IBM security mainframe bank financial institution

Why Banks Prefer and Tend to Standardize on IBM Security

Banks, financial Institutions, government, and healthcare have the biggest potential security risks. All these institutions are attacked by both professional criminals and hostile governments. Banks likely have the greatest number of threats because they can be used as a source for funds to cripple an economy or create dissatisfaction with a government.

While IBM security is used heavily in each of these vertical markets, banking is by far the deepest penetrated, largely because IBM’s relationship with banks goes back decades. Banks don’t like change, and they are aggressive users of IBM’s mainframe technology which is arguably the most secure in the segment and historically favored for data entry.

Let’s talk about why IBM is favored by companies that take security very seriously.


I joined IBM back in the mid-1980s when IBM stood out as almost rabid in its security focus. This wasn’t just a focus on supplying technology either but in using it themselves. Given IBM’s dominance at the time in the technology market, it often dealt with attacks by governments and foreign companies wanting to better understand IBM technology so they could reverse engineer it. I was aware of two instances where foreign firms had attempted to steal confidential information about future products and got caught doing so with the penalty of being largely forced out of IBM’s related market segments.

Unlike most tech companies that came up during the last part of last century and first part of this century who seemed to think security was someone else’s problem or connected to a bunch of practices they thought invasive and stupid, IBM has always thought security instrumental to its product offerings. This long history of successful and comprehensive security efforts has been particularly attractive to IBM’s banking customers, who are dealing with theft and fraud attempts in significant numbers.


In recent years, while IBM has led in both interoperability and Open Source, historically, it was more of a walled garden, and security, which tends to favor that model, still seems to use it. The reason why you don’t want a lot of third parties supplying your security solution is that every one of those parties is a potential security threat. If you can have one trusted vendor with an end-to-end security solution, it should be far more secure than a bunch of vendors working together to do the same thing. Because the more people and companies you have on a project, the more likely it is that one of their employees will become a security problem.

If a vendor is secure and trustworthy, using that single vendor solution is likely always better than a multi-vendor approach because it reduces the number of people and companies that could make a mistake that would cause a breach. This doesn’t mean that IBM won’t work with third parties, only that it doesn’t have to. IBM is a tool aggregator and often buys the companies providing a tool it particularly likes.

Part of IBM’s solution is a single pane of glass user interface that encompasses it. The toolset is comprehensive and includes everything a company needs to monitor, identify, mitigate, and address a security exposure, ranging from employee misbehavior to malware. And IBM is global, so its solutions work particularly well for multinationals. IBM’s early adoption of AI has resulted in solutions that are increasingly automated, which lowers the load on understaffed and overworked security departments.

IBM seems to naturally get what most technology-based security firms forget, which is that physical security and data security are related and need to be linked to be effective.

Finally, IBM’s unique secure cloud allows companies to have a multi-cloud hybrid security platform that encompasses all their needs and matches their cost-optimized use of these various cloud and on-premises corporate infrastructure deployments. And banks, as you would expect, love to save money.

Wrapping up

IBM may be the only company that has a secure, multi-national, multi-cloud, hybrid approach to security and that uses its own technology aggressively (which wasn’t always the case). IBM claims to have reduced its own data center costs by up to 90% by using this same level of flexibility that is used by an increasing number of its clients.

In short, IBM is favored in the financial industry because it is simply better at addressing both the threats and breadth of solutions that industry needs to not only feel secure but to be secure.

Scroll to Top