This week, IBM once again added to its deep security portfolio by acquiring identity specialist Encentuate for an undisclosed amount. I like this deal for two reasons:
• 1. Many of the identity management tools were built when users were bound to desktops within the enterprise. Encentuate is one of the new breed of identity management vendors with products that map more to today's needs for strong security, auditing, support for mobility. Companies like Encentuate have effectively reinvigorated the identity market with systems that fit today's business needs and don't require an army of consultants for product implementation and customization.
• 2. Before this acquisition, IBM could point to its Tivoli identity management portfolio and match Encentuate on product functionality. Yet, IBM decided that it made better business sense to simply replace its legacy code through an acquisition than enhance its existing wares. This shows some real guts on IBM's part. IBM made sure to reassure existing customers that it will integrate Encentuate into its current portfolio over time to provide them with a smooth transition.
For Encentuate, this acquisition proves that there is still plenty of upside for venture-backed technology start-ups that pick the right market opportunities and execute on their product development and business plans. For IBM, the days of force-fitting products into the market are long gone. IBM now seems to be operating with a culture of constant improvement, regardless of whether this progress comes from within or outside of the company.
IBM has snapped up security software maker Encentuate, in a move to broaden its security management software offerings, Big Blue announced Wednesday.
Encentuate develops two-factor authentication software that's designed to let users log on with a single sign-on to all their other applications.
IBM plans to roll Encentuate's software into its Tivoli product line, which includes identity and access management software products. Terms of the deal were not disclosed.
IBM also is beefing up its security software efforts by opening a new software security lab in Singapore, the company said Wednesday. The lab will house more than 20 employees and will be one of 59 labs that IBM operates worldwide.
In the 1990s, implementing identity management was the IT equivalent of entering quicksand.
Projects took years, requiring process changes, custom integration, and organizational buy-in.
Many companies underestimated the time, cost, and effort to get identity right resulting in a number of highly publicized project failures.
Over time, enterprises developed a much more rational approach to identity management. Rather than take on yet another "boil the ocean" IT initiative, large organizations eschewed big projects in favor of a more piecemeal approach, implementing high-value products in areas such as user provisioning, Web access, or central management.
This buying behavior led to an inevitable cycle on the supply side. First, VCs threw money at identity start-ups like Netegrity, Oblix, and Thor that offered niche products. The start-ups then went to market where the best products, and execution won out. Finally, established leaders were gobbled up in an acquisition binge. CA grabbed Netegrity; Oracle bought Oblix and Thor; Sun Microsystems acquired Waveset Technologies. Pretty soon, there were a few large vendors (BMC, CA, Hewlett-Packard, IBM, Microsoft, Novell, Oracle, and Sun) offering identity management suites.
As we fade into the sunset of 2007, there is still plenty of upside in the identity management space. And as always in the tech industry, history is repeating itself. Many of the hottest identity management firms are venture-backed start-ups that have carved out a niche and are now executing in the field. For example:
• Aveksa and Sailpoint deliver products to manage identity governance and role management. This is a new requirement driven by GLBA, HIPAA, PCI DSS, and Sarbanes-Oxley. These two companies provide specialized tools that help companies map users and roles to compliance mandates.
• Imprivata provides a network-based appliance that simplifies single sign-on (SSO), and authentication management and also marries physical and electronic identity. This is a great example of a simple solution to a complex problem.
• Identity Engines saw identity-based networking on the horizon, so it introduced a new-age Radius server to accommodate the burgeoning requirements for policy management and massive scale.
• Chosen Security believed that growing demand for PKI would be a mismatch for technical complexity. As a result, it has a PKI service offering.
• Centrify takes advantage of pervasive Windows infrastructure by offering a middleware bridge that lets large organizations manage Linux and Unix users through Active Directory.
None of these companies will grow up to be the next Microsoft, but I believe all of them offer products that users value. That's a recipe for success as I see it.
I know what you are thinking: The next step is more industry consolidation. Yup, it is already happening. Cisco Systems' purchase of "fine-grained access control" start-up Securent comes to mind. Look for more identity specialization and more M&A activity, after the ball drops on New Year's Eve.
- prev
- 1
- next
