CRN Interview: Mike Twomey, IBM
A year ago, IBM's Tivoli unit was the trailing player in IBM Software's drive to the channel. Today, Tivoli is quickly becoming the point guard that sets the play for IBM Software in the channel. As Tivoli moves to enrich its product suite, the latest addition to the company's game plan includes a recent upgrade to IBM's identity management software. In an interview with Editor-in-Chief Michael Vizard, Tivoli Vice President for Business Development/Channels Mike Twomey talks about the role that identity management plays in security solutions and explains why identity management is at the root of IBM's overall On Demand computing solutions for the channel.
CRN: How do you draw the connections between IBM's identity management tools and the rest of the Tivoli product line that is focused storage, system management and other areas of security?
Twomey: The storage products today that we offer are backup-and-recovery solutions under Tivoli storage management. That provides a level of protection to data as well, and our storage resource manager product offering provides customers the ability to optimize their storage resources. The linkage is the on-demand operating environment. Security and identity management is about provisioning of identities in your environment and doing that in a dynamic way. Storage management, with our latest acquisition of a product we call Provisioning Orchestrator, is really around provisioning the IT resources to the identity. We see it as a triangle where you have a relationship between the user and the IT resource, a relationship between business process and the IT resource, and a relationship between the user and the business process. We link that all together.
CRN: What kind of role does IBM play in the security space given the perception that companies such as Symantec and Check Point Software Technologies are the specialists in this area?
Twomey: Companies like Symantec and Check Point, who we partner with, provide antivirus capability and firewall capability. Those are things that users recognize most readily. But I think if you talk to CIOs, they would clearly recognize this higher level of security around access, authorization and administration. There are higher levels of security such as policy-based management around identities, around access to applications, around privacy policies, around access to directories and integration and coordination among various directories. That's the space we're playing in.
Our approach is that we are delivering a higher-level management above operational security that does not compete with antivirus, firewall and VPN providers. We integrate with their products and partner with them.
CRN: How cognizant are people of application-level security and identity management in general these days?
Twomey: We are seeing a big push in the last six months, especially around managing identities and policy-based access management to applications. That interest is really coming from the major business application providers. We're working with all of the major business application ISVs to ensure that our products are tightly integrated. Right now we've integrated our access management with SAP, PeopleSoft and Siebel, and we're working with all of them to ensure then provide integration of all of our products. That's an ongoing effort. There is an imperative coming from the customers that is being placed on the business application ISVs to provide efficient and effective identity and access management capability in an automated way. In the last six or seven months, this is an accelerated set of activities.
CRN: What kinds of ways are there for partnering with Tivoli?
Twomey: One way is out-of-the-box integration with some of the leading security vendors so that we take their alerts and we can, for example, correlate those alerts in our risk manager product. We have out-of-the-box integration with all of the leading firewall and antivirus providers. In addition to that, we have the Ready For Tivoli program, where we work with ISVs around their solutions and then we certify that our solutions work together with their solutions. Right now we've got about 31 partner-certified identity access management offerings. And we're working with another 20 or so ISVs that we're going to certify by the end of the year. That's the way a partner would bring the solution to the marketplace. In some cases, the ISV is the reseller. At the same time, we partnered with systems integrators and VARs. There's starting to be a blurred line between an ISV and an [systems integrator]. And we're seeing VARs now out there creating their own solutions, and ISVs are also choosing to resell more products.
CRN: How do you connect the channel to that overall strategy?
Twomey: You have to be tactical on the one hand and strategic on the other. I've got a storage management business that I've got to drive through my partners because 60 percent of my storage management goes through VARs. And I've got a big competitor in my face called Veritas [Software]. So what we do is put VARs in our main channel; in fact, it's a bigger channel than our direct force as it relates to storage management. But many of those VARs are also IBM hardware vendors. They sell storage solutions, service solutions, and then they lead with Tivoli storage management to sell a total solution. So we educate them on our strategy on all of our products to show them what the linkages are.
Moving to on demand is evolutionary. For example, you've got the server and storage teams that are working on a virtualization layer with blade technology and grid technology and the other technologies that are being provided through the hardware. We're starting to see some of the system management, the operational management capabilities actually being provided at the hardware level. What I don't expect is for a VAR to immediately adopt my entire suite of products and try and sell it because that will kill them. These guys operate as small businesses, and they look at the value proposition and make the decision when to invest. So what we try and do with them is bring them along and do our launches about twice a year along with what we call "beta bashes." Prior to that, I'll be going around the world and meeting with all of our top partners to fill them in on what the strategy is. That's the way we do it. You've got to bring your partners along based on what their business needs are and what they can take on.
CRN: What specific things are you doing to help partners?
Twomey: We're working on how to get partners quicker in[to] higher-level support. We just finished with an experiment with three of our top partners where we gave them access to our Level Two support--rather than having to go through Level One--and we guaranteed them three-hour turnaround in terms of Web service and phone service. That was a really effective experiment. We've got to figure out how do we get partners,especially our premier partners, really top-notch support in a way that they don't have to go through multiple levels?
We also spent six months last year developing an ROI tool that we made available to our partners through the Tivoli Knowledge Center, which is a portal for partners that gives them access to all types of information, and this thing has been widely used. What shocked us nicely is that not only the U.S. partners are accessing it, we're actually seeing significant usage in Europe and also in Asia Pacific. We're also investing to make sure that our certification tests are up to date with our education. I've got three people full time that I fund in our services organization, and that's all they do. We have a major effort to update our certification tests to get them in line with the latest releases. Because every time you release a product, you've got to update the test. That's a big challenge because we've got thousands of certified partners out there and we continue to grow that number.
CRN: In terms of percentage growth, how much has spending from Tivoli increased in the last year in this effort?
Twomey: It's doubled. We've totally revised our training programs around partners. We run three separate tracks in terms of training. One is for sales; the second is what we call our sandbox training, which is really for pre-sales; and the third is our deep technical training. That's where we use our top services people as well as some of our development people to do hands-on training around issues you're going to run into. Our total numbers this year so far of [trained] partners are around 1,600. We put a lot of effort into training those partners.
CRN: Given all that, what's your biggest challenge?
Twomey: The big issue is that as concepts get more and more complex, how does IBM enable partners to deliver solutions that they can go out and actually sit in front of a customer and sell? We really want to focus on making it easier for the partners to be able to sell and service our solution. I've spent a lot of time on what are we doing in terms of enabling the partners around our solutions. I'm working with the IBM Software Group right now in terms of how we [can] make the support much simpler for the partners and easier to access. We spent a ton of money supporting the partners, but I think we're too complex in the way we deliver. We've got to simplify that.
CRN: In terms of long-term security trends, how long will it be before the industry as a whole can be proactive rather than reactive to security threats?
Twomey: More and more, you see system and security management providers looking to be proactive in terms of doing the analysis and then being able to take action based upon that analysis. We have a data warehouse that has reporting capability. What we will be announcing soon is significantly enhanced reporting capabilities, and we signed a deal with a major reporting vendor. This will allow us to do proactive analysis based upon events that occurred and build some of that analysis into our products so that actions become preventative instead of reactive. I would say the trend is to be preventive instead of reactive.