... you're waiting for an identity management acquisition and then along come three at once. This time it's IBM which has acquired 40-person, privately-held Encentuate. If you think that Ecentuate's size is indicative of gap-filling motivations from IBM then you'd be right. The 7-year old company is a specialist in enterprise single sign-on (ESSO), which until now has been provided through IBM's OEM relationship with Passlogix. Clearly, owning rather than OEMing technology gives IBM greater control of its ESSO destiny - particularly as Encetuate is Java-based which should help with integration with the broader Tivoli identity management portfolio. In fact, during the announcement briefing the two companies explained how Tivoli Identity Manager is already able to manage Encentuate provisioning (although there are no production customer deployments). This is presumably the result of work that IBM Global Services did with Encentuate at the Singapore Government: the two companies weren't technology partners.

Having said this is largely about filling gaps in the IBM identity management portfolio, Encentuate does bring more than ESSO to the IBM table. The company has done a good job of integrating with a variety of strong authentication solutions and has a rather nifty ability to take physical access tokens (door swipes and so forth) so that they can be used as second authentication factors. Encentuate also has some neat audit and compliance capabilities which IBM will undoubtedly tie into the Tivoli Compliance Insight Manager (based on the acquisition of Consul in late 2006). In addition to the technology upside, Encentuate could also help IBM in the healthcare market, where smaller players such as Imprivata and Sentillion have done quite well: there's a good smattering of healthcare customers amongst Encentuate's 80.

Overall a smart acquisition by IBM. I am not so sure whether IBM's Tivoli Access Manager for Enterprise Single Sign-on customers will be quite so happy though. The company has committed to continued support but the next iteration of the product is going to shift from Passlogix to Encentuate. IBM will make it attractive for them to move but replacing identity and security solutions is, by definition, a risky business and I am sure they will have to carefully balance the risks of moving against those associated with sticking with a product which is not going to see further development.

Hot on the heels of last week's acquisition of Credentica by Microsoft, Ping Identity (who I covered here in an On The Radar report) announced yesterday that it has acquired the Sxip Access business unit from Sxip Identity.

Sxip was early to spot the potential opportunity in providing organisations with a simple, easy-to-deploy single sign-on (SSO) solution for software-as-a-service (SaaS). Sxip Access was its response to that opportunity, combining provisioning capabilities with some Sxip hosted services and an appliance. The company had also cultivated relationships with the likes of Salesforce.com and Google (for Google Apps).

The acquisition of Sxip Access is a smart move by Ping Identity. Although it can be used to provide SSO for SaaS, PingFederate (the company's flagship multi-protocol federated identity offering) lacks some of the rapid implementation and deployment capabilities of Sxip Access. Part of the SaaS proposition is that organisations can get up-to-speed much more rapidly. Authentication and authorisation shouldn't hold you back: something that Sxip Access should help to prevent. Back in September Ping began to actively target the SaaS opportunity, allowing providers to sell PingFederate-based SSO to their customers and share the revenue with Ping. Yesterdays announcement should accelerate this.

(As an aside, I do wonder whether we might see Ping's SignOn.com user-centric identity offering heading in the other direction, given that Sxip is now fairly-and-squarely focused there).

Ping and Sxip, whilst they are comparatively small, punch above their weight when it comes to identity mindshare. I wonder whether this announcement might shake the much larger incumbent identity management vendors, none of whom have really articulated a credible SaaS proposition, into action. It should. SaaS buying decisions often bypass the IT organisation and the business buyers aren't (and in fact shouldn't be) interested in identity management: they want access. If a Salesforce.com recommends that the customer just needs to get their IT department to deploy this box and hook it up to the existing identity management solution so be it. Job done. With SaaS increasing in popularity, particularly in the SME segment where they have struggled to gain a foothold, the incumbents need a strong proposition or lose out to the likes of Ping.