IBM has agreed to purchase early-stage cybersecurity vendor Spanugo to fulfill the compliance and protection needs of clients in highly regulated industries.
The technology giant said the acquisition of Spanugo will allow IBM clients to define compliance profiles, manage controls and, in continuous real time, monitor compliance across their organisation. These capabilities will be contained within a security control center, which IBM said will be available to customers sooner thanks to the assets Spanugo is providing.
“Bringing Spanugo’s technology into our financial services public cloud will help provide our clients with evidence of their ongoing compliance, in real time,” Howard Boville, IBM’s senior vice president of cloud, said in a statement.
Terms of the deal weren’t disclosed. IBM’s stock is down US$1.18 (0.97 percent) to $120.76 in trading early Monday afternoon.
Spanugo was founded in 2017, employs 23 people and raised an undisclosed amount of seed capital in July 2018, according to LinkedIn and Crunchbase. The company said on its website that it works with resellers, systems integrators and IT auditors to deliver value more quickly to enterprise customers. Spanugo’s software will be incorporated into a suite of capabilities within IBM public cloud services.
“Spanugo’s strong domain knowledge and experience in security posture management is a natural complement to IBM’s public cloud offerings,” Doc Vaidhyanathan, Spanugo’s co-founder and chief product officer, said in a statement. “By joining IBM … we’re able to deeply serve businesses across industries that require verifiable, audit-ready, real-time cybersecurity posturing.”
Cloud environments in highly regulated industries like financial services, healthcare, insurance and telco are most useful when they are approved for sensitive information and run workloads subject to strict regulatory and compliance guidelines, IBM said. Managing security and compliance becomes more complex as customers move increasingly significant and sensitive workloads to the cloud, IBM said.
IBM said Spanugo’s technology can efficiently and transparently demonstrate cybersecurity compliance in real time when an organization is audited. Spanugo also delivers a continuous package of cloud security improvement and adaptation to reduce the likelihood of a successful attack, according to IBM.
The world’s first financial services public cloud was announced late last year by IBM to help address industry requirements around regulatory compliance, security and resiliency. Once available, IBM said it will leverage encryption certification to provide preventative and compensatory controls, multi-architecture support and proactive and automated security for financial services regulatory workloads.
This is the fifth acquisition of a cloud security posture management firm since the start of 2019, and comes just two months after Rapid7 bought DivvyCloud for $145 million to help organizations bring their security and DevOps teams together and Zscaler purchased Cloudneeti to prevent and remediate application misconfigurations in the cloud.
Six months before that, Trend Micro bought Cloud Conformity to address misconfigurations and unprotected user accounts in the public cloud. And Sophos kicked off the cloud security posture management acquisition spree in January 2019 with the purchase of Avid Secure to provide end-to-end protection around public cloud services such as Amazon Web Services, Microsoft Azure and Google.
Meanwhile, this is the first significant purchase for IBM since January 2019 when it bought T-Systems’ mainframe services business from Deutsche Telecom for roughly $986 million, according to Crunchbase. Three months earlier, IBM has agreed to its massive $34 billion acquisition of open-source software giant RedHat.