Friday, March 14, 2008

A bit more on the IBM acquisition of Encentuate

My previous post talked about the IBM acquisition of Encentuate. After writing it, I realised that I hadn't come across Encentuate's technology in the past apart from reading about them in news stories and being given awards. At least nothing I would call "quantifiable experience". So I did some digging and read some data sheets and whitepapers. I also had a look around the web to see what else was out there. Most of the things I found were people and news publications re-publishing the press release word for word or paraphrasing slightly with a couple of exceptions.

Information week has a nice article written by Charles Babcock that says a little bit more and makes a very good point. It points out that a large number of Encentuate's customers include organisations from the health care industry, an area where IBM Tivoli security has not had a good track record. I know this to be a fact. I rarely ever saw customers in the heath care industry during my IBM tenure and IBM Tivoli security worldwide has very few customer references in this area. Traditionally, IBM Tivoli's customers have been financial institutions and government organisations. Bringing Encentuate into the Tivoli family gives them a foot in the door to quite a number of heath care organisations that would otherwise have gone and bought an IBM competitive product.

John Fontana over at Network World also chimed in and mentioned that "IBM said Version 7.0 of its Tivoli Access Manager Enterprise Single Sign-On, which is expected to ship this fall, will be the first IBM-branded incarnation of Encentuate Single Sign-on." I alluded to this in my previous post, so it's nice to see IBM confirming it.

I also came across Gartner's good old Magic Quadrant for Enterprise Single Sign-On, 2007 which I believe is the most recent one (I didn't know they made their more recent reports freely available, but that's not the main point here). After looking at where both Passlogix and Encentuate were in the Magic Quadrant, I went straight to the section where Gartner addresses the strengths and weaknesses (they call this "Cautions") of each Vendor.

Here's what they say about Passlogix:
  • Passlogix greatly leveraged its reseller relationships with IBM and Oracle this past year. It also made a deal with RSA to gain RSA Sign-On Manager customers. (Sign-On Manager was a modified OEM version of Passlogix v-GO.) Through this deal, Passlogix also obtained a tighter, more-streamlined integration of RSA SecurID to v-GO implementations.
  • Passlogix has a number of very large implementations, some with more than 100,000 users, and this year it added HSBC, one of the world's largest banking and financial services organizations.
  • v-GO's architecture is two-tiered, with credentials capable of being stored in a variety of back-end directories. Redundancy is predicated on the customer's directory implementation. Passlogix's sign-on automation is wizard- and parameter-based, so no scripts are used. Clients report that most applications can be integrated easily out of the box.
  • Stronger authentication support is good and is implemented using Passlogix's add-on Authentication Manager product.
  • Good, shared-workstation support comes with the add-on Session Manager product. Passlogix supports integration with various provisioning products using its add-on Provisioning Manager. It also provides an SSPR tool focused on the network password used for primary authentication for ESSO.
  • Passlogix's internal support staff is relatively small, as compared with other larger vendors and given its growing customer base. Passlogix must leverage its resellers to provide support while still providing responsive code patch/fix support as problems are uncovered.
  • Reporting and auditing capabilities are provided through third-party tools.
  • Passlogix's standard pricing is one of the highest in this arena, when adding SSPR, stronger authentication support, and shared-workstation and provisioning support to the base-product purchase.
  • Some target systems can be difficult to integrate and will require additional time.

Here's what they say about Encentuate:
  • Encentuate was founded in 2001 and is currently an ESSO pure-play vendor. Overall, Encentuate has a very good product set that customers like and a high rate of out-of-the-box integration with target systems.
  • Encentuate is the only vendor to provide access to all types of applications through a Web browser and without requiring the SSO client to be implemented on the workstation. The use of a virtual private network client is recommended for remote access from outside the network.
  • The Encentuate product set integrates with a good set of stronger authentication options and includes a unique product called iTag. This is a passive proximity/radio frequency ID reader with a tag that can be affixed to anything the user carries (often a physical ID or physical access control badge) and can be used as a form of authentication for the ESSO tool.
  • Encentuate's ESSO product set has excellent shared-workstation support and the ability to provide each user with a private desktop — not just the sharing of applications with a common desktop — as other vendors do.
  • Encentuate's price-for-value proposition is very good, providing shared-workstation support, SSPR and stronger authentication integration for a lower price than most competitors.
  • Encentuate's main challenge is to gain market share more aggressively. Management changes in 2006 left Encentuate to trail similarly staffed competitors in sales growth.
  • Encentuate must establish broader sales and integration partner channels to gain market share.

The first thing I noticed was that I had forgotten about Passlogix's OEM relationship with RSA. This, in addition to the agreements with Citrix, IBM and Oracle further solidify the view that it's part of Passlogix's strategy to find as many channels as possible without worrying about the other partners they might annoy along the way, no matter how large they may be (Citrix, RSA, IBM and Oracle are certainly not lightweights).

The second thing was that Gartner seems to think Encentuate is a good product, their drawbacks being the number (or lack) of deployed customer references (which Passlogix has a lot of) and sales challenges. Assuming you believe Gartner (and sometimes people can be a little skeptical of the analysts, even Gartner), then I dare say the acquisition by IBM solves the "cautions" presented by Gartner about Encentuate. Gartner will now have to find other "cautions", but it looks like they will have to put IBM in the leaders quadrant for Enterprise Single Sign-On pretty soon.

UPDATE: I just found what Gartner has to say about the acquisition. They released it 2 days after I wrote about it, but for those that like to know what Gartner thinks you can read it here.

No comments: