Posted 9:05 AM (0) comments

Burtner or Garton?

Huge news this morning as it was announced that Gartner had purchased the Burton Group in a straight cash transaction (reportedly $56 million). WTF?

These are groups addressing two different constituencies. As the Wall Street Journal reported: "Gartner has typically focused on advising companies' chief information officers and senior IT executives, while Burton has built its business by advising 'front-line IT professionals,' said Gartner Chief Executive Gene Hall."

Even though I don't always see eye-to-eye with the Burton Analysts, I consideer them to be the finest group of minds available on IdM questions. Bob Blakley, Gerry Gebel, Ian Glazer, Kevin Kampman, Lori Rowland, and Mark Diodati are an Identity brain trust , almost a national treasure. Add in the brilliant minds of Phil Shacter, Dan Blum and - of course - Jamie Lewis and you have an irreplaceable resource.

Gartner also has some good minds in IdM, just not as many. I could easily sit and chat with Earl Perkins all day, for example. But Gartner's IdM practice isn't something I want to listen to. As I said last year, about Gartner's IdM Summit: "It isn’t a conference that you, the identity management expert, should go to – at least not alone. This is really geared more to the line-of-business (LOB) manager who needs to get a handle on this 'identity stuff'.” And Perkins agreed with me.

This acquisition could put Gartner in the forefront of IdM thinking, or end up with all of Burton's heavy hitters on the back burner. Time will tell.

Labels: acquisition, Burton, Gartner

Posted 9:35 AM (0) comments

Microsoft strengthens Healthcare IdM Portfolio

Microsoft announced today the acquisition of Sentillion, Inc., an acknowledged leader in IdM for the Healthcare industry.

Earlier this year, the Gartner Group placed Sentillion in the "Visionaries" quadrant of their Magic Quandrant for User Provisioning, saying:

"Sentillion's singular focus is on meeting the identity management needs of healthcare entities. It remains in the Visionaries quadrant due to its continuing innovation in healthcare provisioning needs, continued customer growth, its increasing name recognition within healthcare, and its expanding partner network for resale and system integration."

So why did Microsoft pick this particular company? Let's go back a couple of years to an interview I did with Sentillion CEO Rob Seliger. I tried to get him to admit an interest in branching out beyond healthcare. Nothing too exotic; perhaps an allied market like pharmaceuticals? But he wouldn’t be baited. He claimed Sentillion knows the market well – the company was spun-off from HP’s Medical Products Group nine years ago - and wants to leverage its expertise to do healthcare identity better than anyone else.

Some say they were doing just that. And now they have Redmond's deep pockets behind them - the sky's the limit. At a time when the US is about to undergo a healthcare revolution, Microsoft shows remarkably agility in getting out in front.

Labels: acquisition, Gartner, Microsoft, provisioning

Posted 9:59 PM (2) comments

Oracle-Sun merger: a gathering of opinion

When I heard about Oracle's purchase of Sun, I started contacting those I know in IdM - vendors, consultants, and users - to gather their opinion on what it means both to the industry and to those who use the products. Here's what some people had to say:

I think [this] is a positive change, Sun was suffering from a lack of direction, and Oracle is probably going to get things straight.

Regarding the market, in the software arena is where things are going to be interesting:
MySQL is going to die.
In the identity space I think Oracle products are going to win, that probably means that OpenSSO, glassfish etc are going to suffer a slow death (I am not sure about the dedication of Oracle to OpenSource). I still think that the Directory is going to be the only part of sun that has a potential to live.
This sets an interesting landscape in which those employees that are fired (or made redundant :) ) as they might take the OpenSource code and spin off a company that makes a living out of that (something along the lines of unboundID).

Regarding Symlabs as a company I do not expect to see major changes, as the clients that prefer Oracle are going to prefer Sun, it also means that the VDS from Sun is never going to see the light (OVD is a good product).
In the federation space the oracle product would probably stay and we have always had a good relationship with oracle (from our IGF collaboration).

- Antonio Navarro, Symlabs
My view: The directory will survive. Everything else is suspect (including Open SSO).

- Mike Neuenschwander, MyCroft
1. Larry Ellison wants an operating system so that he can pee with the Big
Guys. And hey, what's a few billion more or less?

2. Larry is just about the uncoolest person in the world a far as the open
source community goes. And HE is going to own Java? Give me a break!

- Tim Cole, Kuppinger-Cole
In the identity management space, Sun and Oracle are direct competitors and Oracle will likely want to consolidate products.

1. Directory: Oracle’s OID is core to Oracle’s platform, as it uses the database as a back end. On the other hand, Sun’s directory server is much more widely deployed, despite some reliability problems. Hitachi ID predicts that Oracle will add the ability to use an Oracle database as a back end to Sun’s directory server and use the resulting software to replace OID.

2. User provisioning: Architecturally, Sun’s identity manager product (Waveset acquisition) has serious performance and scalability problems, since it keeps a significant amount of user profile data in a complex XML object stored in each user’s LDAP directory object. As a result, Oracle will will likely ask Sun IDM customers to upgrade to Oracle’s product (Thor acquisition). Sun IdM customers will not accept an upgrade option unless the new product has all of the same functionality and there is a reasonably automated migration process. This means that Oracle will have to spend a significant amount of time and product engineering effort to:

• (a) Find the functional and integration gap between the Sun and Oracle user provisioning products.
• (b) Close the gap so that the Oracle (formerly Thor) product covers 100% of the capabilities of the Sun product.
• (c) Develop a migration program to help customers move from the Sun to the Oracle product.This process will likely take 1–2 years and consume most of Oracle’s IdM product engineering bandwidth, effectively ruling out any major improvements in either product during that time.

3. Role management: Sun’s acquisition of Vaau was mostly intended to impress influencers such as analysts and press. Hitachi ID’s evaluation of Vaau convinced us that the Vaau product was totally unworkable (we could not get it to even load a real-world data set from a mid-sized company). It follows that this product will be replaced by Oracle’s role manager (Bridgestream acquisition).

4. Web access management: Sun has had no luck selling its WebAM/WebSSO product, and has consequently open sourced it. As an open source (and importantly: no license fee) product, this product has quickly improved both in quality and market acceptance.
Oracle’s acquisition in this space (Oblix) has reasonable market share and is architecturally robust. Oracle will likely be forced to maintain both products – one commercial and one free – going forward.

5. Federation: Neither Oracle nor Sun seem to have a large market share for their federation technologies, so this space remains open to strategic changes. Hitachi ID does not have any special insight about where this market segment will wind up, though the volatility in the market may well create an opening for the user-centric and claims-based technology being developed by Microsoft.

- Idan Shoham Hitachi ID Systems, Inc.
Huge layoffs at Sun--more than already anticipated (5-6K),

Huge change of culture at Sun,

Huge psychic impact on IT domain

* mega-consolidations, not just M&As

* concern for independence of JAVA, Open Source OSs, MySQL (this more so because of Oracle's db)

* hegemony of Oracle within world-class db farms


Oracle may be a better fit for Sun [than IBM]-- (Solaris/Sun platform, Oracle Fusion)

* Intensive use of Java by Oracle

* Oracle does not have IBM's data-storage model/infrastructure

* Oracle may not be anywhere near as stifling as IBM to Sun's innovation model

* Sun still has truck loads of talent that could be leveraged by Oracle

Christopher Paidhrin, IT Security Officer, ACS Healthcare Solutions
I think it will significantly strengthen Oracle's position in the identity space. They will be a strong player. Sun started Liberty, and now Oracle is driving it.

Dick Hardt, Sxipper (and Microsoft).
[B]etween the two companies they have a glut of products that will need rationalization. It's practically the whole stack from directory up to role management and beyond. A clear roadmap of product rationalization will be needed quickly in order to prevent customer chaos. No matter what, there are products that will have to go. This is an opportunity for the other vendors like IBM, Microsoft and Quest to step in during the turmoil. This really goes to show that no bet - established suite vendor or otherwise - is necessarily a safe bet!

Jackson Shaw, Quest
Consolidating the identity management market further was undoubtedly not one of the top 5 reasons that Oracle acquired Sun but this will definitely be one of the many ripples that occur from this deal. Clearly there is significant product overlap, so there is probably going to be a period of anxiety for both Oracle and Sun identity management customers regarding which product from the Sun or Oracle portfolio wins out in the end when the merged product roadmap is finally announced.

- Tom Kemp, Centrify
This move represents further consolidation in the Identity and Access Management (IAM) market. While they were once a leader in the IAM space, recently Sun has struggled to maintain its momentum and market share. This has been due, in part, to Sun's focus on re-stabilizing their server business, instead of focusing on their IAM technologies. After recently shopping themselves around for acquisition by other major technology players like IBM and Cisco, the Oracle acquisition calls into question the future viability of Sun's IAM product line. Oracle has its own IAM suite that is well positioned in the market with 5.1 percent market share compared to Sun's 1.4 percent market share.

- Jay Roxe, Director of Product Marketing, Novell
It's safe money that there will be a period of both uncertainty and difficulty as both Oracle and Oracle/Sun customers rationalize their environments and offerings. For companies looking to make a decision, should they buy & deploy a stack now and hope their efforts are not scrapped by the vendor OR should they go with the the stack alternative that's always been there, has great references, a very healthy business, and lives and dies by this space?

- Chris Sullivan, Courion Corp.

Labels: acquisition, oracle, Sun

Posted 9:14 AM (0) comments

Holy crap!!

I had to look twice at the calendar this morning when I read: Oracle agrees to buy Sun for $7.4B - Network World. But no, it was the 20th of April, not the 1st.

After all, there's so much overlap (starting with, say, MySQL) that it will be a complicated mesh-vs.-divest argument. There's virtually nothing in the IdM arena, for example, that Sun can provide which Oracle doesn't already have - and, in most cases, already have a better solution.

It's really only in the hardware business that Oracle is acquiring something they don't already have, but it seems like a very drastic step to take simply to be able to assemble their own appliances.

Maybe it's just Larry Ellison's way of telling both IBM and Microsoft that he intends to be a player in every high tech arena.

Labels: acquisition, oracle

Posted 8:16 AM (0) comments

Congratulations!

...to all my friends at NetPro and Quest who now will operate under the same banner. Quest, over the past 6 or 7 years, has slowly acquired a number of key players in the 3rd party Microsoft managed identity space from FastLane (back in 2000) through Vintela a couple of years ago. Each time, key players from the acquisition have come along to oversee integration and each time it seems to have gone off without a hitch.

Time will tell how the Experts Conference might be affected, but Quest has been involved there for a few years and I doubt they'll do anything to tamper with success (unlike, say, CSO and Digital ID World).

I wonder if NetPro CEO Kevin Hickey will trade in his Yankee pinstripes for Dodger blue?

Labels: acquisition, Active Directory, trade show

Posted 1:42 PM (0) comments

Another one bites the dust

Well, that might be too strong, but another veteran independent Identity vendor has been acquired. M-Tech announced today that Hitachi had acquired a majority interest in the Calgary, Alberta firm.

M-Tech owns a large segment of the provisioning business in Canada, especially government (federal and provincial) provisioning. But beyond provisioning, M-Tech (now officially called Hitachi-ID) offered the full panoply of the Identity suite - password management, authentication and authorization, role management, audit and entitlement, etc. It'll be interesting to see how long it takes Hitachi to digest the acquisition (I don't think it will be very long) as well as how this will change the playing field (especially in Asia) for Sun, IBM and the others in this space. It could get very interesting.

Labels: acquisition, enterprise

Posted 9:01 AM (2) comments

Cisco gets entitled - updated

Cisco Systems announced this morning a definitive agreement to acquire entitlement management leader Securent, Inc.

I've disagreed with Securent CEO Rajiv Gupta on some issues, notably the use of role management in identity and entitlement systems, but I can't disagree about this move - it makes a good deal of sense from Securent's perspective.

Entitlements, usually linked to applications and the rights and privileges users have within those applications (as opposed to standard operating system rights to access the application), should also be linked to the field of Network Access Control - NAC (which Cisco calls Network Admission Control). From that point of view its also a good move on Cisco's part.

Whether or not it advances Identity Management at all, though, is open to question. Cisco, certainly, has a view of identity that's very much at odds with other major technology vendors. As a hardware company, it tends to focus on the platform, not the user. It's important to remember that all those "things" in the network have identity, but not at the expense of the people using those things. By the same token, Securent might be thought of as focusing too narrowly on the rules and not seeing the users who the rules are built to support.

I don't think this signals a round of acquisition activity for entitlement management companies, but only time will tell about that. In the meantime, keep working on your Role Management rollout.

UPDATE: As someone pointed out to me, Securent will join Cisco's "Collaboration Software Group" which, as far as I can tell, is the group responsible for WebEx and not much else. The group is headed by Don Proctor, formerly Senior Vice President of the Voice Technology Group, a remarkably unsuccessful branch of the networking powerhouse. In looking around the Cisco web site, in fact, they seem more of a candidate to become a Securent client rather than an acquirer - unless John Thompson Chambers (thanks, Ian!) wants to keep the technology all to himself!

Labels: acquisition, entitlement, roles, security

Posted 1:04 PM (0) comments

Journalistic ethics

Larry Barrett, at Internet News, jumped the gun on the announcement that Oracle had acquired Bridgestream. While the deal has been rumored for a couple of weeks (and actually was signed off on over two weeks ago), the lawyers had held off on the announcement to be sure all the Ts were crossed and all the Is were dotted. Official announcement should come on Tuesday, Sept. 4.

Barrett has done a great disservice to those of us who try to practice ethical journalism by actually abiding by embargo dates so that we can thoroughly research the story before it breaks. It is a big story, but there's nothing about it which requires breaking a confidence. I'll have more to say once it's official.

Labels: acquisition, bridgestream, journalism, oracle

Posted 3:31 PM (0) comments

Oracle to buy BridgeStream?

Dan Primack, over at PEHUB, threw out a rumor the other day that Oracle was about to acquire BridgeStream, the role definition and management company. I've followed the privately held San Francisco startup for the past couple of years, and even just last summer believed that acquisition wasn't in the cards just yet:

"With some preaching a top-down approach of creating roles based on business rules and practices while others advocate a bottoms up approach emphasizing audits and data mining of what people actually do, there's no definitive "best practices" for role creation. While it seems obvious that, eventually, a synthesis of these methods will emerge as the standard way to create and manage roles, there's still enough diversity in the marketplace that the big identity management vendors aren't willing to bet on the final outcome. Instead, they'll partner with many different role creation companies. That means that folks like Bridgestream, Eurekify, Trusted Network Technologies, BHOLD, Blackbird, Engiweb, Prodigen, SecurIT, and Vaau will maintain their independence for now with only the remote possibility that should any of them founder with customers their investors might seek to sell out at fire sale prices."

But I think I can give a fair amount of credence to Primack's rumor for two reasons:

1) Oracle is still on an acquisition roll, and getting deeper into roles makes sense for them;
2) Role management needs to be intimately connected to the IdM suite of products, something that simply parternering with an independent role management company doesn't give a major vendor.

Look for this to become official over the next week or so...

Labels: acquisition, bridgestream, oracle, RBAC, roles