Despite the fact that industry watchers have been predicting for several years that customers would seek to embrace risk management while streamlining their security operations, the trend is finally taking root among enterprise customers as the range of external forces, from malware attacks to regulatory measures, continues to widen, said Gary Lefkowitz, director of marketing and operations for Secure Advantage at HP.

"We're seeing verticals, including the retail and energy sectors, begin to emulate what has gone on over the last several years in the financial services space, driven largely by compliance but also by the fact that these large businesses are simply drowning in all the projects and technologies they need to employ," Lefkowitz said. "It's an overused term, but customers really are looking for solutions in this area nowadays, and that's why we're seeing the pick-up of these integrated packages of products and services."

Industry watchers said that HP is likely making inroads with its risk management strategy but also said that the company still has some work to do in terms of adding more pieces to its overall portfolio.

Companies like HP and IBM must offer a high-level of security skill to win many of the larger IT management and outsourcing deals that they bid on, and they will continue to build-out their holdings to do so, said Andrew Jaquith, analyst with Yankee Group.

"The general trend is that if you are a large systems integrator or diversified technology company, and HP and IBM are likely the two best examples, you have to have a security story. It's not appropriate anymore to bolt it on after the fact, and if you're selling a large package of products, customers expect that these services are part of that," Jaquith said. "I don't think that HP has done enough yet to earn a strong reputation as a risk management company, and I'm not sure that's what really they want to be, but that kind of a reputation has to be earned, not just stated, and I'd say the same for IBM."

Jaquith said that HP and IBM have both added important pieces necessary to appeal to customers around security and risk management, such as their rival acquisitions in the code vulnerability scanning space, but the analyst believes that the IT bellwethers need more time to polish their offerings.

"Both have important products as part of their portfolios that they can lay a claim to, but these are not always the companies that people first think about with security," he said. "Investments such as those they've made in code testing could help them stake a bigger claim to risk management, but they must also continue to press forward, and none of this will happen overnight."