Big Blue is betting big on identity intelligence. IBM just acquired a private company that has developed security
software to govern user access to applications and data across both cloud
and on-premise environments.
IBM is calling out a clear demand for stronger identity intelligence solutions. The reasoning: Business leaders are burdened with government regulations and ever-increasing sophisticated security threats -- and they need security solutions that offer visibility into operational and IT risks.
Apparently, Big Blue saw CrossIdeas as the fastest way to offer a solution. CrossIdeas helps organizations manage identities and application access by bridging the gap between compliance, business, and IT infrastructure. The end goal is to help reduce the risk of fraud, conflicts of duties, and human error in business processes.
We caught up with Marc van Zadelhoff, Vice President of Strategy and Marketing at IBM Security Systems, to get the company’s reasoning behind the acquisition. He told us the convergence of cloud, mobile, big data and social is thrusting identity as the new perimeter for organizations.
“Governing these identities and their levels of access has become an acute focus for CISOs,” Zadelhoff said. “We see the use of analytics, to add deeper intelligence into the process, as a major innovation organizations will add to their security operations. Overall, the security market is amongst the fastest growing in the market and IBM has seen our own business grow 20 percent just in the first half of 2014."
Mitigating Risks and Violations
CrossIdeas certainly beefs up IBM’s services and software for securing enterprises. The company will fold into IBM’s Identity and Access Management portfolio and its technology promises to deliver identity and access governance capabilities to help mitigate access risks and segregation of duty violations. The combined business-driven approach results in integrated governance and full lifecycle management of a user’s time with an organization, according to company officials. Financial terms of the deal were not disclosed.
“IBM can now provide enterprises with enhanced governance capabilities and transparency into risk from the factory floor to the board room, giving leaders the insight they need to protect their brand and customers,” said Brendan Hannigan, General Manager of IBM Security Systems.
Here's an example from IBM: A stock trader working in a financial institution who is promoted and offered access to approve trades in a new system while simultaneously holding access credentials to the old system. The problem is that this dual access may constitute a segregation of duties violation -- and that means the company could fail a compliance requirement.
CrossIdeas’ tech solves this problem by allowing auditors and managers to detect and remediate the segregation of duties violation before it emerges as a security risk and audit exposure.
Drilling Down to Dashboards
With the acquisition of CrossIdeas, IBM is hoping to turn the heads of auditors and risk and compliance managers looking for a more complete solution for role analytics, visualizations for deeper user access insights, and compliance and access risk requirements alignments.
CrossIdeas’ identity intelligence solution is delivered through centralized compliance dashboards. Simply put, it allows auditors to evaluate access risk and activity-based segregation of duties across enterprise-wide applications. The dashboards are populated using identity and access repositories from various sources, including IBM Security Identity Manager.
The integration should be smooth, considering the pre-existing relationship between the companies. CrossIdeas has participated in the Ready for IBM Security Intelligence program and already allows IBM customers to deploy integrated access governance and user lifecycle management technologies using IBM’s Security Identity Management portfolio.