|
News Analysis
|
|
On 18 July 2007, Oracle announced that it has agreed to acquire Bharosa, a provider of online identity theft and fraud detection and prevention technologies. Bharosa's functionality will be added to Oracle's access management technologies, and Bharosa's Tracker and Authenticator software products will remain available as stand-alone products. Oracle expects the transaction — which is subject to standard closing conditions — to close in August 2007. The terms of the acquisition were not disclosed.
The four-year-old Bharosa is a niche vendor, with only about 30 direct customers, most of them online banks. The company has a broad set of Web channel fraud detection and "virtual" user authentication security technologies, but has struggled to compete with larger firms such as EMC/RSA in the rush by U.S. banks to comply with the Federal Financial Institutions Examination Council (FFIEC) guidance that took effect at the end of 2006. Bharosa nonetheless landed one marquee client, Wells Fargo, and a few other, smaller banks, including National City and Silicon Valley Bank, which report good results with the company's technology. Bharosa is the first provider of Web channel consumer security to migrate its technology to enterprise user access and management. The company integrated its technologies with CA SiteMinder and Oracle Access Manager, providing features that have proved very useful to companies that are implementing risk-based user authentication and authorization on top of identity and access management (IAM) and do not wish to simply issue hard tokens (for example, one-time-password generators) to all employees and users. Bharosa technology also enables Oracle's IAM customers to monitor user access activities — a critical feature that native IAM products do not provide. Oracle states that its plans for Bharosa extend beyond integration with its own IAM system, and that it will continue to foster the integration of Bharosa's technology with other providers' core banking and fraud detection software. These providers — which include i-flex (majority-owned by Oracle), Mantas and Reveleus — need to enhance their products with real-time analytics to remain competitive. Gartner believes, however, that Oracle's Bharosa sales efforts will likely focus largely on enterprise security through 2008 — rather than on the consumer market — because the company's sales force is more accustomed to selling to enterprise security buyers and will find more opportunities there.
|
|
|
Recommendations
|
|
- In the short-term, expect continued and better-funded support on your existing product set.
- Expect Oracle to encourage purchase of the integrated Oracle/Bharosa IAM suite. We expect most product innovation to be featured in the integrated suite.
- Strongly consider implementing Bharosa technology for risk-based authentication and authorization of enterprise users.
- Consider using the combined Oracle IAM/Bharosa platform to manage access rights across both internal and external Web-channel users and leveraging Bharosa analytics for fraud detection.
- Demand assurances from Oracle/Bharosa that support for implementation will continue unabated. If such assurances are not forthcoming, begin evaluating alternatives to Bharosa's technologies.
|
|
|
Recommended Reading
|
|
(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)
|
|
|
|
|
