CA is demonstrating how IT consolidation will continue in 2009.
By Graham Titterington
12 Jan 2009
CA has announced its intention to acquire Orchestria, a data loss prevention (DLP) vendor. This is its third security-related acquisition in three months. The most interesting aspect of this move is that it brings the potential for closer integration of DLP with identity and access management, which in turn helps with delivering compliance as well as automating more precise control on the disclosure of corporate data.
Selective controls on the use of data will enhance corporate security
Securing data is taking over from securing networks as the cornerstone of corporate information security. Data loss prevention is a rapidly growing niche in the information security market. It is being driven by the raft of compliance and regulatory requirements, along with increasing concern about protecting the intellectual property of the organisation. Concern used to focus on email, but this has now widened to include instant messaging, peer-to-peer, file transfer, HTTP and other messaging protocols. Likewise, the misuse of high-capacity removable media such as USB sticks has become a major concern.
Most organisations regard data loss as a threat and DLP as a component in their risk management portfolio. However, people in different roles have different data use needs and enjoy different levels of trust. Closer integration with identity management functions will make it easier to tailor security policies to accommodate these variations, and will make the auditing and reporting of data use more robust.
CA is a major vendor of security software products, including identity and access management products. Its recent acquisition of IDFocus improved its ability to define access policies and incorporate fine-grained controls for tighter definition. It followed this by acquiring Eurekify, with its role management products that aligned an individual’s access permissions with the person’s roles in the organisation.
Orchestria already uses data in LDAP directories to determine access permissions for individuals, and in the future CA will be able to integrate it more closely with its identity management products, including these recent additions. This will increase the level of process automation and provide a more coherent view of data movement. It will give CA an advantage over competitors that cannot integrate them as closely.
CA is demonstrating how IT consolidation will continue in 2009
IDFocus, Eurekify and Orchestria were three small specialist vendors – Orchestria was the largest of the three, with 125 employees. Each brought a specific area of enhancement to the existing CA products. In the first two cases CA already had close working relationships with the vendors. CA is using its financial strength carefully to invest in small and low-risk ventures that will bring disproportionate long-term strategic benefits. In all cases the immediate financial impact, on both revenue and expenditure accounts, is small.
A similar strategy is being taken by other major vendors, such as Symantec. Vendors that are able to invest are taking advantage of the current market situation to build for the future and square up to their competitors. We will not be looking at high-risk mega-mergers in 2009.
By the end of 2009 many of the more promising small vendors with specialist skills will have been swallowed by the big players. The less promising ones will simply fail. This process will not be limited to start-ups. For example, Orchestria has been trading for nearly ten years and has won some major customers, particularly in the financial services sector. Dependence on financial services will make many small IT vendors nervous about their continuing independence and more willing to accept an offer of acquisition at a lower price than they would have expected in more prosperous times. Tightening financial markets will also make independence less sustainable.
