and a shift towards ecosystems – for both enterprise security teams and technology and services providers. More importantly for IBM, these moves begin to centralize, and solidify, IBM’s position at the center of all things cyber – as #massrisk and sophisticated “multi-step” security breaches continue to rise.

IBM Security App Exchange

App “stores” are not new, and IBM is leveraging the experience of others, including Apple, Google, and Salesforce. However, this is the first such move in the security sector at this level of scale and builds on the trend of increased data and threat sharing. What makes this exchange interesting is the muscle that IBM Security can bring to the equation and the focus on shared app development and collaboration.

Key to the App Exchange’s success (and IBM’s market growth) is the ability of partners to write apps that not only build on, and expand the value of, QRadar’s data capabilities, allowing IBM to leverage outside talent to expand its value proposition.

IBM and a few well-known partners (Bit9 + Carbon, Exabeam, Resilient Systems, and BrightPoint Security) have seeded the App Exchange with a dozen apps targeting areas such as User Behavior Analytics, Threat Intelligence, and Data Visualization of security events. IBM Security indicated more partners are in process of building apps and we’ll be following up with app developers as this progresses.

Next Steps for IBM

The real value of the App Exchange is contingent on collaboration at scale – value won’t be realized unless IBM can scale participation to the hundreds, something that will be a challenge as we expect 2016 to be a busy development period for data-centric security providers. IBM will have to demonstrate strong buyer uptake to convince smaller firms to spend development cycles on their platform. Additionally, we believe IBM must make the App Exchange a true “open” forum – vendors need to be collaborative with each other and with enterprise buyers, not just with IBM.

An interesting note, we expect Watson to play a key role in the development of IBM apps for App Exchange. IBM’s security team is working closely with the Watson team on the development of security tools leveraging something IBM calls Cognitive Security Analytics.

If done properly, the combination of QRadar, App Exchange, and Watson could improve the depth and value of IBM’s offerings considerably, increasing the barrier to entry for challengers.

Next Steps for the Enterprise

IBM is betting big on its ability to bring enterprise security teams into the App Exchange, allowing them to work with 3^rd party providers and other enterprises to share best practices in a true forum style (aligned along verticals, such as F&A, CPG, & Healthcare). We have our doubts on this aspect of the plan and expect to see more of the details shortly, but recommend IBM clients take a good look, test the value of collaborative development, and press IBM and partners for examples of how this move adds additional value beyond existing partnership programs.

Independently, all enterprises should be developing plans to leverage data analytics and collaborative efforts within their provider and vertical industry ecosystems.

NOTE: IBM was recently named to the Winner’s Circle of our Digital Trust and Security Blueprint for their Managed Security Services offering (See Provider, provider on the wall, who’s delivering Trust for Digital?)