The Network Computing Software Division (NCSD) is focused on providing the "network computing infrastructure" for e-business applications. The network computing infrastructure consists of (1) the Java application platform to develop cross-platform applications that can be run on any system, and (2) a secure network platform for server based deployment and management of any application across any network. Our key differentiation versus Microsoft and other competitors is an infrastructure based on open standards for heterogeneous systems. NCSD has five primary missions:

1. First, we are responsible for defining and managing the execution of the IBM Java strategy. The goal of our Java strategy is to establish the Java application model as the de facto industry standard for building, deploying and managing e-business applications. The customers for Java are application developers, and include ISVs, VARs, Systems Integrators and in-house developers. Many of these developers are looking for ways to lower their development costs while capitalizing on the e-business opportunity and do not want to be locked into the Microsoft platform.
2. Second, we are establishing IBM as the leading provider of a networking infrastructure for heterogeneous systems to deploy and manage e-business applications. This will be the primary source of NCSD revenue growth. The targeted customers include IT managers, Internet Service Providers who offer outsourced network infrastructure, web managers supporting mission critical web applications, and ISV/SI's who want to capitalize on network computing. These customers are going to invest to support the widespread deployment of e-business applications - they want to maintain a high level of security and lower the cost of deploying and managing applications.
3. Third, we are providing Server Group and other IBM product organizations with the cross-platform networking technology and expertise that they need to deliver high quality e-business products to their customers.
4. Fourth, we will maintain high customer satisfaction with our OS/2 customers and work with them as early adopters of the Java application model. Our OS/2 strategy is described in a separate paper (attached).
5. Finally, we own the security misssion for the corporation. That means that we oversee that all IBM products with security functionality are brought to market in a cohesive fashion. A high-level overview of this is described in a separate paper (attached).

Market and Competitive Trends

• Microsoft - Java's design point is well suited to the network computing model and it is widely viewed as the best technology to implement network centric applications. The design point for Windows is centered around personal empowerment and does not currently meet the needs of the network computing buyers. Microsoft's Internet, Zero Administration Windows (ZAW), Windows CE and Windows Based Terminals (WBT) initiatives are designed to prevent the widespread adoption of Java by extending Windows with the key features required to support network computing.
• Microsoft is also focused on penetrating the enterprise, pushing IBM into the "glass house," while expanding into and controlling all the connecting networks. MS is using NT and Back Office to carry its networking infrastructure and middleware portfolio into the enterprise by claiming greater ease of installation, management and scalability integrated on a single, homogeneous networked platform
• Cisco - Cisco is trying to leverage its dominance in networking hardware to move up the value chain to networking services such as security and directory. Cisco is taking several actions to accomplish its goals. First, Cisco is transforming its Internetworking Operating System (IOS), which executes on its routers and switches, into a platform for building and deploying value added network services. Second, it has a partnership with Microsoft on directory and security. Cisco is integrating Microsoft's Active Directory with Cisco's IOS and UNIX - this will allow administrators to control the network and the Windows applications from a single place. It will also enable policy based networking, which allows companies to guarantee a high level of service to high priority applications and individuals. Finally, Cisco has made several acquisitions to fill out its portfolio, so it can deliver one stop shopping to its customers.
• Network Associates - Network Associates, which was formed with the merger of McAfee and Network General, has $612 million in revenue growing at 48% per year with a PTI of 34% and a market cap of almost $5 billion. Network Associates' primary business is Internet security. Its goal is to become the leading supplier of enterprise-wide security and management software - making it a competitor to both NCSD and Tivoli. Network's Associates strategy is to use acquisitions to deliver one stop shopping for network management and security software. It has made three acquisitions since it was formed last October - the largest of these acquisitions was valued at $300 million.

Strategy Overview

Initiative 1:	Establish the Java application model as the de facto industry standard for building, deploying and managing e-business applications.
Initiative 2:	Build a profitable high growth business by helping customers extend their networking infrastructure to support the deployment of e-business applications across heterogeneous systems.
Initiative 3:	Provide best of breed networking infrastructure technology to IBM products and selected industry partners.

Initiative 1: Establish the Java application model as the de facto industry standard for building, deploying and managing e-business applications.

• Quickly delivering a robust implementation - There are several technical problems that must be resolved before commercial application developers will use Java for significant e-business applications. We are working with Sun to address these issues. First, is delivering on the write once, run anywhere promise - Java implementations on different platforms are not compatible. Second, is performance on both the client and the server. Third, is delivering Enterprise Java, which will give developers the ability to write sophisticated business applications in Java. Fourth, is building high quality Java implementations for the pervasive (tier-0) marketplace. Finally, we will make sure that Java runs well on Windows. IBM, Sun and the other members of the Java coalition have the skills necessary to solve these problems - it does require a significant increase in funding.
• Pervasive distribution - De facto industry standards are set in high volume markets, since ISVs will build their applications on the platform with the biggest potential market. Java quickly gained momentum when it was bundled with Netscape Navigator - millions of desktops were Java enabled in a matter of months. To attract a large percentage of the commercial application developers we must ensure that Java is pervasive on the desktop, on new pervasive computing devices and on the server.
  • Keeping the desktop open - Although, our primary focus is on the server, the client remains important because of the strong linkage between client and server - applications written to native Windows interfaces will use Microsoft's COM/DCOM object model, which locks the customer into Windows on both the client and the server.
  • Netscape Navigator is high volume 100% Pure Java distribution engine on the desktop. Navigator has maintained its 60% share since the beginning of the year. However, it is going to be difficult for Netscape to compete against Windows 98, which has an integrated browser. Our goal is to ensure that 50% of the PCs in 2003 are capable of running 100% Pure Java applications. We will accomplish this by helping Netscape remain a major player on the desktop and by ensuring the 100% Pure Java applications will run in Microsoft's Internet Explorer (IE).
  • We are taking several actions to help Netscape maintain at least a 30% share. First, we are bundling Navigator with several IBM products including PCs, IGN, OS/2 and AIX. Second, we are translating Navigator into the IBM tier 1 languages. Finally, we are working with Netscape to ensure that it delivers high quality Java support.
  • Since both Netscape's Navigator and Microsoft's Internet Explorer (IE) have a significant share, most programmers are going to be forced to write applications that support both browsers. We are working with Sun to help them make significant improvements to their Activator product, which lets customers execute 100% Pure Java application in IE. Programmers will write 100% Pure Java applications because they will be able to support both browsers with no additional programming.
  • There are two major risks with the strategy outlined above. First, Navigator must maintain at least 30% share of the browser market. If it falls significantly below this level, applications developers will feel less pressure to support Navigator and will optimize to the IE platform by writing to the Microsoft interfaces. As more and more ISVs drop support, customers will start moving to IE and the battle for the client will be lost. Second, it will be very difficult technically to support 100% Pure Java in IE - more technical work is required to determine the feasibility. If we are successful on the current release, Microsoft will change the interfaces to make it even harder to accomplish in the next release.
  • Because of these risks, we are in the process of building a back up plan. We are anticipating what actions Microsoft is likely to take if it can establish IE as the only viable browser. Based on this analysis, we will determine our alternatives and what actions we can take to protect our server business. We are looking at several alternatives. For example, should we implement an ultra-thin client model and dynamically download a small client to communicate with our servers?
  • Establishing Java as the de facto standard on new client device types - By 2001, 1/3 of the devices accessing the Internet will be new types of devices including network computers and pervasive computing devices such as smart phones, smart handheld devices and web enabled set top boxes. Our goal is for at least 50% of these devices to support 100% Pure Java by 2001.
    • Network Computers - The Network Computer Division (NCD) is spending a large percentage of their development budget on the software stack - their competitors are doing the same. These costs combined with the modest demand for network computers has caused many manufacturers to drop their network computer products and build Windows Terminal products instead - Microsoft is providing all of the software for Windows Terminals, which lets the manufacturers leverage their core competency - building low cost hardware.
    • We are going to deliver a complete integrated software stack to NC manufacturers - this will include the operating system (JavaOS for Business), the terminal emulation software, a browser and personal productivity applications (Lotus eSuite). This will significantly lower their costs and help keep the existing manufacturers in the network computer camp as well as attracting new ones. This will give customers a viable alternative to the "Fat" PC model. JavaOS for Business will be the highest performance Java execution environment - it will also give customers access to their legacy Windows applications via an optional Citrix server.
    • Pervasive Computing Devices - We are working with the Pervasive Computing organization (Mark Bregman) to jointly define the pervasive computing software strategy. Our focus is on Java enabling the major Real Time Operating Systems (RTOSes) including Microsoft's Windows CE and getting the major pervasive computing manufacturers committed to Java.
    • All of the major RTOS vendors are strong supporters of Java - they see Java as the only way to prevent Windows CE from taking over the RTOS market. However, there are very few tier 0 Java implementations. Adding Java support is beyond the financial and technical capability of many of the RTOS vendors. We are going to help the major RTOS vendors add Java support.
    • Microsoft is getting strong pressure to support 100% Pure Java on Windows CE. In the short run, Microsoft will likely remain compatible. Today, Windows CE still has a relative low market share, once it has built up its market share it will likely diverge from 100% Pure Java and try to establish a Microsoft Java standard. To block Microsoft, we must build our own high performance Windows CE Java implementation (JVM), which we will license to Pervasive Computing device manufacturers. As long as Microsoft continues to ship a 100% Pure Java implementation we may not get any business - we must be ready to strike as soon as it diverges.
    • The Pervasive Computing Device manufacturers have a strong reluctance to single source from any vendor - being completely dependent on Sun is no better than being completely dependent on Microsoft. Both TCI and Sony have recently signed deals with both Microsoft and Sun - they are attempting to ensure competitive pricing by playing one against the other.
    • In order to swing the pendulum toward Java, we are going to become a supplier of 100% Pure Java to the Pervasive Computing device manufacturers. HP recently announced a similar strategy which was viewed by the market as an attempt to fracture the Java standard. As a result, HP wants to work with IBM to ensure an open industry standard. The device manufacturers will have multiple sources for 100% Pure Java (Sun, HP and IBM) and a single source for Windows CE thus making Java a safer choice.
  • Servers - Web servers will be the high volume distribution engine for the Java server programming model. Apache, the market leader, and Netscape, who is in third place behind Microsoft, have integrated Java into their products. They will be the high volume distribution engines. We will work with both of them to help them integrate Enterprise Java after the spec is finalized. Our goal is to get 2/3 of the Web servers shipped in 1999 to support the Java server programming model.
• Delivering enterprise class support - Developers will not build applications on Java unless they are certain that they will get a quick and accurate response to any problems that they encounter. Today, it is very difficult for developers to get the support they need. Developers have to go to multiple sources. For example, if an ISV finds a bug in Java they have to go to all of the platform vendors to get a fix for the problem (i.e Microsoft, Sun, IBM, HP...). We are working with Sun to build a plan to address this issue.
• Articulating a clear and coherent marketing message - Microsoft is a single company with the resources, marketing muscle, ability to focus and track record which allows it to deliver a very compelling vision to application developers. Java is being promoted by a loose federation of companies each with a different vision and message. We must leverage the marketing muscle of each member of the Java federation to loudly and clearly articulate a single and consistent set of Java messages to customers and application developers.
• Getting high profile ISVs and Systems Integrators to support Enterprise Java - We are going to target high profile line of business ISVs and global systems integrators to support Enterprise Java in their next generation applications. If the market leaders make a strong public commitment to Enterprise Java, a large percentage of other ISVs and SIs will follow.

Initiative 2: Build a profitable high growth business by helping customers extend their networking infrastructure to support the deployment of e-business applications across heterogeneous systems.

• Security - Security continues to be one of the primary inhibitors to the widespread deployment of e-business applications. A recent survey showed that 72% of companies have had hackers break in to their networks - the risk of internal security breaches is even higher. Our security strategy is to provide an end-to-end, simplified, security infrastructure for the enterprise based on open standards. Our solution will provide automation for the definition and management of security information utilizing a centralized directory to reduce the cost of implementation and management.
• This solution will be integrated with Tivoli. Work has already begun to create a value net around a leadership architecture with Intel, Security Dynamics/RSA and Symantec. Prior announcements with Intel to promote an open, standards-based security framework put us in a strong position to prevent Microsoft from establishing their own standard.
• In order to grow share, this solution is being developed by bringing together disparate products across IBM into a single, integrated offering. In May we simplified our communications to the market by describing these products as a single offering. At the same time, internally, we created a new business unit focused on security to further our integration and develop the next generation of offerings.
• Server managed clients - A large component of the MIS budget is the cost of managing the software installed on PCs. The expected explosion of pervasive computing devices is going to further exacerbate this problem. We will provide server managed clients capability for "both" the Java and Microsoft application model across integrated heterogeneous networks to any client type. This will provide a migration path to network computing and Java while protecting existing investments in hardware and software. Microsoft's ZAW and Novell's Z.E.N. initiatives are specific to their platforms and have limited functionality.
• To gain a majority share of this segment, we will drive market penetration by focusing on early adopter ISVs and commercial developers of Java applications. In addition, we will bundle these capabilities as part of targeted ISU solutions.
• We are working on a project code named "Orion," which will let customers manage their Windows, OS/2 and Java applications as well as network computers and pervasive computing devices from an Orion server. We are integrating Orion with Tivoli. Orion will help customers significantly reduce the cost of managing PCs and other client devices - managing the software installed on a few servers is much cheaper than managing thousands of PCs and pervasive computing devices. The first release of Orion will ship in 4Q98 supporting Java applications. The next release will ship 1H99 and will add support for Network Computers, Windows, OS/2 applications and pervasive computing devices.
• Mobile - The first generation of the network computing model is based on the assumption that the user is always connected to the server over a high capacity link. We are going to extend the model to support the mobile user in two ways.
• First, we will support the user who is only occasionally connected to the server. In June, we shipped the eNetwork Mobile Equalizer which will help the professional, system administrator, and software developer easily make the transition into a mobile computing environment with existing applications, and then extend them to new e-business applications. Second, many vertical applications, such as public safety and field force automation, require a wireless connection. These connections require special support since they are less reliable and have lower throughput. We are currently offering the eNetwork Wireless product set based on standard interfaces versus the competition's proprietary interfaces. We will achieve our market share goal by providing enhanced mobile solutions for Tivoli, Lotus Notes and key ISVs.
• Directory Administration - The average Fortune 1000 company has 181 different directories. These directories are embedded in various applications and systems including e-mail, LAN, mainframe, packaged and homegrown applications. The average user needs access to 16 different databases - which means that an administrator has to maintain the same information into 16 different systems. Keeping all of these directories synchronized is an administrative nightmare - 42% percent of the Fortune 1000 synchronize the directories manually, another 38% use a manual process with some tools.
• The administrative burden will skyrocket when e-business applications are widely deployed - administrators will have to give business partners and suppliers access to internal business systems. This proliferation of directories has created an emerging market for so-called meta-directories, which automatically synchronize all of the directories in the enterprise - significantly reducing the administrative burden. We are in the process of acquiring the technology which will let us quickly enter and lead this emerging market.
• Host Access Communications - Since 70% of the world's data is on host based systems such as S/390 and AS/400. Customers need to extend their legacy applications across multiple network types and access them from web based front end clients. Today we provide host access across heterogeneous systems through the Communications Server and Personal Communication client offerings for accessing 3270 and AS/400 5250 applications. This is our traditional business driving $1.1B in revenue in 1997.
• The eNetwork Host Integration solution is focused on leveraging existing host applications and extending them to the web client. This complements the application integration provided by MQSeries, Enterprise Java Beans (EJB) and other connectors where their focus is on building integrated applications that combine legacy and new applications into a common model.
• For the next generation of host access, three actions will be taken: (1) Provide a Java based emulator called Host On-Demand which offers a migration path for our large installed traditional emulator business; (2) Provide a new release of the Communications Server which will allow customers to "webify" their current host applications and data and transform their applications from a traditional to a strategic solution; and (3) Java enable our communications client and servers to utilize Java Beans.

• Using NCSD services to build customer references and drive requirements - We are building an NCSD services organization, which will work with IBM Global Services to help customers move to the network computing model. We are staffing this organization with highly skilled developers from the IBM development laboratories. This organization will break even in 1998 and become profitable in 1999. It is focused on:
  • Helping OS/2 customers move to Java - Our OS/2 strategy is to encourage our customers to migrate their applications to Java. The NCSD services organization, in collaboration with IBM Global Services, is helping OS/2 customers accelerate their migration to the network computing model. The OS/2 installed base is a strategic asset - a large percentage of the OS/2 customers are in our target industries and are excited about moving to the Java application model. Workspace on Demand is our strategic product which helps OS/2 customers migrate from OS/2 to Java. We are using these customers as proof points for the Java application model. We will build momentum by promoting their success which will attract new customers to Java and IBM. We will sign 50 OS/2 migration contracts in 1998.
  • Driving product and Business Partner plans - The NCSD services organization will perform the implementation services for the first several customers. These customers will be our initial reference accounts and these references will be the centerpiece of our marketing strategy. We will use the experience gained from these engagements to drive our product and partnering plans. We will also create a services methodology which we will give to IGS and our business partners. This will allow our services partners to quickly generate revenue from our solutions. This will be one of the key elements of our value proposition to our business partners.
• Building mindshare and implementation momentum - Customer references and press stories will be the primary focus for developing "proof" of momentum in the market. Highly visible reference accounts will be targeted including both customers and business partners. For example, to reinforce market trial and adoption in 1998, 80 customer references are targeted for Java, 20 customer references for eNetwork overall; 25 for the Orion project; and 20 positive press and two analyst endorsements for Mobile. This will be expanded to include security and directory success stories.
• Developing the indirect channel - Seventy-five percent of the fulfillment for eNetwork PC/UNIX products is through the channel. However, we estimate that only 10% of the partners are actively selling. In order to develop the partners, 75 WW channel partners, (which account for 80% of the revenue) have been targeted to enable and actively work to sell the NCSD offerings. This model provides for better margins due to less dilution and allows us to provide stronger technical support. Specific targets for certification and active selling are IBM System and Network Integrators, Netware Platinum Resellers, and Microsoft SNA Server Solution providers.
• Partnering with Solution Providers - We will focus on integrated high growth generic solutions rather than trying to sell individual components. The ISUs, IBM Global Services and Business Partners will customize our solutions to meet the needs of a particular customer or set of customers. There are several advantages to this approach. First, it significantly decreases the time and cost of building a solution for a customer. This increases business partner's profits and/or lowers customers' costs which in turn will lead to higher volumes and profits for IBM. Second, we get more mileage out of our scarce marketing dollars by marketing solutions not products. Finally, it will make our sales force more efficient by simplifying their communications with customers and increasing the dollar value of each sale.

Initiative 3: Provide best of breed networking infrastructure technology to IBM products and selected industry partners.

• TCP/IP on S/390 - One of the S/390's primary goals is transformation into a world-class e-business server. Previously a major obstacle was the TCP/IP implementation, which was not competitive from either a performance or functionality standpoint. With the latest release of OS/390 Communications Server, we have addressed both of these problems. We will continue to invest in TCP/IP performance and functionality on the S/390. For example, we will ship technology which improves web page performance on the S/390 in 1Q99.
• Security - NCSD is responsible for the IBM security strategy and for developing some of the technology which is embedded in IBM products. We recently sponsored a cross division task force to redefine a cross company security strategy. Several areas have been identified which need focus. These include: growing IBM security services and solutions, ensuring that the IBM platforms are the most secure in the industry and increasing IBM's security image. We have just named a general manager who is responsible for ensuring that the task force's recommendations are implemented.
• NCSD provides development and skills assistance across all the software and server divisions for implementing standards based security technology. This includes utilization of the standards based security framework (CDSA), including key recovery, security standards for certificates (X.509), sessions (SSL), transport (IPSec) and key distribution (ISAKMP/Oakley).
• Directory - We are working with the other IBM groups on integrating open, standards based directory infrastructure into their products. We are providing a standards based (LDAP) directory utilizing DB2 as a repository. This directory will be embedded in other IBM products and provided free of charge for IBM solutions to facilitate pervasiveness. We are working with Lotus and other IBM groups to enable synchronization of dissimilar or "federated" directories across heterogeneous systems. The meta-directory, which was described in initiative 2, is critical to this solution. Our cross-platform directory support is a significant differentiator from the Microsoft and Novell solutions. We intend to establish an open, standards based, cross platform directory solution as a key control point to counter Microsoft's Active Directory.
• Selected Industry Partners - In addition to supplying technology to IBM product groups, we will continue to build on our existing embedded business to supply technology to ISVs and OEMs. There are several advantages to this approach. First, it will drive additional revenue and create an annuity revenue stream over time. Second, establishing IBM as a trusted technology supplier is one way for IBM to build a relationship with the ISVs/OEMs which we can leverage. Some of the enabling functionality will be deemed as critical components to be integrated into applications. For example, ISVs will likely have to enable the government mandated certificate based security model. We can reduce their costs by licensing the necessary technology to them.

  Risks and Dependencies

  In order to successfully execute the strategy outlined above, there are several internal and external risks which we must monitor and manage carefully. These include:

Conclusion

We have profiled general migration scenarios that we expect to occur. Key levers that influence the migration are the customer's level of OS/2 investment and complexity of their application investment. These scenarios indicated the following:

• Customers with large investments in OS/2 applications require significant investments to move these applications to Java or another platform. We expect that these customers will upgrade their OS/2 versions to address Year 2000 and defer a large scale migration until their application investments can be justified and risk managed.

• Customers with custom OS/2 application investments will move off of OS/2 slowly in evolutionary stages. They will migrate applications by adding a single new Java application, a few at a time, or through an eventual mass migration of all applications deployed at their own pace. These solutions may be Java-based, may exploit I*net capabilities, and may rely on server-managed clients. A key competitive differentiator for this transition is coexistence of Java applications with OS/2 applications without an operating system conversion.

• For those customers interested in server-managed clients, the OS/2 WorkSpace On-Demand product offers an initial step. IBM must extend the server-managed client software into a multi-platform solution on all key industry servers in order to maintain IBM satisfaction and loyalty.

• Customers using packaged applications can and will migrate quickly, since there are few packaged applications available on OS/2 exclusively. For example, customers using Lotus Notes and Notes applications have quickly migrated to NT.

Our approach has four fundamental premises:

1. Assure that customers do not have to move off of OS/2 as long as it continues to meet their needs,
2. Provide server-side software that manages network computer clients and traditional personal computer clients that is consistent with IBM's offerings on other servers,
3. Provide migration offerings that allow interested customers to move custom OS/2 applications to Java at their own pace, supported by a range of servers and clients,
4. Acknowledge that most customers will eventually move to another platform, and that we will help them get there.

For this approach to be successful, IBM must provide offerings that span a wide range of servers and clients, support the 100% Pure Java application model, and provide a consistent set of server offerings that manage a range of network computing clients and traditional PC "fat" clients. Offerings that leverage the breadth of the IBM server line and facilitate migration to AS/400, S/390, RS/6000, as well as WinNT, must be provided.

Action Plan Summary

We will take the following actions to influence our customers' choices:

1. Focus investments on the Java application model and server-managed clients and partner with the rest of IBM to expedite the full realization of this vision for our customers. This includes investments in Java, JavaOS for network computing clients, and the integration of OS/2's WorkSpace On-Demand into a converged "network client management" set of offerings across all key industry server platforms.
2. Provide migration paths to move our customer's OS/2 installations and investments to the Java application model and server-managed clients and create internal partnerships to maximize IBM's value-add to the customer's business proposition. This includes services, migration initiatives, aids, and tools provided by IBM's other server platforms (RS/6000, AS/400, S/390, as well as IBM middleware on WinNT).
3. Support the continuing roll-out and expansion of current OS/2 customer investments by providing ongoing hardware, device, performance, and serviceability enhancements. Communicate IBM's ongoing commitment to protect our customers' investments.
4. Provide limited functional enhancements that fulfill customer commitments already made and limit new commitments to functional enhancements that are in support of the customer's migration to the Java application model and server-managed clients.
5. Provide a range of services offerings that support the customers' needs for Year 2000 and migration to IBM's network computing vision, including consulting, architecture, planning, and Java application development.
6. Utilize our primary routes-to-market for OS/2 of direct sales specialists, supported by key business partners, who will focus on current OS/2 franchise accounts. Continue focused marketing programs to our target customer segment that positions OS/2's role in the migration to IBM's network computing vision. Execute our campaigns through targeted print and Internet advertising, solutions mailings, channel initiatives, and telemarketing.
7. Develop a comprehensive go-to-market plan for JavaOS and related products. This will include a broad array of partnerships. Internally, leverage the breadth of IBM by including the server divisions, NCD, IMD, PCCo, NS, SWS, and Lotus. Externally, leverage Sun and Intel.

Security is a hot topic. It grabs the headlines. Lots of market research has been done and there are many views of the information security market, yet by any measure the market is poised for substantial growth. The information security opportunity is projected by IDC to grow from $4.5b in 1996 to $13.5b in 2000, with a 31% CAGR.

Security is the enabler to e-business. IBM, along with its business partners has security solutions to help companies conduct business securely. IBM is serious about security and has a strategy to create a mindshare that IBM means I/T security. IBM has decades of experience designing and implementing security systems around the world. Our customers want their business systems to be secure. They want products and services based on open standards. They want an effective security management system and they want access to experienced professionals for advice and assistance in implementing security products and services.

Currently, no company can claim the depth and breadth of security offerings that IBM can, making security one of the biggest differentiators for the IBM brand. Many of these focus areas, because they are "for the greater good" of IBM and not justifiable from within one division's budget alone, suffered significant budget cuts in 1997-1998. This adversely impacted our ability to capture mind and market share as competitors have strengthened their positions by filling out their own security value nets through partnerships, mergers and acquisitions. The SecureWay brand pulls the many aspects of security within the IBM company together. Current work underway to define security suites will further enable us to compete in this space.

IBM offers the industry's most extensive and comprehensive portfolio of security products, solutions and services under the umbrella of the SecureWay brand. The offerings come from all the divisions within IBM. The SecureWay brand is currently the security rallying point for go-to-market execution with work underway to redefine the brand and create a series of security suites.

End to end security covers access from the end users desktop to backend systems. To get there you often go through other networks, the Internet, servers etc. A security breakage can occur at any point. Security is only as strong as your weakest link, that is why we believe it is important to address all aspects of computer security and why IBM is well positioned to be a leader in this area. Because security is so comprehensive and our customers are not security experts we must offer solutions that are understandable, usable and useful .. or they won't use them. Our customers expect IBM to provide leadership technologies to help make them leaders in their field.

Security drives significant revenue and profit for IBM throughout the strategic horizon. Revenue is generated through uniquely identifiable security offerings (direct) and through products whose sale is contingent on other IBM security offerings (indirect).

Our strategy provides for this by grouping our offerings by I/T Security Consulting/Services, Technologies and Products and Solutions.

Consulting and Services : Our worldwide I/T security consulting practice helps customers determine exactly what their security risks are...and then designs a security program to cover them using proven methodology that incorporates both business and technology requirements.

IBM Security Services has the experience and expertise that can dramatically reduce risk and exposure in today's interconnected world. There was a recent announcement in March that provides a series of security services under e-business.

Technologies: Technology is key to making e-business real. Many new technologies have been invented to secure e-business and make it safe. Our research labs develop technology that has been awarded the most U.S. patents of any company for five years running with a worldwide portfolio of more than 30,000 patents, 100 of those are in security.

Products: Award winning research is only part of the puzzle, however. It is equally important to turn the best of this technology into products and solutions to help our customers compete more effectively in a fast-changing world. IBM has set the pace in this regard, offering the broadest range of security solutions available from any vendor in the industry with continuous focus on simplifying these solutions for our customers use. Unlike many other systems where security is an "add on", security is integrated into the heart of IBM's hardware and software products. Our software features specialized capabilities designed right into our operating systems, and network and database management programs. Other tools include: Global Sign On, LDAP Directory, SmartCards, Firewall, Virtual Private Network technology all part of eNetwork, built-in security features in Lotus Notes and Tivoli management tools making security easy to administer.

Solutions: Our security strategy is built on a strong foundation. It begins with security imbedded into our operating systems, hardware, software servers, middleware and clients, so system security can't be circumvented. It continues to the next layer of network security addressing administration, delivery and access of information across networked environments. And thirdly our strategy encompasses commerce applications or transactions involving secure credit card transactions, integrating with "middleware" applications and third party software. All three of these layers need to deal with the issues of authentication, data integrity, access control and non-repudiation offering our customer secure solutions. The list is long and impressive. When coupled with IBM I/T security consulting and the range of services provided as part of our SecureWay brand offerings, these tools provide the foundation for securing our customers information systems and networks.

Enabling I/T security requires adherence to international standards - - standards reached not just through government imposition, but through global agreement. IBM fully supports the delivery of open standards. We all want to operate in a world in which everybody's software runs on everybody's hardware over everybody's network. Our strategy addresses working with governments around the world to support an unrestricted marketplace for security and encryption products that integrate globally.

We provide security technology and contribute intellectual expertise to many standards groups such as Open Group, W3C, ISO and many other national and regional standards bodies around the world. Our strategy is to lead in driving secure Internet-based computing by adopting, developing and promoting standards such as a PKIX reference implementation of the Internet Engineering Task Force (IETF) Public-Key Infrastructure (PKIX) which will promote a standard way to secure any and all applications with digital certificates. We lead the creation of the Key Recovery Alliance whose goal is to expedite the use of strong encryption. And have contributed to many standards such as SET, IPSEC, Open Card, and Gold Standard to mention a few.

To manage the corporate security within IBM, a security management system has been put in place. It is a two-pronged approach that combines the customer-driven insights of top division level managers who view security as an important differentiator which will drive more revenue and profit for their offerings with the cross-IBM focus of senior corporate level managers who plan IBM's future. On one side is the Security Management Team (SMT) acts as an Investment Review Board for security, made up of the top executives from our platform, software and services divisions. This group meets quarterly to steer our tactical and strategic security investments as a corporation in order to focus our investments and optimize the security portfolio. On the other side is the CEC level Security Council which meets 3-5 weeks after the SMT meets to review its' recommendations and provide high level guidance.

In 1998-1999, the SMT's charter is to maximize the IBM value proposition as it relates to security in order to capture our rightful share of the multi-billion dollar opportunity identified for security (approaching $13.5B by the year 2000), and to ensure that security remains a key differentiator for e-business. The SMT has committed to a contract with the IBM corporation that in return for investment dollars, specific quantifiable results will be realized. It will drive IBM's strategic interests irrespective of local measurement issues, ensure coherent investments across IBM, and promote IBM-wide interests in partnerships, standards, and policy. The Security Council's charter is to review and validate these recommendations in light of future directions the company will be taking and decide how best to prioritize and fund them.

alphaWorks: www.alphaworks.ibm.com

alphaWorks was created by John Patrick in August 1996, as a new web site that gained mind share in the internet space by portraying a "cool new site" with new technologies, and a "new blue" attitude. Now based in Cupertino, CA and a part of the Network Computing Software Division, alphaWorks has evolved into much more than a web site. The mission for alphaWorks is to speed emerging IBM technologies out of research, and into market-driven products, by applying an e-business mindset to existing IBM procedures. alphaWorks also identifies strategic IBM technologies and matches them with appropriate business and development opportunities. alphaWorks' successful use of the World Wide Web brings significant visibility and real-time end-user feedback to new technologies. This effective use of the Web to attract and maintain a large, involved community of internal and external developers makes the team uniquely qualified for this role.

Almost 100,000 registered users representing executives and developers from both small and large companies are a part of the alphaWorks community. alphaWorks attracts monthly traffic of over 85,000 end-user visits alphaWorks currently hosts 58 technologies on its Web site, with a diverse collection of Java technologies, collaborative Web frameworks, and multi-media authoring tools. Several technologies have "graduated", i.e. have gone on to become revenue-generating IBM products. These graduates include WebRunner Server Works, Lotus Bean Machine and Interactive Network Dispatcher.

Over 100 positive mentions of alphaWorks have been in publications since January 1, 1997, including coverage in a 5,000 word cover article in Fast Company magazine. One of alphaWorks' most recent successes is a free commercial license for XML for Java offer, which has attracted numerous press hits from Java World and Info World. After posting the alphaBeans technology on the alphaWorks site, Information Week named alphaWorks "Web Site of the Week."

alphaWorks will capitalize on its network of researchers and other suppliers to locate more technologies that will address a strategic weakness in current or planned IBM product lines. For example, alphaWorks recently identified a new data mining research technology that may be the basis of an advanced feature for several NCSD products, including Mobile and the Host Integration Solution. alphaWorks matched the technology owner in Research with the appropriate NCSD product group. alphaWorks facilitates the assessment and integration of a new technology by creating an easy-to-assimilate business case or "alphaBrief." This "alphaBrief" is written in close coordination with the technology owners. It is then distributed electronically to relevant product owners. This is just one example of how alphaWorks speeds technology assessment and decision-making.

Three strategic areas will be focused on: Java, Wireless Communications, and Network Computing. While it will not exclude other technology submissions, alphaWorks will encourage submissions that solve problems leading to competitive advantages for IBM in these areas. Java, Wireless communications, and Network Computing were selected for three reasons:

• IBM must win in these areas to realize its vision of Network Computing,
• Internal and external researchers and developers find these technologies compelling,
• Many of theses technologies are well suited for download, demonstration and explanation via the Web.

The ibm.com/java site was created to bolster the adoption of Java by: providing resources to Java developers to write new Java applications; communicating IBM's leadership in Java; and, showcasing all of IBM's Java products, technologies, and programs. Additionally, searching and locating Java resources is critical for the rapid development and deployment of enterprise applications. IBM's jCentral, a search engine for Java resources, provides developers with a growing catalogue of over 200,000 sources of Java information. The IBM Java site (ibm.com/java) together with jCentral has effectively created a Java developer community with over 1.2MM end-user impressions per month. ibm.com/java with jCentral is a current-day example of the future of the web. Currently, web users are retrieving information from hundreds of sources and interpreting that information for their own use. In the past two years, the rise of webzines, on-line communities, even browser or search engine start pages have begun to sift through, add commentary to, and provide direction for negotiating information on the web. Users opt to have their information chosen for them based upon their trust of or experience with these compilers. These compilers are middlemen that pose a potential threat to IBM. Their communities will, in effect, serve as a channel to end users and anyone wishing to reach the end users will be held captive by the whims of the intermediary (this could include fees, rules, information editing or other undesirable results). In order to pre-empt this situation, ibm.com/java and jCentral have begun to build a proprietary virtual community, providing IBM with a direct line to its end users. IBM's challenge will be to extend the jCentral technology and business model to a broader audience of developers.