IBM acquires identity management vendor

IBM Corp. officials took steps earlier this month to give organizations better control over who can access critical information and resources.

The company did this by entering into an agreement to buy Access360, a developer of identity management software based in Irvine, Calif. Financial details were not disclosed.

Identity management software helps organizations consolidate data by automating the management of employee, contractor, business partner and customer access rights to applications and network resources based on the organization's policies.

As businesses extend beyond their corporate firewalls, administrators face a daunting challenge in keeping track of user account and access rights information. Often, companies do not have a system for immediately terminating access rights when an employee or contractor leaves, opening the door for a security breach.

That may be equally true in the federal government and the private sector, and other vendors have recognized this trend. Officials at Northrop Grumman Information Technology, for example, announced in July that they would offer Waveset Technologies Inc.'s Lighthouse identity management software to federal agencies.

Tremendous overhead costs are associated with manually setting up or assigning rights to user accounts, said Paul Gigg, chief executive officer of Access360. The company's enRole software "monitors feeds from human resource databases to pick up changes in employee and contractor accounts."

If necessary, enRole can turn off access to an application or add a new application to a user's account if corporate policy dictates, he added. It supports a wide range of applications and computing platforms, including IBM, Microsoft Corp., Novell Inc., Oracle Corp. and Unix.

Such features will enable IBM to provide a more comprehensive set of identity management tools, said Robert LeBlanc, general manager of Tivoli Software in the IBM Software Group. Combining Access360 software with IBM's Tivoli Privacy Manager software and Tivoli Access Manager, which lets companies control access to applications and data, will improve IBM's identity management portfolio.

IBM customers are asking, "'How do I manage users and make sure the right person is getting the right access to data?' They want to do this from end to end rather than in individual pieces," LeBlanc said.

IBM plans to use enRole as the core technology on which the company will build future identity management products. A tool that integrates IBM's access control products and enRole will be available early next year.

IBM will offer a product integration road map after the acquisition is approved. Access360, a 4-year-old company with 128 employees, will become part of the IBM Software Group and integrated into the Tivoli software portfolio.

But acquiring Access360 does not guarantee that IBM will become a dominant player in identity management, said Eric Hemmendinger, research director for information security at the Aberdeen Group, a Boston-based consulting firm. Often, the way "IBM markets and positions itself in the security arena is not articulate," he said, but officials would be wise to allow Access360's customers to help drive future product features.