IBM Backing Away From PKI Software

As part of a larger effort to reduce the number of products in its portfolio, IBM plans to diminish the role of its Tivoli SecureWay PKI solution over the next several months.

As the consolidation of struggling PKI technologies accelerates, even large backers of the security software are shelving internal products in favor of third-party pacts and a greater focus on public-key-infrastructure-based services.

Indicative of this trend is a plan by IBM, of Armonk, N.Y., to diminish the role of its Tivoli SecureWay PKI solution over the next several months. The move, according to sources, is part of a larger effort to reduce the number of products in the companys portfolio. According to the sources, IBM plans no further development of SecureWay, but it will continue to support current customers.

The company will then lean more heavily on outside partners such as VeriSign Inc. and Entrust Inc. for its PKI needs and will place an increased emphasis on related services that will be delivered by its IBM Global Services division, sources said.

While IBM officials deny any firm plans to eliminate SecureWay, they acknowledge that the VeriSign managed PKI service will become the companys main PKI focus.

"VeriSign is an attractive option given its dominant market position," said Arvind Krishna, vice president of security products in the Tivoli Software group at IBM, in Austin, Texas. "[Tivolis PKI software] remains in our product portfolio and will be available to customers who want to do it themselves."

Part of the impetus for IBMs move came last week when it announced a broad partnership with VeriSign, of Mountain View, Calif., that, among other things, calls for the companies to collaborate on the development of a set of services around VeriSigns PKI software.

However, people with knowledge of the pact said that as part of the deal, IBM agreed to urge current Tivoli customers to migrate to the VeriSign managed PKI service.

Industry insiders say the move away from the Tivoli product is a logical one, considering Entrust, of Plano, Texas, and VeriSign have much larger shares of the PKI market and far more brand recognition than SecureWay.

"What it signals is that IBM realizes it cannot sell its own PKI so it might as well sell other PKI products as well as services and shared solutions," said Victor Wheatman, an analyst at Gartner Inc., in Stamford, Conn.

This shift in focus comes at a time when the security market is booming, yet demand for PKI software is flagging. Vendors are finally listening to customer complaints that there are few applications and services designed for use with PKI, something that has hampered deployment and use of the technology.

"Given that Microsoft has software tools to build your own PKI system and has been adding more and more support for PKI with every new release of Windows, this strategy makes some sense for these vendors," said Chris Smith, vice president of computer IS at Eastern Corporate Federal Credit Union, in Woburn, Mass.

IBMs shift toward PKI-based services follows similar moves last year by both Entrust and Baltimore Technologies plc., the Dublin, Ireland, PKI vendor.

As part of the IBM/VeriSign deal, both will also co-develop and market a new entitlements management service based on VeriSigns managed PKI service, and the companies respective consulting arms will work together on services and support offerings for PKI customers.

VeriSign had previously planned to develop the entitlement service with Netegrity Inc., but that partnership never got off the ground.