Enterprise Strategy Group | Getting to the bigger truth.TM

Posts Tagged ‘CA’

Friday, September 3rd, 2010

Anyone remotely interested in identity management should definitely download a copy of the National Strategy for Trusted Identities in Cyberspace (NSTIC) document. It can be found at this link: .

A a very high level, the strategy calls for the formation of a standards-based interoperable identity ecosystem to establish trusted relationships between users, organizations, devices, and network services. The proposed identity ecosystem is composed of 3 layers: An execution layer for conducting transactions, a management layer for identity policy management and enforcement, and a governance layer that establishes and oversees the rules over the entire ecosystem.

There is way more detail that is far beyond this blog but suffice it to say the document is well thought out and pretty comprehensive in terms of its vision. This is exactly the kind of identity future we need to make cloud computing a reality. Kudos to Federal Cyber coordinator Howard Schmidt and his staff for kicking this off.

I will post my feedback on the official website, but a few of my suggestions are as follows:

  1. Build on top of existing standards. The feds should rally those working on things like Project Higgins, Shibboleth, Liberty, Web Services, Microsoft Geneva, OpenID, etc. Getting all these folks marching in the same direction early will be critical.
  2. Get the enterprise IAM vendors on board. No one has more to gain — or lose — than identity leaders like CA, IBM, Microsoft, Novell, and Oracle. Their participation will help rally the private sector.
  3. Encourage the development of PKI services. PKI is an enabling technology for an identity ecosystem but most organizations eschew PKI as too complex. The solution may be PKI as a cloud service that provides PKI trust without the on-site complexity. This is why Symantec bought the assets of Verisign. The Feds should push Symantec and others to embed certificates in more places, applications, and devices.

There will be lots of other needs as well. The document recommends identity and trust up and down the technology stack but it doesn’t talk about the expense or complexity of implementing more global use of IPSEC, BGPSEC, and DNSSEC. There is also the need for rapid maturity in encryption, key management, and certificate management. Good news for RSA, PGP, nCipher (Thales), IBM, HP, Venafi, and others.

The key to me is building a federated, plug-and-play, distributed identity ecosystem that doesn’t rely on any central authority or massive identity repository. This is an ambitious goal but one that can be achieved — over time — if the Feds get the right players on board and push everyone in the same direction.

WSJ Reports Imminent Sale of ArcSight: Handicapping the Suitors

Thursday, August 26th, 2010

An industry friend just sent me a story from the Wall Street Journal proclaiming that security management leader ArcSight will be acquired within the next week. The story goes on to say that the likely buyers include Oracle, HP, , IBM, and CA.

Hmm. First of all, anyone familiar with ArcSight was sure this was coming. The company is a leader in a growing market segment, has a great Federal business, and is one of few real enterprise players. It is interesting to me that the Wall Street Journal is spreading rumors but that’s another story.

Let me weigh in by handicapping the field:

  1. Oracle. This would be a bold strategic move as Oracle plays in security tools and the identity management space, but not the broader security market. ArcSight is an enterprise software company so it fits with Oracle sales and channels. ArcSight also runs on an Oracle database (for better and for worse). To me, Oracle makes sense as a potential suitor.
  2. HP. HP people always tell me that they want to be in the security services, not the security products business. The company backed this up when it sold its identity management portfolio to Novell. ArcSight fits with OpenView/Opsware as enterprise software so it may have changed its mind, but HP probably wants to be careful with acquisitions in the wake of the Mark Hurd scandal. Heck, HP put in a bid for 3PAR this week and Wall Street went nuts. Given these factors, I’d be surprised if it were HP.
  3. EMC. Forget this rumor. EMC already bought one of ArcSight’s primary competitors (Network Intelligence, now RSA EnVision). There are a dozen security acquisitions I could think of that would make more sense for EMC/RSA.
  4. IBM. Great fit in terms of enterprise software but this would be IBM’s third security management offering (the original Tivoli security manager and then GuardedNet which IBM got as a result of the Micromuse deal). Neither of these products have really resonated in the market. If anyone can erase two previous products, IBM can. I rate this one as likely as Oracle.
  5. CA. CA’s security presence is really limited to the identity space. Like IBM, CA has tried several times to penetrate the security management market with little success. I can see CA wanting ArcSight but if Oracle or IBM jump in, the price may quickly get too high for CA.

Given the Intel deal, McAfee is likely out of the running. I’ve heard through the grapevine that McAfee made several attempts at ArcSight but the price tag was just too big. Symantec, like IBM and CA, has also developed security management products that haven’t taken off in the market. If Enrique Salem is up for another big acquisition, ArcSight would be a great fit.

Finally, wherever ArcSight ends up, there are plenty of other innovative security management companies that may quickly follow. Feisty Q1 Labs would be a natural for Juniper. Brainy Nitro Security could be a fit for Cisco or CA. LogRhythm could be a good addition for HP, Check Point, Websense, etc.

ArcSight deserves what it gets as it really guided the security market moving forward. Its fate will greatly influence the enterprise security market moving forward.

Oracle, Sun, and the Identity Management Waiting Game

Monday, December 7th, 2009

This past April, Oracle shocked the technology world by announcing its intention to acquire industry icon Sun Microsystems. The deal was approved exactly 3 months later by the U.S. Department of Justice but as of this writing, the European Union has yet to sanction the merger. Apparently there is some concern on the Continent about Oracle’s ongoing support for the MySQL database as well as some specific issues raised by SAP.   There is a hearing scheduled for December 10 with the final review deadline extended until January 27.

While discussions persist in the EU, one particular customer segment is completely in the dark with no light switch in sight. While there is almost no overlap between the two companies, both have extensive identity management portfolios with strong market share. How will Oracle manage this overlap to the satisfaction of Sun and Oracle customers? It is in a quiet period and can’t say. Oracle has made broad statements about leveraging both product suites, leading with the best technologies, and supporting all product through the transition but nearly 8 months has passed since the Oracle/Sun shocker and identity management customers still have no clue what the future will bring.

This situation has created some consternation in the market. I met some folks last week who had recently joined a security vendor from a Sun identity management services firm. They told me flat out that business completely died after the merger was announced and they really didn’t know what to say to concerned customers. In the meantime, other identity management leaders like CA, Courion, and IBM were aggressively attacking the installed base with swap out deals, migration services, and deep discounts.

Oracle is a huge company and the Sun acquisition is pretty bold, but Larry Ellison and company probably never imagined that it would take 8 months to close. That said, the EU is dragging its feet and making this process much more expensive and tedious than it should be. Unfortunately Sun identity management customers have been thrown under the bus through no fault of their own.

I hope the EU and Oracle work this out soon. Identity management isn’t a commodity technology widget, it must often go through cumbersome customization to meet business and operations processes. None of Sun’s identity management customers want to repeat the identity management lifecycle anytime soon.

Brocade Could Go On a Shopping Spree

Monday, November 23rd, 2009

I never really believed the rumors about HP buying Brocade. No disrespect to Brocade, I just thought that HP’s interest was really in Ethernet and IP networking and not Fibre Channel.

Will another company acquire Brocade? I can’t think of any obvious takers. The financial analyst rumors that Juniper would buy Brocade were ridiculous and obviously spread by someone who doesn’t know Juniper. IBM and Dell? I don’t think either company is gung-ho to get back into the networking game. Besides, both companies already have a Brocade OEM relationship in place.

Since Brocade is likely to remain independent, my advice would be to prepare for the long-haul by filling in product gaps with innovative startups and doubling down on its direct sales and distribution channel resources.

If I were in charge of M&A at Brocade, here are a few areas that would top my Christmas shopping list.

1. WLAN. Yes, I know Foundry has a wireless offering but I can’t imagine that it is selling a lot of equipment. If Brocade’s board can stomach another big deal, Aruba Networks would give the company an immediate WLAN leadership position where it could upsell other switches and routers. If Aruba is too rich for Brocade’s taste, Meru Networks has great technology and would probably sell for a song.

2. Network security. The pickings are slim here but one interesting play might be Crossbeam Systems. Crossbeam is one of a few high-end “Network Security Super Gateways” (NSSG) and has been very successful in the service provider and ISP markets. This could help Brocade in both areas and also bring an instant relationship with Crossbeam OEMs like Check Point and ISS (now IBM). This would also complement Brocade’s data center strength.

3. Security management. Like Aruba, Brocade could reach for the stars and pick up market leader ArcSight but this would cost over $1 billion. Again, if this price is a bit too scary, Brocade could choose networking-savvy Nitro Security or feisty LogRhythm. Any of these choices could give Brocade a Cisco MARS alternative.

4. WAN optimization/Application Delivery. Brocade has a pretty good portfolio of Application Delivery Controllers but it could become a market upstart by grabbing A10 Networks. A10′s economic value proposition could be extremely attractive for companies with large and growing web applications and A10′s founder has roots at Foundry. This could also leverage Brocade’s data center prowess. On the WAN optimization side, SilverPeak has some strength in data center-to-data center networking and is likely available.

5. Network management. Lots of niche players here, too many to name. My advice would be to work closely with CA.

Brocade could stand firm as it has the Fibre Channel market pretty much locked up but Cisco, Dell, and even HP have internal agendas that probably favor FCoE over time. Nevertheless, FC isn’t going away any time soon. This gives Brocade a data center beachhead to build from. In this regard, Crossbeam and A10 Networks would definitely be a short-term fit while the others mentioned above would provide instant diversification.

In my humble opinion a creative M&A or aggressive partnering strategy would be extremely useful for Brocade in 2010 and beyond.

CA Enters Encryption Key Management Market

Wednesday, November 11th, 2009

CA entered the key management market this week, joining others such as HP, IBM, EMC/RSA, PGP, and Thales. CA’s announcement was relatively quiet, but it is still significant because:

  1. CA joins the KMIP initiative. CA becomes another leading technology vendor to join the Key Management Interoperability Protocol (KMIP) group within OASIS. The group hopes to have a specification ratified soon and working product next year. CA’s engineers will focus on application key management as part of a holistic key management architecture.
  2. CA anchors key management to System z. While many vendors have key management appliances, the bulk of the market activity I see remains on the mainframe. CA will support IBM’s TS1120 and 1130 tape drives, interoperate with RACF, TopSecret, and ACF2, and all the mainframe storage facilities as well. Finally, CA key management is part of its “Mainframe 2.0″ initiative to simplify and modernize mainframe operations.
  3. CA understands the link between key management and identity. Many key management leaders are focused on storage alone, while others only care about PKI. CA is one of the few vendors to play in both the infrastructure and identity side of IT. Yes, the obvious link here is PKI, but the combination of encryption, key management, and identity could also be used for entitlement management and data security. For example, a contractor may have rights to a data file for a limited period of time only before the encryption key expires.

With its focus on the mainframe, CA didn’t get much attention with this announcement, but large enterprises — especially in financial services, defense, law enforcement, and intelligence — will recognize the value here right away.

In the meantime, this announcement also helps the rest of us who care about the confidentiality, integrity, and availability of our data.

Search
© 2010 Enterprise Strategy Group, Milford, MA 01757 Main: Fax:

Switch to our mobile site