Exciting Week in the World of Authentication

Tweet

 

After a refreshing vacation, I am back in the office this week. And on my return, I was pleasantly with some announcements made within the last few days. Here are the events in chronological order:

1. On Monday August 30^th, 2010, CA announced its acquisition of Arcot for $200M
2. On Tuesday August 31^st, 2010, VMWare announced its acquisition of TriCipher for an undisclosed amount
3. On Tuesday September 7^th, 2010, AuthenTec announced a merger with UPEK

This would make anyone in the IAM space excited, as the industry continues to show great dynamism and evolution, particularly if your trade is strong authentication. These events have been the inspiration for this blog article.  Perhaps, as I write this blog, another event is being announced in the authentication space.

As one would expect, these events have had great coverage from the analysts. Gartner’s Mark Diodati, published a couple of great blog articles on the first two acquisitions (one on Arcot’s and one on TriCipher’s); and Forrester’s Andreas Cser published a short blog article on both.

Mark and Andreas provided great insights as to the motivation, rationale and potential impact of these acquisitions.  While I agree with some of their views, I beg to differ on others.

As Mark has, I have also interacted with Arcot, including some near misses during my work at Oracle as a product manager.  My interaction with Arcot primarily related to Oracle’s acquisition of Bharosa in 2007 - which became what is now known as Oracle Adaptive Access Manager (OAAM) - and then later during my work at Citigroup in the Citi Managed Identity Services area.  My interaction with TriCipher goes back to the same time, and the same roles, and continued even after I left Citi in 2009.  The rivalry between these two companies was very interesting to see.  Arcot’s A-OK OnDemand launch announcement was spoiled by TriCipher’s announcement of myOneLogin by just a few days, so it is interesting to see that their acquisition announcement were also announced within days of each other.

My Take on Arcot’s Acquisition

I tend to agree with Mark Diodati’s views on why CA was interested in Arcot, and why this outcome makes sense.  But where I don’t agree much is that, despite the marketing noise about this acquisition being a step towards broadening CA’s focus in cloud-based Identity (or as I like to call it IDaaS), I speculate that it has more to do with Arcot’s traditional Enterprise software focus. This is a perfect complement to the CA Siteminder product and aligns better with CA’s Enterprise sales model.  Arcot brings risk-based or contextual access control (via Arcot’s RiskFort), and strong authentication via soft PKI-based soft tokens (via Arcot’s WebFort), as well as a strategic position in Financial Services with Arcot’s Verified-by-Visa TransFort product for protecting card-not-present, and online credit card transactions; and much less to do with Arcot’s A-OK OnDemand.  I might be wrong, and in fact, hope that CA rather accelerates and expands the reach of this service offering.

I also hope that CA continues to invest and evolve Arcot’s SEND electronic delivery solution, which in my opinion is particularly innovative and disruptive, particularly given its integration with Adobe’s products.  This solution will be appealing in Financial Services, and other verticals in which paper documents are mailed and signed, and hopefully, appealing to CA strategically.

My Take on TriCipher’s Acquisition

Both Mark and Andreas expressed interesting speculation about where this acquisition fits within EMC as the parent company of both VMWare and RSA.  And I also agree that TriCipher’s acquisition by VMWare is, at least on paper, more puzzling and interesting from a strategic perspective.  This one is not a straightforward fit into a predictable puzzle (as is the case with CA’s).

At first glance, my take is that VMWare’s interest is in the strong authentication solution that TriCipher provides via soft PKI tokens and roaming X.509 certificates, and the myOneLogin IDaaS platform will bring federated access to SaaS apps, but I wonder what VMWare plans to do with some of the other technologies from TriCipher; particularly for digital signing (mySignatureBook) and their appliance-based PKI authentication solution (TACS).  I suspect some of these technologies will be divested or discontinued.  We shall see.

 In the end, strong authentication technology is the prevailing value proposition.

My Take on AuthenTec’s Merger

This one is intriguing but the rationale is somewhat straightforward.  After an apparent love-hate relationship, these two companies decided to merge.  The resulting value proposition remains fairly focused on biometrics-based strong authentication, targeted primarily at the government sector. 

What I find interesting in this acquisition is that, as I predicted in a prior blog article, the trend towards a mass scale adoption of strong authentication solutions is very much at play, and this will, no doubt, accelerate a trend in the industry towards adopting a risk and assurance based approach to authentication; bound to specific types of applications or transactions.  The mass scale will drive down costs and boost adoption, giving way to further innovation and a more pragmatic, discretely defined and understood risk-assurance standard, that organizations and users can understand and use more intuitively and cost effectively.

I would be most interested in your thoughts on these speculations and predictions.