IBM Acquires CrossIdeas For Identity Analytics, Access Governance


IBM is acquiring Italian identity and access governance platform maker CrossIdeas in a move that adds identity analytics of user access processes to its portfolio.

Financial terms of the deal were not disclosed.

CrossIdeas sells a SaaS platform that documents and enforces user entitlement policies for access to on-premise and cloud-based applications. It monitors access rights and role-management processes for audit and compliance, and is designed to prevent fraudulent activity. The company also has a consulting services arm to enable businesses to reduce access management risks through access certification, role modeling and enforcing strict segregation of duties.

[Related: Channel Sees Identity Management Market In Flux]

The technology complements IBM's identity and access management portfolio, said Alberto Ocello, CEO of Rome-based CrossIdeas. The platform provides auditors and risk and compliance managers with a console that displays role analytics, user access and alignment with company access management policies.

The company has had a technology partnership with IBM to integrate its access governance and user life cycle management technology using data from IBM's Security Identity Management portfolio.

"IBM can now provide enterprises with enhanced governance capabilities and transparency into risk from the factory floor to the board room, giving leaders the insight they need to protect their brand and customers," said Brendan Hannigan, general manager of IBM Security Systems, in a statement.

Industry analysts said visibility into access management processes and user entitlements could provide valuable threat intelligence information for security information event management systems and big data security implementations. IBM competitors, including CA Technologies, RSA The Security Division of EMC, as well as pure-play vendors Courion and Hitachi ID Systems have added or are developing similar capabilities.

"This is a company that is shaking the cobwebs off the manual access governance activities, pieces of which we have been doing for many years," said Pete Lindstrom, a research director for IDC's security products program. "Now it's about how to get smarter about analytical tools using big data to figure out the immersion properties of identities and identity activity to refine our policies and policy control mechanisms and provide an increased level of protection."

The identity and access management market is in a state of transition with SaaS-based platforms attempting to link traditional and often complex on-premise identity management platforms with cloud-based applications, according to identity management consultants at solution providers and systems integrators.

SaaS identity and access management is a large part of the rapidly expanding ecosystem of security products in the cloud, said Ryan LaSalle, global managing director, security transformation services at Accenture. LaSalle said organizations consider identity and access management implementation projects long and arduous followed by the need for an extensive amount of hand-holding during the onboarding of applications and users.

"We are seeing a bridging with this emerging ecosystem that gives organizations a lot more agility and ultimately are more economical," LaSalle said.

Oracle, CA, Dell, IBM-Tivoli, NetIQ, RSA-Aveksa and others vendors with on-premise platforms are quickly adding SaaS-based components and identity analytics, said Andras Cser, vice president and principal analyst at Forrester Research, who predicts a market shakeup. Some vendors won't be able to retrofit on-premise platforms to support cloud deployments in multitenant environments.

PUBLISHED JULY 31, 2014