Burton Group Identity Blog

Blogger: Lori Rowland

Using the 2008 RSA conference as its platform, Hitachi announced the acquisition of majority shares in M-Tech. The new formed company will operate under the name Hitachi ID Systems and be rolled into Hitachi’s information security portfolio. Hitachi ID Systems will operate as a subsidiary of the Hitachi parent company.

M-Tech, headquarter in Calgary, Alberta Canada has been a long standing vendor in the IdM market. The company’s product profile includes provisioning, password management, privileged account user, AD group management, and various other IdM technologies. M-Tech is best known for P-Synch, its password management offering, but has also faired well in the provisioning market.

While Hitachi is well known in North America, it is a powerhouse in Asian markets. Hitachi sells various consumer products (e.g. electronics and power tools), but also offers hardware and software components for enterprise organizations. Hitachi has a heavy presence within Asian enterprise organizations. The Asian market has been slower to adopt IdM technologies, however it is gaining traction primarily because of the enactment of laws and regulations, such as Japan’s Financial Instruments and Exchange Law (J-SOX). Hitachi ID Systems may have “a foot in the door” with Hitachi’s existing customer base.

Another interesting characteristic of the acquisition is that Hitachi ID Systems will operate as a subsidiary. According to M-Tech founders Gideon Shoham, CEO and Idan Shoham, CTO, M-Tech had been approached by other vendors in the market and had turned down acquisition offers. What made the Hitachi offer stand out? As a subsidiary, M-Tech founders will maintain control over technology direction and day-to-day operations, the M-Tech employee base will remain intact, and the impact on M-Tech’s existing customers will be minimal.

M-Tech realized several other benefits to the acquisition. As the IdM market has become increasingly competitive it was difficult for M-Tech to compete against large, major brand vendors. The acquisition gives M-Tech (now Hitachi ID Systems) access to a global sales team and a large information security consulting team which will be trained on the Hitachi ID Systems product family. Most importantly it gives M-Tech global name recognition.

The attitude of this acquisition seems somewhat different than acquisitions we have seen in the past. While the benefits of the acquisition to M-Tech are obvious, Hitachi’s (the parent company) overall vision for the IdM it is not yet clear. The company does offer various security technologies such as RFID and vein pattern recognition biometrics. However, how and if these technologies will be integrated with M-Tech’s product family has not yet been defined.

Hitachi’s acquisition of M-Tech will no doubt leave some in the market scratching their heads in wonderment.  It is too early to tell the full impact of the acquisition. However, one thing is clear, M-Tech needed the backing and sales channel of a larger vendor to progress in the market. However the battle is yet to be won. This is an unpredictable market; customers are concerned with vendor viability and longevity. The long-term relationship between vendor and customer has become a differentiating factor for many IdM purchases. To be successful, Hitachi ID Systems must quickly communicate a clear vision and an aggressive strategy. Although Hitachi is a recognized name – they are competing with large vendors such as IBM, Oracle, and Microsoft all of whom have already established themselves as powerhouses in the IdM market.

This acquisition proves that the IdM market is full of surprises – never a dull moment. There is still ample opportunity for acquisitions. Acquisition activity will likely continue in the role management, entitlement management, and authorization spaces.  However, even the more mature markets like the provisioning market may see continued activity – as evident by the M-Tech acquisition.

Blogger: Phil Schacter

Today’s announcement of IBM’s acquisition of Encentuate, primarily positioned as a supplier of enterprise SSO technology, is a significant milestone in the maturing of the market for E-SSO. Two years ago E-SSO was viewed as a standalone product that was somewhat complementary to the deployment of stronger authentication and a convenient way to support legacy applications with internal logic that prompted for login credentials, typically a user id and a simple password.

Most identity and access management vendors were content to license or resell technology obtained from smaller specialist firms. IBM, Oracle and Sun partnered with Passlogix, while Novell works with ActivIdentity and Quest with Evidian. CA has its own E-SSO offering stemming from an earlier acquisition of Platinum/Memco.

However, the identity and access management vendors discovered that E-SSO was both a market accelerator and offered some important features of interest to customers with regulatory compliance requirements. E-SSO has a shorter sales cycle (typically six months or less) and is able to deploy more rapidly (one to three months depending on the complexity of the environment). Cost for E-SSO varies but many deals are less than $100K, which is easier on the IT budget than most user provisioning software and service projects. Customers could start with E-SSO and then over time add user provisioning, web SSO, federated SSO, and other components of the identity management suites. E-SSO technology also can provide an audit trail of user sessions and any interactions with applications accessed through the E-SSO system.

So who wins in the IBM deal to acquire Encentuate? First, it’s a big win for Encentuate’s 80 plus customers that can look forward to continued support and a more aggressive product roadmap funded by a premier vendor. Although no financial numbers were shared the deal provides an exit strategy for investors that poured about $24M into Encentuate over the years. The 160 plus customers of IBM’s TAM ESSO v6 will have support from IBM for three years from v6’s general availability date of February 2007. They also will have to choose between continuing to use ESSO v6, and transitioning to become a direct Passlogix customer, or migrating to IBM’s new v7 offering, based on the technology acquired from Encentuate. TAM ESSO v7 is expected to be available in Q3 2008 and will include planned enhancements to Encentuate’s product plus address IBM’s integration requirements.

IBM also plans to build on the engineering talent obtained as a part of this acquisition to build out a Security Software Lab in Singapore for more than just the E-SSO and former Encentuate product lines. This area offers high quality engineering talent and a more efficient operational infrastructure and cost than labs based in some other regions. Another key reason for IBM’s shift to a new technology provider is that Encentuate builds on a J2EE foundation, as do most other Tivoli product offerings.

Another interesting question is what is the impact of the IBM deal on their former partner, Passlogix? Clearly IBM will try hard to convince existing customers that they should migrate to TAM ESSO v7, but any migration is hard and it’s not clear who will fund the professional service cost of doing so. Passlogix expects to derive significant ongoing maintenance revenue from a portion of IBM’s 160 customers, and that this revenue stream will more than offset any lost OEM royalties. There is also the question of what happens to the healthy pipeline for ESSO v6 and whether Passlogix can convert any of these prospects into direct customers. Overall Passlogix is prospering in a strong market for E-SSO and related offerings, and indicates that no one source contributes more than a sixth of overall business revenue.

One final observation about the impact of this deal is that it’s likely to start one final wave of consolidation, with Oracle and Sun considering the business risk of the other acquiring Passlogix first. Another acquisition that should probably happen is for Novell to buy ActivIdentity. Novell already provides the channel for 80% of ActivIdentity’s business, so why not bring this important function inhouse?