You say you already have a plan in place to guard your company's data? Are you sure it has you adequately protected? While you certainly understand the need for data security, your sales challenges are tough enough without exposing your customers' credit card information to a security breech; for example the chances are good that in 2010 you will consider various options for improving the security of your data. If you are going to protect your company's most valuable asset—your data—you will begin to view data security as a component of a more comprehensive information governance strategy.

The risks of internal or external threats to your company's data are becoming more complex as the depth and breadth of your information expands rapidly and your data is shared with business partners, suppliers, and customers. In addition, as companies begin to take advantage of cloud services for some of their workloads, additional complexity is added to the multitude of security concerns. Many companies have deployed a disjointed approach to securing, controlling, and managing its data, making it hard to anticipate and prepare for constantly changing security risks. There are lots of different ways that unauthorized users may enter your network or otherwise steal your data. Many companies typically have a distinct solution to combat each one individually and typically can't protect against all of them. For example, access control, data encryption, network traffic monitoring, vulnerability testing, and auditing may all be monitored with independent applications.

There is a good reason why many companies find they need to deploy lots of different solutions to effectively govern its information. Some of the most innovative solutions have come from emerging companies who have built a niche around a particular vertical market or some segment of the information security market. So you deploy the best solution for your biggest challenges and move on. However, as you begin to think more holistically about your needs for information governance, you will want to ensure that information security solutions are well integrated. This is one reason why emerging companies with an information security solution have become desirable acquisition candidates for larger software vendors.

Guardium, a privately-held company based in Massachusetts, is one of the most recent examples of this trend. When IBM announced its acquisition of the company in the last week of November, Guardium moved from a fast growing startup to one of the pillars of the IBM information governance strategy. The company's technology helps clients with some of the most challenging issues around unauthorized access to critical data. Their solutions provide secure access to enterprise data across many different database environments such as IBM, Oracle, Microsoft, Teradata and others. In addition, customers can reduce operational costs by automating regulatory compliance tasks. While many companies may have the ability to monitor one database at a time, Guardium brings added value by enabling companies with complex environments to monitor databases across their organization.

This acquisition aligns well with IBM's strategy to provide customers with a well-integrated and comprehensive approach to information management. IBM has spent in the range of $12 Billion over the past five years to add software assets that will help companies to make more intelligent decisions and realize more business value from their information.