IBM on Wednesday acquired Encentuate, a startup in single sign-on and strong authentication security. The terms of the deal weren't disclosed, but the deal was IBM's sixth of 2008. It's been averaging 12 a year for several years.
IBM already is the market leader in identity management software, which makes the acquisition, at first glance, seem somewhat superfluous. Forty-employee Encentuate has 80 customers after six years of product line development, and half of them are in a single vertical market.
But it's those vertical customers that might have prompted IBM to drop its calling card at Encentuate's door in the first place. They are 30 to 40 hospitals and health care organizations in North America using Encentuate, in part, to make sure they maintain HIPAA compliance.
"Even though, in some cases, they're small hospitals, they require a certain compliance richness. An ability to meet their requirements is readily exportable to other markets," said Zorawar Biri Singh, president and CEO of Encentuate.
Health care "is an important customer base to IBM," said Scott Crawford, analyst with Enterprise Management Associates. Along with identity management software that's easy to deploy and integrate, IBM is gaining entrée to additional members of a key vertical industry group, he said.
Encentuate will be integrated with the elements of the Tivoli Access Manager suite, including Identity Manager, Federated Identity Manager, Compliance Insight Manager and Security Operations Manager.
In addition, IBM will adopt the Encentuate development facilities in Singapore as its software security lab, its 59th lab. Singh said Encentuate had two-thirds of its 40 employees at the site; all devoted to R&D. Administrative, marketing and sales are located in Redwood City, Calif.
Encentuate produces strong authentication products that go beyond setting user ID and password requirements. Its Identity and Access Management and its Strong Authentication products also track user activity and are able to provide a context for what an employee was doing as he accessed certain data or files.
"Not everybody does that," said Crawford. Being able to say "what resources were accessed by whom and in what context" is key to establishing an audit trail and meeting certain compliance requirements under Sarbanes-Oxley, Basel II, Payment Card Industry standards or Japan's Financial Instruments and Exchange Law.
IBM is expanding its access control and identity management suite at a time when Hewlett-Packard is pulling in its horns. "HP Software has decided to focus its investment in identity management products exclusively on existing customers and not on pursuing additional customers or market share," said Eric Vishria, VP of HP Software. HP will continue to support its Identity Center products and will continue to supply identity management consulting services.
The market is fiercely competitive, with Sun Microsystems competing effectively with its Identity Manager, Access Manager, and Role Manager. In addition, open source code continues to invade the market segment. At the end of February, the Eclipse Foundation released Higgins 1.0, a user-centric identity management framework that is freely available for managing users across multiple sites and applications.
Sun also has teamed up with Microsoft to make Active Directory work smoothly with Sun's identity management products. Both are trying to match Encentuate's single sign-on feature for large enterprise users.
Oracle has its own identity management software as well, along with several independent software suppliers.