Thursday, March 13, 2008

IBM acquires Encentuate - did they just dump Passlogix?

My former employer (IBM) is at it again. They've made another acquisition to add to their IBM Tivoli Security suite. This time they've acquired Encentuate, which provides an Enterprise Single Sign On (ESSO) solution in conjunction with strong (and multi-factor) authentication capabilities. They also added to the whole story by announcing the "forming of the IBM Security Software Laboratory in Singapore", which to the innocent bystander sounds like IBM are investing in Singapore and also expanding its "research" operations. In reality, it's "IBM speak" for "we just bought a company that had a bunch of developers based in Singapore and we are turning those offices into another 'lab' that we can add to our list of software labs around the world". The whole lab thing is not the point here. I just thought I'd decode that part of the press release for the non-IBM alumni out there.

So who are the ones most affected by this acquisition?
  1. Any customer who has bought and implemented IBM Tivoli Access Manager for Enterprise Single Sign-On (ITAM ESSO).
  2. Passlogix.
For those that are unaware, ITAM ESSO is an OEM of Passlogix's v-GO product suite. IBM did not hide this fact when they first announced the release of ITAM ESSO. The integration points into the relevant parts of the Tivoli Security product suite were built-in nicely once v-GO had been "blue rinsed". It made sense in early 2006 when the announcement was made. In fact, a lot of us internally at IBM Tivoli fully expected Passlogix to be acquired by IBM eventually once the OEM agreement had been fully "road tested" and proven to be a money maker for IBM. I'm sure many Passlogix employees thought the same (I know of one IBM Tivoli employee who left for Passlogix and used the "I would not have made the decision to leave if the company I was going to did not have a real chance of being acquired by IBM" reason in his farewell email).

Halfway through 2006 (not long after the agreement with IBM), Passlogix announced the same thing with Oracle, one of IBM's major competitors in the Enterprise Identity and Access Management space. You don't need to be a genius to work out that IBM Tivoli's management team were not amused.

Passlogix actually also have an OEM agreement with Citrix for use in their solution, although I should point out that this preceded the IBM agreement and only uses sub-components of the v-GO product suite (so I've been told by some of the Passlogix guys). Consequently, the real thorn in IBM's side was the agreement with Oracle.

In other words, Passlogix shot themselves in the foot by hedging their bets with both IBM and Oracle. Sooner or later, one of these 2 giants of the software industry was going to toss Passlogix out the door like a rag doll...although still with a thin thread attached. I don't know why Passlogix didn't see it coming. Let me explain the thin thread analogy.

IBM now finds themselves with an ITAM ESSO product that is essentially a competitor to Encentuate, which they have just bought. They have also sold ITAM ESSO to many customers in the world (if I was involved in selling you this thing, I apologise profusely - I had no idea). Being IBM and with a reputation to uphold, they will still have to support it for customers that have bought it. In parallel, they are going to have to "blue rinse" Encentuate and out of the colouring process will emerge ITAM ESSO! In other words, the next version of ITAM ESSO will be the "blue rinsed" version of Encentuate. What will marketing do with this? Here's my guess:
  1. Announce (probably informally - essentially just "socialising" the news to existing customers through the sales teams) an impending upgrade to ITAM ESSO 6.0 (Passlogix v-GO).
  2. "Blue rinse" Encentuate.
  3. Announce the release of ITAM ESSO 7.0 with new, major functionality including strong and multi-factor authentication, remote single sign on and additional logging and auditing which is integrated with IBM Tivoli Compliance Insight Manager (actually, this last bit will probably be released in version 7.1 because IBM product management will just want to get core 7.0 out the door ASAP).
Seamless? Almost. What marketing won't say is that the "upgrade" from 6.0 to 7.0 is essentialy a rip and replace. There is no seamless upgrade. Sure, they'll probably offer some tools to "help", but the upgrade process will need professional services either from IBM Software Services or IBM Business Consulting Services because the single sign on templates will be completely different between the Passlogix and Encentuate products.

Apart from existing ITAM ESSO customers, Passlogix is the other obvious loser. IBM will need to keep its relationship with Passlogix because they still need to support version 6.0 and Passlogix are ultimately the "development team" in this instance. This arrangement will only last as long as customers are on version 6.0 or when IBM decide to stop supporting version 6.0. From memory, upon release of a new version, IBM will officially support the n-1 version for 2 years starting from the date of release of the new version. I don't know if the policy has changed, but if it hasn't this means that the IBM and Passlogix relationship will only last for a further 2 years starting from the release date of ITAM ESSO 7.0.

I can only imagine that Passlogix is suddenly being extra nice to Oracle because it looks like they have just lost IBM as a potential suitor to sell to. It also means they cannot rely on pushing the acquisition price up by hoping that IBM and Oracle start a bidding war. At this point in time, Passlogix have 1 suitor. Oracle. IBM has found something "better" and as a bonus, they just added strong authentication to their kit bag!

UPDATE 1: I just read the Burton Group's reaction to the acquisition and it reminded me that Sun also has a partnership with Passlogix. It's not an OEM one to the best of my knowledge, but Sun could perhaps be a suitor for Passlogix. I still think Oracle's the more likely option however, as Sun has hedged their bets as well because of their partnership with ActivIdentity (one of Passlogix's major competitors).

UPDATE 2: Chris (I don't know his full name because he doesn't publish it) just left me a comment in response to this post to point out that BMC are also a Passlogix v-GO reseller. I actually went back to take a look at Passlogix's list of non-OEM partners and true enough, BMC is on there. If you look down the list, you might also notice that Novell is listed. I don't know if it's a reseller agreement or just a technology integration certification/partnership, but Passlogix are sure hedging their bets even more than I initially thought. I still believe that Oracle are the number 1 suitor and the vendor most likely to acquire Passlogix, but at least having all these partnerships gives Passlogix options if things don't go well with Oracle.

13 comments:

Auteur said...

HI Ian, and for the complete story BMC is also reseling passlogix.....

Chris

Ian said...

Thanks Chris. That, I didn't know. I went looking and here's the link.

I also went looking on Passlogix's site again and found their list of technology partners, most of whom apparently resell v-GO. It's quite a lot longer than I first thought.

Anonymous said...

Novell is not in touch with Passlogix but an ActivIdentity OEM and its e-sso Securelogin for many years, since it was Protocom's sso softw.

Ian said...

Thanks for the comment and clarification whoever you are.

I guess Passlogix only list Novell on there to mention the SSO into e-Directory (it's what they say on the list of technology partners in the Novell section).

I'm surprised Novell haven't come along and asked them to remove the reference. Or at the very least, I would have thought ActivIdentity would tell Novell to make Passlogix remove it.

Anonymous said...

Passlogix is spread out way too thin - Oracle will likely not buy the prom queen after the football team has had their way with her.

Anonymous said...

I can absolutely confirm that BMC is a reseller for Passlogix software, however, BMC merely sells their software and does not support it.

Anonymous said...

Hey Ian - actually I've heard it through the grapevine that Sun is looking to acquire Passlogix, which is one of the main reasons IBM started looking for another product. I've worked with Passlogix for a while, and have just started working with Encentuate (I'm a consultant who works with various access management products), and I have to say that I'm initially pretty impressed with the Encentuate product. They both have their strengths and weaknesses, but from what I've seen so far there is a lot to like in the new product.

Ian said...

If that's true, then Oracle has got to be worried. I wonder what they'll make of that "rumour"?

Other sources of mine (who shall remain anonymous) are convinced that Oracle is widely expected to be the one making the acquisition.

Will it be Sun or Oracle? Who knows. IBM no longer cares :-)

Of course no one from Passlogix can comment as is normally the case with these things so I doubt we'll get any of the people I know there saying anything.

Perhaps Passlogix are spreading these rumours to drive their acquisition price up? I'm only guessing but it wouldn't surprise me.

Anonymous said...

I recently heard McAfee is shopping to expand their end-point solutions and Passlogix is in play. Personally I would be more than a little concerned after the IP has been whored out around the entire IDMS community. Source code agreements or not, 5 major companies with lots of developers have peeked under those panties one too many times. To add insult to injury most of their new code is being developed by DataArt out of eastern Europe. Having worked with them for nearly 4 years now I feel that Passlogix needs to be purchased. SSO is topping out and the management is growing restless. One could also draw this conclusion with a quick view at their "new" website. I kind of felt like I was at the SD Zoo… or was it Passlogix. What's up with that? SSO, orcas, Manza, oh my!

Anonymous said...

Does anybody have information about Passlogix buying IdentiPHI? I heard there was an article in yahoo finance, but I can't seem to find it.

Tom said...

Passlogix lost the bid to Imprivata for $2.35M. Great move by Imprivata. There is an article covering the action on Yahoo Finance located at http://biz.yahoo.com/e/090401/idpiq.ob8-k.html. I heard from Passlogix insiders that this was a very strategic loss and they were lamenting their decision not to increase the final bid. However, Passlogix’s decision may have been based upon the pending $50M+ lawsuit against them for IP infringement.

Anonymous said...

Agree. Their strategy to push new business from Oracle to Sun may have also proved to be an unwise decision. The IBM acquisition of Sun will definitely have a negative impact on their business. Looks like Oracle is the last OEM standing... hopefully the Wal-Mart deal will heal the tenuous relationship between the two companies.

Anonymous said...

Interesting day today with Oracle buying Sun. The plot thickens…I heard that Oracle is also looking to acquire Imprivata. The deal may go down soon. Apparently the relationship with Passlogix is tenuous. Coupled with a large lawsuit, they have put their IP at risk. Imprivata’s hardware play may end up being an excellent match Oracle.