Quest acquires Bitkoo – another step for Quest to play with the big boys

19.12.2011 by Martin Kuppinger

During the past few years, Quest has acquired several other IAM vendors: Völcker Informatik (Provisioning and Access Governance), Symlabs (Virtual Directory Services), Vintela (Linux/UNIX Authentication and Integration), and e-DMZ (Privileged User/Account Management) are just some examples of this shopping spree. The newest addition to the Quest portfolio is Bitkoo, a vendor in the  Dynamic Authorization Management space (http://jacksonshaw.blogspot.com/2011/12/quest-acquires-bitkoo-and-dives-into.html).

This acquisition comes as no surprise given that Dynamic Authorization Management is one of the most interesting amongst the emerging segments within the IAM market. Dynamic Authorization Management is about externalizing authorization decisions from single applications and performing them against centralized backend systems, based on centralized rules. Instead of hard-coding security into applications and instead of having to maintain authorization rules in a lot of different applications, Dynamic Authorization Management systems build the backend for such decisions.

Dynamic Authorization Management thus is a core piece of identity and security services and “Application Security Infrastructures”, i.e. the set of services applications rely on when externalizing identity and security. Such services include administration (for example using central directory services), authentication (best based on versatile, context-/risk-based authentication), authorization (Dynamic Authorization Management), and auditing/alerting. The latter is sort of the missing piece, and in that area there is a lack of standards. But that is a topic I’ll cover in another post.

So Quest has acquired Bitkoo. That is not surprising given that Bitkoo fits well into the Windows-centric strategy of Quest. It adds to the portfolio, making Quest one of the vendors with a comprehensive portfolio of IAM solutions. Quest is, from the breadth of its portfolio, playing in the same league as the well-known big vendors in that space like CA, IBM, and Oracle (which, by the way, all have something to offer around Dynamic Authorization Management). Quest has shown a clear strategy in acquiring other vendors over the past years. Now it’s up to Quest to tell this message to the world, proving that they are more than the corner store selling a mish-mosh of tools for administrators. Quest has another portfolio now – and that makes them a really interesting competitor in that market.

This acquisition will most likely also increase the attention on Axiomatics, the most prominent specialized vendor left in the market of Dynamic Authorization Management. Axiomatics is on one hand the independent alternative – and on the other hand the obvious acquisition target number one now that Bitkoo is part of Quest.


Security – the key to smart grids and planets

08.12.2011 by Martin Kuppinger

This week was the 6th National IT Summit in Germany. Like always, that’s where big speeches are made and little happens. The German BITKOM (Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e.V.), the IT and communications industry lobbyist association put the topic of smart networks (or grids) on the table. They requested initiatives (and money) to build such networks. That comes as no surprise, given that the smart world will require massive investments. So driving this forward makes sense.

However, the big problem to solve for this smart world – whatever it will look like – is security. I’d blogged about this quite a while ago, titled “Is an insecure smart planet really smart?” This question is not even still valid, it has become increasingly important. In Germany, there has been a large exercise – sort of a field exercise – just recently called LÜKEX. Many governmental organizations, police, and others are involved, this time upwards to 3,000 persons. In former years it has been about terrorist attacks with bombs and the like. This year it has been about CyberSecurity.

Networking the world requires a very well thought out approach on security. And it requires the willingess not to connect everything. The problem is that many of the initiatives around smart “whatevers” ignore this. There is a BITKOM presentation of mid 2011 which does not even mention security. Fortunately, BITKOM at least mentioned the need for security at the National IT Summit. Nevertheless it looks like the need is neither fully understood nor adequately prioritized. My perspective is that it has to be the priority number one for everything which is done around the smart world. Without security, nothing will be smart.

And even with well-thought security we have to be always aware that everything we network, especially including all the SCADA devices, will massively increase our security risks. So being not too smart might be smarter sometimes.


Services
© 2014 Martin Kuppinger, KuppingerCole