IBM Joins The Startup Buying Binge In ID Management - InformationWeek
05:15 PM
Connect Directly
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

IBM Joins The Startup Buying Binge In ID Management

Encentuate gets it experience in a key industry and flexibility in two-factor authentication.

IBM's deal for startup Encentuate should deliver two big additions to its single sign-on and authentication products, an area where IBM already is the market leader. One is customers in the sought-after health care industry; the other is greater flexibility, so employees aren't locked into using one type of token or smart card for strong authentication.

The acquisition, for an undisclosed sum, follows a string of deals by big vendors for identity management and access control startups.

Six-year-old Encentuate has 80 customers, with around half its business from health care groups dealing with U.S. HIPAA rules for information security. "Even though, in some cases, they're small hospitals, they require a certain compliance richness," says Zorawar Biri Singh, president and CEO of Encentuate. "An ability to meet their requirements is readily exportable to other markets."

Encentuate will be integrated with the elements of IBM's Tivoli Access Manager suite, including Identity Manager, Federated Identity Manager, Compliance Insight Manager, and Security Operations Manager. Tivoli resells single sign-on software from Passlogix, and it will offer an upgrade program to Encentuate, which has the potential to irk some current users.

Encentuate lets employees in different parts of a company be authenticated with tools they already have, such as smart cards, biometrics, tokens, and RFID badges, says Joe Anthony, program director for security and compliance management at Tivoli. That, combined with single sign-on to all the applications and data they're authorized for, is a big convenience. In the past, single sign-on "meant that everybody had to have the same second factor, like a token or a smart card," he says. "It's just another thing to keep track of."

IBM also will adopt Encentuate's development facilities in Singapore as a software security lab, its 59th lab. Encentuate has two-thirds of its 40 employees at the site, all devoted to R&D.

Encentuate's authentication products go beyond setting user ID and password requirements. Its Identity and Access Management and its Strong Authentication products also track user activity and can provide a context for what an employee was doing as he accessed certain data or files. That audit trail can be critical to meeting regulations. "Compliance is driving a lot of our customers' decisions," Anthony says.


Startups Snatched Up

MICROSOFT Credentica, March 2008

PING IDENTITY Sxip Access, March 2008

SUN Vaau, Nov. 2007

CISCO Securent, Nov. 2007

ORACLE Bharosa, July 2007
Single sign-on, though, can be a point of tension. Companies get queasy about letting employees access a wide range of applications and data via a single password. Single sign-on "isn't necessarily good for security, because it consolidates to a single failure point," says Rich Mogull, founder of security consultancy Securosis.

However, many of these same companies want to reduce the number of passwords and access methods they use, both to reduce technology costs and to simplify administration. "We've seen a lot of traction there, especially when linked with broader identity management, which Tivoli tries to do," Mogull says.

IBM is expanding its access control and identity management suite at a time when Hewlett-Packard is pulling back. HP will "focus its investment in identity management products exclusively on existing customers and not on pursuing additional customers or market share," says Eric Vishria, VP of HP software. HP will continue to support its Identity Center products and supply consulting services.

Still, the market is fiercely competitive, with Sun Microsystems competing effectively with its Identity Manager, Access Manager, and Role Manager. Microsoft just this month acquired Credentica's U-prove identity and access management software. And open source code continues to invade the market segment. At the end of February, the Eclipse Foundation released Higgins 1.0, a free identity management framework for managing users across multiple sites and applications.

--With Tim Wilson, Dark Reading

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll