According to reports, IBM paid a good chunk of change for Guardium, a provider of database monitoring solutions. Why did IBM make this acquisition? I agree with many others that mainframe visibility was important but I don’t think this closed the deal. Rather, Guardium complements IBM’s efforts in:

1. Business analytics. With DB2, Informix, and Cognos, IBM has a lot of infrastructure for business intelligence but Guardium extends its solution offering. How? By monitoring the types of queries users conduct over disparate databases and BI systems. Armed with this information, IBM can help its customers expand their analysis and gain more business value from the data.
2. Governance, Risk, and Compliance. The holy grail here is a GRC architecture for monitoring and policy enforcement. Once again, IBM’s acquisition of Guardium strengthens the overall portfolio.
3. Identity management. IBM is a real leader here but the next challenge is Entitlement Management. Guardium could be added to this mix for role-based access control, monitoring, and reporting.
4. Data security. IBM wants to offer services, best practices, and tools for data security — an extremely messy area that needs enterprise attention. Guardium fits here as well.

Does it matter that Cisco was a strategic investor in Guardium? In a word, no. Cisco threw some dough at Guardium back in its mid-2000s ga-ga over application networking and “climbing the stack.” Like many Cisco initiatives, this was short-lived so I’m sure Cisco is giddy about getting an ROI on its database security detour.

All-in-all, IBM gets a market leader that fits nicely in a number of areas. I met some folks from Imperva today who were pretty happy about this acquisition and its ramifications. I’ve got to believe that Application Security, Inc., another market leader, is also anticipating a happy holiday season.