September 1, 2010
How Authentication-as-a-Service becomes a part of leading IAM stacks and why virtualization is no longer a viable technology without identity and access management.
CA’s acquisition of Arcot signals that partnering with an adaptive authentication vendor is no longer enough to offer a comprehensive access management strategy: you’d also have to have an adaptive authentication product to allow your customers to retire costly physical tokens. But this is not the primary reason CA picked up Arcot. It is Arcot’s thriving hosted authentication and fraud management services that were the most lucrative assets to CA. Adaptive authentication is part of any organization’s fraud management strategy — however, CA’s inexperience here leaves a few questions to be answered. Will CA keep and grow Arcot’s fraud prevention service? If so, how will it integrate fraud management with IAM? The requirement for integration is clearly highlighted by Forrester’s conversations with its FinServ and other verticals’ customers.
VMWare buying TriCipher is a different story — on the surface at least. Controlling access to resources on a virtual machine or a hypervisor is crucial. Data can be stolen from an unsecured virtual container much easier than from a physical box: just burn the entire image to a DVD, and voila, you can take home the data and business process for managing the entire customer list of the company. Second factor authentication will arguably make this much more difficult. The real question, though, is about how you manage identity lifecycles for virtual containers. Looking at Novell’s Intelligent Workload Management strategy, we are expecting that VMWave will do something similar and will round out its immature IAM offerings by continuing to acquire or partner with a user account provisioning company. An ideal target could be Courion, which already partners with RSA (an EMC Company, just like VMWare) . . .