Anyone remotely interested in identity management should definitely download a copy of the National Strategy for Trusted Identities in Cyberspace (NSTIC) document. It can be found at this link: .
A a very high level, the strategy calls for the formation of a standards-based interoperable identity ecosystem to establish trusted relationships between users, organizations, devices, and network services. The proposed identity ecosystem is composed of 3 layers: An execution layer for conducting transactions, a management layer for identity policy management and enforcement, and a governance layer that establishes and oversees the rules over the entire ecosystem.
There is way more detail that is far beyond this blog but suffice it to say the document is well thought out and pretty comprehensive in terms of its vision. This is exactly the kind of identity future we need to make cloud computing a reality. Kudos to Federal Cyber coordinator Howard Schmidt and his staff for kicking this off.
I will post my feedback on the official website, but a few of my suggestions are as follows:
There will be lots of other needs as well. The document recommends identity and trust up and down the technology stack but it doesn’t talk about the expense or complexity of implementing more global use of IPSEC, BGPSEC, and DNSSEC. There is also the need for rapid maturity in encryption, key management, and certificate management. Good news for RSA, PGP, nCipher (Thales), IBM, HP, Venafi, and others.
The key to me is building a federated, plug-and-play, distributed identity ecosystem that doesn’t rely on any central authority or massive identity repository. This is an ambitious goal but one that can be achieved — over time — if the Feds get the right players on board and push everyone in the same direction.
Tags: BGPSEC, CA, Cyber Coordinator, DNSSEC, Federal Government, Howard Schmidt, HP, IBM, IPSec, Liberty, Microsoft, Microsoft Geneva, National Strategy for Trusted Identities in Cyberspace. nCipher, Novell, NSTIC, Open ID, Oracle, PGP, PKI, Project Higgins, RSA, Shibboleth, Symantec, Thales, Venafi, Verisign, Web services Posted in Uncategorized |
An industry friend just sent me a story from the Wall Street Journal proclaiming that security management leader ArcSight will be acquired within the next week. The story goes on to say that the likely buyers include Oracle, HP, , IBM, and CA.
Hmm. First of all, anyone familiar with ArcSight was sure this was coming. The company is a leader in a growing market segment, has a great Federal business, and is one of few real enterprise players. It is interesting to me that the Wall Street Journal is spreading rumors but that’s another story.
Let me weigh in by handicapping the field:
Given the Intel deal, McAfee is likely out of the running. I’ve heard through the grapevine that McAfee made several attempts at ArcSight but the price tag was just too big. Symantec, like IBM and CA, has also developed security management products that haven’t taken off in the market. If Enrique Salem is up for another big acquisition, ArcSight would be a great fit.
Finally, wherever ArcSight ends up, there are plenty of other innovative security management companies that may quickly follow. Feisty Q1 Labs would be a natural for Juniper. Brainy Nitro Security could be a fit for Cisco or CA. LogRhythm could be a good addition for HP, Check Point, Websense, etc.
ArcSight deserves what it gets as it really guided the security market moving forward. Its fate will greatly influence the enterprise security market moving forward.
Tags: ArcSight, CA, EMC, HP, IBM, Juniper Networks, LogRhythm, McAfee, Nitro Security, Oracle, Q1 Labs, Symantec, Wall Street Journal, WSJ Posted in Uncategorized | No Comments »
This past April, Oracle shocked the technology world by announcing its intention to acquire industry icon Sun Microsystems. The deal was approved exactly 3 months later by the U.S. Department of Justice but as of this writing, the European Union has yet to sanction the merger. Apparently there is some concern on the Continent about Oracle’s ongoing support for the MySQL database as well as some specific issues raised by SAP. There is a hearing scheduled for December 10 with the final review deadline extended until January 27.
While discussions persist in the EU, one particular customer segment is completely in the dark with no light switch in sight. While there is almost no overlap between the two companies, both have extensive identity management portfolios with strong market share. How will Oracle manage this overlap to the satisfaction of Sun and Oracle customers? It is in a quiet period and can’t say. Oracle has made broad statements about leveraging both product suites, leading with the best technologies, and supporting all product through the transition but nearly 8 months has passed since the Oracle/Sun shocker and identity management customers still have no clue what the future will bring.
This situation has created some consternation in the market. I met some folks last week who had recently joined a security vendor from a Sun identity management services firm. They told me flat out that business completely died after the merger was announced and they really didn’t know what to say to concerned customers. In the meantime, other identity management leaders like CA, Courion, and IBM were aggressively attacking the installed base with swap out deals, migration services, and deep discounts.
Oracle is a huge company and the Sun acquisition is pretty bold, but Larry Ellison and company probably never imagined that it would take 8 months to close. That said, the EU is dragging its feet and making this process much more expensive and tedious than it should be. Unfortunately Sun identity management customers have been thrown under the bus through no fault of their own.
I hope the EU and Oracle work this out soon. Identity management isn’t a commodity technology widget, it must often go through cumbersome customization to meet business and operations processes. None of Sun’s identity management customers want to repeat the identity management lifecycle anytime soon.
Tags: CA, Courion, Department of Justice, European Union, IBM, Oracle, SAP, Sun Microsystems Posted in Uncategorized | No Comments »
I never really believed the rumors about HP buying Brocade. No disrespect to Brocade, I just thought that HP’s interest was really in Ethernet and IP networking and not Fibre Channel.
Will another company acquire Brocade? I can’t think of any obvious takers. The financial analyst rumors that Juniper would buy Brocade were ridiculous and obviously spread by someone who doesn’t know Juniper. IBM and Dell? I don’t think either company is gung-ho to get back into the networking game. Besides, both companies already have a Brocade OEM relationship in place.
Since Brocade is likely to remain independent, my advice would be to prepare for the long-haul by filling in product gaps with innovative startups and doubling down on its direct sales and distribution channel resources.
If I were in charge of M&A at Brocade, here are a few areas that would top my Christmas shopping list.
1. WLAN. Yes, I know Foundry has a wireless offering but I can’t imagine that it is selling a lot of equipment. If Brocade’s board can stomach another big deal, Aruba Networks would give the company an immediate WLAN leadership position where it could upsell other switches and routers. If Aruba is too rich for Brocade’s taste, Meru Networks has great technology and would probably sell for a song.
2. Network security. The pickings are slim here but one interesting play might be Crossbeam Systems. Crossbeam is one of a few high-end “Network Security Super Gateways” (NSSG) and has been very successful in the service provider and ISP markets. This could help Brocade in both areas and also bring an instant relationship with Crossbeam OEMs like Check Point and ISS (now IBM). This would also complement Brocade’s data center strength.
3. Security management. Like Aruba, Brocade could reach for the stars and pick up market leader ArcSight but this would cost over $1 billion. Again, if this price is a bit too scary, Brocade could choose networking-savvy Nitro Security or feisty LogRhythm. Any of these choices could give Brocade a Cisco MARS alternative.
4. WAN optimization/Application Delivery. Brocade has a pretty good portfolio of Application Delivery Controllers but it could become a market upstart by grabbing A10 Networks. A10′s economic value proposition could be extremely attractive for companies with large and growing web applications and A10′s founder has roots at Foundry. This could also leverage Brocade’s data center prowess. On the WAN optimization side, SilverPeak has some strength in data center-to-data center networking and is likely available.
5. Network management. Lots of niche players here, too many to name. My advice would be to work closely with CA.
Brocade could stand firm as it has the Fibre Channel market pretty much locked up but Cisco, Dell, and even HP have internal agendas that probably favor FCoE over time. Nevertheless, FC isn’t going away any time soon. This gives Brocade a data center beachhead to build from. In this regard, Crossbeam and A10 Networks would definitely be a short-term fit while the others mentioned above would provide instant diversification.
In my humble opinion a creative M&A or aggressive partnering strategy would be extremely useful for Brocade in 2010 and beyond.
Tags: Aruba Networks, Brocade Networks, CA, Cisco Systems, Crossbeam Systems, Dell Computer, HP, IBM, Juniper Networks, Meru Networks Posted in Uncategorized | No Comments »
CA entered the key management market this week, joining others such as HP, IBM, EMC/RSA, PGP, and Thales. CA’s announcement was relatively quiet, but it is still significant because:
With its focus on the mainframe, CA didn’t get much attention with this announcement, but large enterprises — especially in financial services, defense, law enforcement, and intelligence — will recognize the value here right away.
In the meantime, this announcement also helps the rest of us who care about the confidentiality, integrity, and availability of our data.
Tags: CA, encryption, key management, KMIP, mainframe, Oasis, System z Posted in Uncategorized | No Comments »
Your email:
