Burton Group Identity Blog

(Blogger: Phil Schacter)

Today Cisco announced its agreement to acquire Securent for $100M. This is one of 125 acquisitions that Cisco has made over the past decade, and is a bargain relative to some of the recent Web 2.0 technology acquisitions by Cisco and others. Cisco gets a leading product in the nascent entitlements management field, and a team of 57 experienced engineers and marketing staff with roots in identity management and SOA and alumni from Oblix/Confluent, Thor Technologies, Oracle, HP, Netegrity, and others. So why is Cisco investing in entitlements management, and how is this change in ownership likely to impact customers and the market?

First, let’s consider the important and emerging role for entitlements management as part of a broader access control infrastructure that externalizes the policy decision point and policy administration systems from existing applications, collaboration services, and network infrastructure. Just as it became apparent that IT organizations needed to externalize identity information and identity management from the typical enterprise application silo, it’s long been a goal to extract the business logic that makes access policy decisions from individual applications. This looser binding of policy from application logic makes it easier (and much faster) to respond to changing regulations and business needs. Until recently that goal was seldom achieved and required each organization to separately develop a custom middleware layer. Several customers have spoken at our Catalyst conference over the past four years on their homegrown entitlements management projects. With the arrival of XACML as a standard way to express policy, and commercial product offerings from Securent and others, it has become possible to buy the necessary middleware technology rather than have to build and maintain it yourself.

There is also a close dependency between policy services and infrastructure, and identity services and infrastructure. Both are needed to make good access control decisions as part of a broader security and risk management program. However, in most organizations there are multiple infrastructure domains – network, applications, collaboration, information/content, etc. Each of these domains has its own requirements and variations on policy, and separate administration and enforcement mechanisms. Cisco is positioning resource and policy management as a component in its SONA marketecture, with the network becoming the provider of policy services to SOA, Web 2.0, collaboration, unified communications, and enterprise applications. The Securent acquisition fills in an important functional gap in Cisco’s ability to execute on their SONA vision. And, in particular Cisco is looking for this acquisition to enhance its ability to provide some shared access control infrastructure for its growing portfolio of collaboration and unified communication offerings, which is the rationale for having the Securent operation report into the Collaboration Software Group.

Somewhat surprisingly, the Securent acquisition isn’t being driven by Cisco’s Security Technology Group, with its NAC, VPN, and network authentication product lines. Many of these products already integrate with identity infrastructure, typically through the RADIUS protocol and Secure ACS product. All of them represent network policy enforcements points that could benefit from a shared set of policy administration and policy decision point services. It will clearly be a major challenge for Cisco to maintain its SONA vision for policy as a common network service, and not to focus exclusively on the priorities of the Collaboration Software Group that assumes business responsibility for the Securent team and its intellectual property. Cisco will also face challenges in addressing the ongoing needs of current Securent customers, mostly representing enterprise applications or identity management teams within the IT organization. Current Cisco channels are not well positioned to represent products into the application development organization.

Overall, the Securent acquisition is likely to be a success for Cisco and deliver value to many Cisco customers. However, it’s unlikely that the newly acquired team will be able to retain its current positioning as a general entitlements management offering, as Cisco priorities redirect efforts to the high revenue opportunity markets in collaboration and unified communications. Rather than this acquisition being the first move in a strategy for Cisco to become a major player in identity services, it is more likely to take a rising star out of the identity market to be subsumed within a network and collaboration mega-vendor.