IBM announced on July 31 that it has acquired CrossIdeas, a privately-held provider of security software that governs user access to applications and data across on-premise and Cloud environments. Financial terms were not disclosed.
Under the burden of more government regulations and increasing sophistication of security threats, business leaders are demanding that IT and security executives implement access governance policies and solutions that provide visibility into operational and IT risks. Based in Rome, Italy, CrossIdeas helps organizations seamlessly manage identities and application access by bridging the gap between compliance, business, and IT infrastructure to help reduce the risk of fraud, conflicts of duties, and human error in business processes.
The acquisition of CrossIdeas extends IBM’s leadership in delivering innovation, services and software for securing enterprises. IBM has now made more than a dozen acquisitions in security over the past decade and invested extensively in dedicated research and development in the security space. This blend of organic innovation and acquired technologies is helping IBM customers defend against advanced threats and manage risk in an era of unprecedented technology change.
“The addition of CrossIdeas extends IBM’s market share leading portfolio of identity and access management capabilities,” said Brendan Hannigan, general manager of IBM Security Systems. “IBM can now provide enterprises with enhanced governance capabilities and transparency into risk from the factory floor to the board room, giving leaders the insight they need to protect their brand and customers.”
As part of IBM’s Identity and Access Management portfolio, CrossIdeas will deliver next generation identity and access governance capabilities to help mitigate access risks and segregation of duty violations. The combined business-driven approach provides integrated governance and full lifecycle management of a user’s time with an organization.
For example, a stock trader working in a financial institution may be promoted and given access to approve trades in a new system while retaining access to enter trades in the previous system. This dual access may constitute a segregation of duties violation, which could expose the institution to failing a compliance requirement. With CrossIdeas’ technology, auditors and managers could detect and remediate the segregation of duties violation before it becomes a security risk and audit exposure.
“CrossIdeas is very excited to become part of IBM through this acquisition,” said Alberto Ocello, CEO of CrossIdeas. “The innovative technology of CrossIdeas’ IDEAS solution strongly complements IBM’s Identity and Access Management portfolio and we are proud to contribute to IBM’s worldwide expansion in the IT security market.”
CrossIdeas addresses the business requirements of auditors and risk and compliance managers with innovative role analytics, intuitive visualizations for better insight into user access, and alignment with compliance and access risk requirements. This Identity Intelligence is delivered via centralized compliance dashboards for auditors to evaluate access risk and activity-based segregation of duties across enterprise-wide applications. These dashboards are populated using a broad array of identity and access repositories including IBM Security Identity Manager.
Integrating CrossIdeas’ innovative business-driven governance capabilities with IBM’s Security portfolio will be expedited by the two companies’ existing relationship. By its participation in the Ready for IBM Security Intelligence program, CrossIdeas already allows IBM customers to deploy integrated access governance and user lifecycle management technologies leveraging IBM’s Security Identity Management (ISIM) portfolio. This integration will help ISIM customers rapidly introduce access governance capabilities with minimal changes to their existing environment.