IBM has become the latest IT vendor to talk up its strategy around IT governance and risk management software and services, a key area that's grown in importance for users struggling to comply with a rising tide of mandated regulations and rapidly changing business environments.

IBM unveiled several new and enhanced products on Tuesday, some incorporating technologies the company has bought, notably the Netcool software from its purchase of network management specialist Micromuse in February 2006. Other acquisitions have also helped IBM beef up its governance and risk management (GRM) offerings such as the purchases of Internet Security Systems, compliance and auditing technology vendor Consul and enterprise content management company FileNet.

Over the past year, companies such as SAP and Oracle have been establishing their own governance, risk and compliance (GRC) business units, basing their efforts on the acquisitions of Virsa Systems and Stellent, respectively. With many customers citing improvement of their current GRC software as a key IT challenge, vendors are rushing to provide the necessary technology.

"Business is moving at warp speed, and customers need help in dealing with the rate of change in their industry, to take advantage of it and to respond to new competition," said Kris Lovejoy, director of GRM strategy at IBM. CIOs need better control of their IT systems and to ensure those systems are aligned to their business needs, she added.

In discussions with hundreds of CIOs, IBM identified the triggers the executives had to deal with in their companies—for example, the ability to respond quickly to a request for legal discovery, Lovejoy said. Then, the vendor worked to come up with software and services to meet those needs, either developing them in-house or acquiring them.

Later this year, IBM will highlight other pieces of its GRM portfolio, including the InSight dashboard it acquired through the purchase of Consul, she added.

The Philadelphia Stock Exchange (PHLX) started looking at how to automate the review of systems logs for potential authorized changes, as well as for access, about eight years ago, according to Bernie Donnelly, vice president of quality assurance and control at the exchange. Four years later, PHLX also began work to become a public company and started voluntarily complying with the Sarbanes-Oxley rules governing U.S. public companies.

The exchange has been an IBM customer for 30 years and has been using Consul's risk management software for 20 years. In an e-mail response to questions, Donnelly described IBM's acquisition of Consul as "a great marriage."