Compuware, IBM Loosen Their Purse Strings

Both Compuware and IBM notched a pair of mainframe-related acquisitions

With acquisitions by a pair of enterprise software stalwarts, the coming year could be a busy one, at least as far as mergers and acquisitions are concerned.

IBM Corp. closed the books on 2006 with a bang, acquiring privately-held Consul Risk Management Inc., a provider of compliance and security audit software. Consul specializes in identifying and tracking "non-compliant" behavior—especially on the part of IT personnel. The move strengthens IBM's service-management stack by adding compliance monitoring, auditing, and reporting capabilities for both mainframe and distributed environments alike, officials say.

Mainframe watchers had another acquisition to chew on last week. Veteran Big-Iron ISV Compuware Corp. acquired privately-held Proxima Technology, a service-management specialist with offices in Australia and the UK. For $31 million net, officials claim, Proxima helps Compuware expand its international reach and improve its ability to manage service delivery levels.

Proxima’s flagship offering is Centauri, a software tool that provides business-centric insight into service delivery. Centauri also supports mainstream (or soon-and-inevitably-to-be-mainstreamed) service-quality improvement standards such as Six Sigma or the Information Technology Infrastructure Library (ITIL), which many systems management vendors—including BMC Software Corp., Computer Associates International Inc. (CA), and IBM Corp.—have also embraced.

Officials position the acquisition as a boon to Compuware’s Vantage application performance management toolset. "This acquisition—a natural and complementary addition to the value of Compuware Vantage—builds on [Vantage’s] momentum by augmenting the ability of customers to manage service delivery from a business perspective," said Compuware senior vice president John Williams, in a statement.

Analysts see Proxima as an incremental, if nevertheless significant, addition to Compuware’s service management stack. Big Blue’s Consul acquisition is similarly incremental, industry pundits say—although there’s a sense in which it also helps put IBM’s broader information risk management strategy squarely into focus.

In this respect, says Scott Crawford, senior analyst with consultancy Enterprise Management Associates (EMA), the Consul purchase is something of a milestone. "In a short period of time, IBM has moved from a position of having few assets in the risk information management market … to accumulating a significant portfolio across at least three strategic acquisitions, and the integration of many of these into its Tivoli Security Operations Manager," Crawford writes.

In other words, he argues, the Consul acquisition adds up to a lot more than the (admittedly modest) sum of its parts. Consul gives IBM an enterprise-wide risk information management solution that encompasses mainframe platforms as well as a compliance-specific reporting capability. "What IBM is building is a portfolio of solutions that address the larger, more comprehensive realm of IT operations risk management," Crawford notes.

IBM’s risk management stack is fleshy enough as it is: Big Blue markets Tivoli Security Operations Manager (which incorporates assets acquired from the former Micromuse), as well as Tivoli Identity Management and Tivoli Access Management. Tivoli Security Operations Manager provides real-time security threat management, event correlation, and incident management capabilities. Tivoli’s Identity and Access management offerings, on the other hand, bolster that product by providing management and enforcement muscle. Add Consul to the mix, Crawford says, and you have compliance management, user-activity monitoring, auditing, and a compliance dashboard.

Indeed, the combination of Consul and a much larger IBM acquisition—the former Internet Security Systems (ISS)—helps outfit Big Blue with an impressive security information and event management (SIEM) stack.

Why Another Acquisition?

This simultaneously begs an important question, of course: after plunking down $1.3 billion IBM spent for ISS, why did Big Blue make still another security and systems management acquisition? Crawford thinks it was a savvy move.

"Arguably of most immediate interest to IBM, Consul offers a distinctive package of solutions for instrumenting mainframe environments—specifically, solutions that extend the value of the investment in IBM z/OS Security Server assets [formerly the Resource Access Control Facility for z/OS]," he writes. "Consul’s zSecure Suite extends to the IBM zSeries environment the same capability for ‘audit-worthy’ reporting that not only support compliance and governance priorities, but also provides risk management capabilities that enable the extension of the mainframe investment to a broader networked environment."

Crawford also lauds Consul’s compliance-specific reporting capabilities, noting that it was one of the first SIEM vendors to actively promote such features. "With its roots in the Netherlands—a historic center of European commerce and known by many today as a center of IT security and risk management expertise—Consul early recognized the impact regulatory compliance was having in the European market, and saw the opportunity presented by the worldwide regulatory boom precipitated by factors such as the governance risks exposed during the early years of this decade," he comments. "Its differentiation in delivering compliance-specific reporting was an early precursor of a trend that has become one of the most significant drivers of the SIEM market today."

Crawford sees the Consul acquisition as an clear indication of Big Blue’s desire to play a leading role in the strategic risk management space. "Viewed in this light, the acquisition of Consul is not only positive but provocatively forward looking," he concludes. "The addition of Consul to IBM’s evolving risk management portfolio indicates that IBM recognizes the range of solutions that must be brought to bear on the challenge. While Consul is clearly a near-term enabler of the extension of risk information management to the mainframe environment, its sensitivity to compliance-specific reporting enables it to play a differentiating role in a portfolio characterized by risk event management capabilities from Tivoli to the former Micromuse and the recent addition of ISS."