Sun Microsystems Inc. is the latest IT infrastructure provider to open its checkbook in an effort to bake better defenses into its product line. The company announced Tuesday that it will acquire Vaau Inc., a vendor of enterprise role-management (ERM) technology.
Jim McHugh, Sun's vice president of marketing and software infrastructure, said the move is designed to help his company better serve customers who need effective ERM tools to satisfy a variety of security regulations. Customers need ERM to discover, define and manage user access with a common vocabulary that links business and IT, he said, adding that Vaau's RBACx product -- combined with the provisioning and identity auditing capabilities of Sun's identity management portfolio -- will help enterprises streamline the provisioning process and reduce auditing costs as well.
The definitive agreement to acquire the Torrance, Calif.-based vendor is subject to customary closing conditions and is expected to be completed during Sun's fiscal third quarter 2008, which begins Dec. 31. Sun did not disclose terms of the deal, saying the transaction is "immaterial to Sun's earnings per share."
The acquisition continues the trend of large IT infrastructure providers using mergers and acquisitions to work more security into their products. In September, for example, Oracle Corp. acquired ERM vendor Bridgestream Inc., and earlier this month Cisco Systems Inc. announced that it's acquiring security software maker Securent
Roberta Witty, an analyst with Stamford, Conn.-based Gartner Inc., said in an interview Tuesday that the latest acquisition appears to be a "me-too" move on Sun's part, in response to the recent Oracle and Cisco announcements. Nevertheless, she said, the move is a wise one for Sun because it will allow the company to develop a true identity access governance tool.
"This is yet more evidence that the role-management marketplace is shrinking," she said. "The role-management and identity-management vendors are going to collapse and the technology [will be] absorbed into the larger IT infrastructure."