Tom NoonanTom Noonan of IBM ISS talks a mean speech. Yet somehow I came away slightly unconvinced from a press and analyst briefing he gave on Monday at ISS headquarters in Atlanta.

Maybe one reason was that he hardly used the term “identity” as he described in some detail how he perceives the world of IT security and threat management. Instead he has a lot to say about security becoming a utility, about disconnected parts and the need for a “security ecosystem” where the products of each and every vendor can work together to provide seamless and coherent protection of both data (the “new currency”, he call it) and applications.

I was very excited about this vision of a kind of “security open platform” which would bring together the currently deeply fractured worlds of logical IT security and Identity Management (along with physical security, just to round things off; after all, the surveillance cameras all speak IP nowadays, so why not integrate them as well?)

A sentence like “Security will be the control system that creates policies across all applications” sounds great, but where’s the beef, Tom?

In fact, as his VP Tim McCormick later explained to me during an interview I did with him (see “In Our Ecosystem, Anyone Can Play”), the only one’s who will really be able to participate are those that IBM and ISS (still two very different animals, even after a full year of integration) already have existing relationships. Okay, that’s a lot of partners, over 200 at last count. But it is a far step from an industry standard, which is what Tom obviously believes is necessary.

I do too, by the way, so I’m rather concerned that Tom and Tim are not taking the ball as far as they could. Why not assemble an industry-wide gathering of competitors from both IT Sec and IAM, maybe under the auspices of Oasis or some other stands body, and put your chips on the table. Everybody stands to profit from cooperation – because customers will not stand much longer for being forced to deal with a whole host of vendors, each offering some important part of the puzzle, but not the whole picture.

On paper, IBM looks like a pretty likely candidate to lead the way. After all, with the ISS acquisition they are now the market leader in managed security, which is the way to go. And with Tivoli busily buying up companies like Console, Watchfire and the likes, they can play a pretty mean game of business process protection as well as becoming a force to reckon with in the identity & access management space.

Just bringing all that together within the folds of IBM remains a daunting challenge. Taking the concept to its logical end, a security and identity ecosystem that will revolve around the customer and his needs – something where this industry, as Tom Noonan freely admits, has hitherto not really done a very good job – is a different kettle of fish.

Let’s see if, in the end, Tom can do more than just talk the talk.