IBM Security's new signal caller announces a West Coast offense

Here's a cybersecurity highlight reel from this past Monday...

The IBM building in Cambridge, Mass., is shaking from the IBM Security team members who are stomping their feet and chanting:

Everywhere we go, Everywhere we go,
people wanna know, people wanna know,
who we are, who we are,
so we tell them, so we tell them,
We Are The Blue Team!, We Are The Blue Team!,
The Mighty Mighty Blue Team!, The Mighty Mighty Blue Team!...

Brandon Hanningan, general manager at IBM's $1.5 billion security business unit, walks to the sidelines where he high-fives Marc van Zadelhoff, Vice President, Strategy and Product Management at IBM Security.

Van Zadelhoff marches on to the field as the new starting quarterback at IBM Security, after his recent promotion to GM. In his first action as signal caller this week - before the new title becomes official (in January) - he executes a remarkable play that IBM seemingly pulled out of Salesforce.com's playbook.

On first and 10 from his own 20-yard-line, van Zadelhoff takes the snap... drops back... and throws a deep spiral 50 yards downfield to wide-out Patrick Morley, CEO at Bit9 + Carbon Black, who catches the pigskin and runs into the end zone for the score.

The opposition? There was none on Monday. It was a practice day for IBM Security, when the team pre-announced its exciting new west coast offense dubbed "App Exchange". A limited number of media were briefed by van Zadelhoff, a nine-year IBM veteran, as he worked out with some IBM Security Partners while they prepared for the official announcement the following day.

Let's examine the play a little more closely.

Van Zadelhoff announced the IBM Security "App Exchange". The name bears a striking resemblance to Salesforce.com's "AppExchange" ... as the only difference between the two is a space between the two word platform name in IBM's. As the name implies, the game plan for IBM Security is an offshoot of Salesforce.com's successful business model.

Salesforce.com, headquartered in San Francisco, became king of the hill in the online CRM (customer relationship management) market and built up a multi-billion dollar business in the cloud with a unique business model. They provided their CRM app as a platform and the general workings of a sales automation system -- and then certified a global community of developers who built add-on apps to enhance the functionality of the Salesforce CRM system. Salesforce evolved its core App into marketing automation, customer support, and other areas -- and a growing base of partners built add-on apps for those functions. Today the AppExchange is the world’s leading business app marketplace.

In the huddle, van Zadelhoff calls the play. He tells Bit 9 + Carbon Black's Morley that IBM is opening its security analytics platform, IBM Security QRadar, enabling partners to build custom apps that take advantage of the platform’s advanced security intelligence capabilities. QRadar uses data analytics and threat intelligence to detect security incidents for thousands of security operation centers across the globe, including almost half of the Fortune 100.

Morley lines up wide and runs the route - announcing his developers have built one of the early apps for QRadar - which enables users to see threats more quickly and stop them before they can do damage. That's a big score for IBM Security. Bit 9 + Carbon Black is the endpoint security market share leader according to IDC, and exactly the type of partner IBM will need to recruit in order to scale up their App Exchange network.

Heading in to 2016, its game time for IBM Security and you can still hear the background chant - The Mighty Mighty Blue Team! -The Mighty Mighty Blue Team!...

​IBM Security is in fact a mighty strong player. It is a $1.5 billion business after digesting 15 security acquisitions over the past 10 years. Research firm Gartner calls the company the largest security vendor selling exclusively to enterprises. But IBM is going to need all of the cheerleading and momentum it can generate as IBM Security gets ready to take on the competition - namely the other big security vendors who are armed with their own vulnerability platforms and partner programs. 2016 is shaping up to be the year that major security vendors square off against each other in brawls for larger enterprise security deals.

The IBM Security business unit currently contributes roughly 2 percent of IBM Corp.'s total revenues. And it is the slowest growing unit behind IBM's other next generation technologies which include cloud, big data, analytics, and mobile.

IBM Security needs to execute throughout 2016 with their new west coast offense to score the dozens if not a hundred or more partners it will need to populate its App Exchange with enough Apps to whet the appetites of CISOs (chief information security officers) and IT security executives at Global 2000 corporations. That is the sweet spot for IBM - and it will have to own it if the company is going to move the needle on its security business from $1.5 billion to a number big enough - perhaps one with another zero at the end of it - for the IBM Security business to show up more substantially at the corporation's quarterly earnings announcements.

Van Zadelhoff looks very sharp this week, and he is delivering a crisp message to the cyber community. “We need to remember that 80% of cybercrime is committed by highly organized gangs that are sharing data and applications” says van Zadelhoff. “Unfortunately, sharing is not happening at the same scale between the good guys looking to defend themselves against attacks.”

Early indications suggest his message is being well received. An impressive group of IBM Security partners have already developed dozens of apps for the App Exchange... and more are in the works.

According to industry researchers, the worldwide cybersecurity market is estimated to grow from $77 billion in 2015 to $170 billion by 2020. That means $100 billion is up for grabs over the next five years. IBM does not have the luxury of time when you consider its 14 consecutive quarters of sales declines as the company struggles to transition from legacy mainframe hardware and consulting services to its next generation businesses. It will be interesting to see if van Zadelhoff can run a hurry-up offense and keep scoring with new partners. Some of those partners could wind up as acquisition targets --- and acquisitions may prove to be the straightest path to putting another zero at the end of IBM Security's annual revenue figures.

A short apology here from the author. If you aren't a football fan and couldn't completely follow - I'm sorry. But I couldn't resist.