This article can also be found in the Premium Editorial Download "Information Security magazine: Seven questions to ask before committing to SaaS."
Download it now to read this article plus other related content.
Prior to 2005, the traditional players in the IAM market were Novell, Sun, IBM and Microsoft. They offered basic identity management products linked to directory services, such as Active Directory (Microsoft) and LDAP (Sun). Other vendors at the time were SAP, BMC, CA and RSA Security, offering various pieces of the identity puzzle such as provisioning and authentication. Many smaller players offered niche products like role management and virtual directories.
Then two things happened in 2005: compliance with regulations such as Sarbanes-Oxley (SOX) started to hit full swing and the acquisition wave took hold. Oracle surprised industry observers with its purchases of two start-ups, user provisioning vendor Thor and virtual directory specialist OctetString. The additions followed Oracle's acquisition that year of Oblix, a supplier of Web access controls. Also in 2005, CA acquired software from InfoSec to clean up obsolete identities, and BMC grabbed Web access vendor OpenNetwork Technologies and Calendra, a supplier of directory management products.
The consolidation wave continued in 2006. Sun acquired Neogent, a product for automating identity management, while RSA acquired Web site authentication companies Cyota and PassMark Security and in turn was snapped up by storage giant EMC. Last year, Oracle
| bought Bharosa, a supplier of strong authentication for Web sites, and Bridgestream, an enterprise role management software company, while Sun purchased Vaau, another role management vendor. The Vaau acquisition is the cornerstone of a plan announced by Sun in March to expand its IAM suite and face Oracle and IBM head on. In March, IBM acquired enterprise single sign-on (SSO) vendor Encentuate.
All these acquisitions have largely shifted the IAM market to a few big players offering integrated suites. There are plenty of small vendors offering standalone products, but three areas in particular could be potential takeover targets for larger vendors looking to round out their suites: enterprise SSO, virtual directories and privileged account management.
This was first published in May 2008