IBM Acquires Security Software Provider CrossIdeas

IBM's acquisition of CrossIdeas brings "Identity Intelligence" into Big Blue's security portfolio.

IBM CrossIdeas

IBM announced it has acquired CrossIdeas, a provider of security software that governs user access to applications and data across on-premise and cloud environments.

Big Blue said its acquisition of CrossIdeas extends IBM's leadership in delivering innovation, services and software for securing enterprises. IBM has now made more than a dozen acquisitions in security over the past decade and invested extensively in dedicated research and development in the security space.

IBM officials said they believe this blend of organic innovation and acquired technologies is helping IBM customers defend against advanced threats and manage risk in an era of unprecedented technology change. Financial terms of the CrossIdeas deal were not disclosed.

Yet, under the burden of more government regulations and increasing sophistication of security threats, business leaders are demanding that IT and security executives implement access governance policies and solutions that provide visibility into operational and IT risks.

Based in Rome, Italy, CrossIdeas helps organizations manage identities and application access by bridging the gap between compliance, business, and IT infrastructure to help reduce the risk of fraud, conflicts of duties and human error in business processes, IBM said.

“The addition of CrossIdeas extends IBM’s market share leading portfolio of identity and access management capabilities,” said Brendan Hannigan, general manager of IBM Security Systems, in a statement. “IBM can now provide enterprises with enhanced governance capabilities and transparency into risk from the factory floor to the board room, giving leaders the insight they need to protect their brand and customers.”

As part of IBM’s Identity and Access Management portfolio, CrossIdeas will deliver new identity and access governance capabilities to help mitigate access risks and segregation of duty violations. The combined business-driven approach provides integrated governance and full lifecycle management of a user’s time with an organization, IBM said.

For example, a stock trader working in a financial institution may be promoted and given access to approve trades in a new system while retaining access to enter trades in the previous system. This dual access may constitute a segregation of duties violation, which could expose the institution to failing a compliance requirement. With CrossIdeas’ technology, auditors and managers could detect and remediate the segregation of duties violation before it becomes a security risk and audit exposure.

“The innovative technology of CrossIdeas’ IDEAS solution strongly complements IBM’s Identity and Access Management portfolio” and expects to contribute to IBM’s worldwide expansion in the IT security market, said Alberto Ocello, CEO at CrossIdeas.

CrossIdeas addresses the business requirements of auditors and risk and compliance managers with role analytics, intuitive visualizations for better insight into user access, and alignment with compliance and access risk requirements. This capability, known as Identity Intelligence, is delivered via centralized compliance dashboards for auditors to evaluate access risk and activity-based segregation of duties across enterprise-wide applications. These dashboards are populated using a broad array of identity and access repositories including IBM Security Identity Manager.

Integrating CrossIdeas’ governance capabilities with IBM’s security portfolio will be expedited by the two companies' existing relationship. By its participation in the Ready for IBM Security Intelligence program, CrossIdeas already allows IBM customers to deploy integrated access governance and user lifecycle management technologies leveraging IBM’s Security Identity Management (ISIM) portfolio. This integration will help ISIM customers rapidly introduce access governance capabilities with minimal changes to their existing environment.

IBM’s security portfolio provides the security intelligence to help organizations protect their people, data, applications and infrastructure. IBM offers solutions for identity and access management, security information and event management, database security, application development, risk management, endpoint management, next-generation intrusion protection and more. IBM also operates a vast security research and development, and delivery organization. In addition, the company monitors 15 billion security events per day in more than 130 countries and holds more than 3,000 security patents, IBM officials said.

As an example, with the threat of cyber-security breaches impacting the electric power sector increasing, IBM has come up with a set of best practices for energy and utility organizations to adopt and live by.

“As the leader in the identity and access management market, IBM will drive the shift from using identity and access management as an administrative control to an analytics-centric approach that is risk- and behavior-based for better business decision-making,” Hannigan said in a post.