CrossIdeas Acquisition Expands IBM's IAM Capabilities

Archived Published: 04 August 2014 ID: G00269490

Analyst(s): |

  Free preview of Gartner research


CrossIdeas brings a rich set of capabilities to IBM’s identity and access management portfolio. IAM leaders will now have the option of a complete IGA platform from IBM.

News Analysis


On 31 July 2014, IBM announced the acquisition of CrossIdeas, an Italian company specializing in business-driven identity governance, risk-based compliance and threat analytics. The CrossIdeas software is immediately available as an IBM product. All employees of CrossIdeas have become IBM employees.


CrossIdeas brings capabilities that address several deficiencies within the IBM Security Identity Manager (ISIM) product. Many Gartner customers use ISIM primarily for user provisioning but need third-party products or custom developments to bridge ISIM’s gaps in delivering a business-centric user experience with governance capabilities for identity and access management (IAM).

IBM customers will welcome the opportunity to receive a complete IBM identity governance and administration (IGA) platform. This single-vendor concierge approach positions CrossIdeas at the “value intersection” for clients seeking business-centric IGA.

IBM was working to address the specific gaps in its ISIM product but could not reach parity with the capability of competing products. CrossIdeas, which has a business-centric focus toward identity governance and analytics, will bring these much-needed capabilities to IBM. CrossIdeas already provides a standard integration with ISIM.

IBM’s technical challenge is to create a comprehensive integrated system from two loosely coupled products with overlapping features. Its commercial challenge is twofold:

  • IBM must maintain functional and time-to-market parity with competitors that already offer integrated IGA.

  • IBM must commit to CrossIdea’s platform-agnostic architecture or restrict platform support in future versions without alienating existing customers.

While these are formidable tasks, the IBM Security organization has demonstrated some skill in acquiring and integrating technology into its IAM stack, including Dascom, Datapower and Encentuate.

Apart from addressing obvious ISIM gaps, CrossIdeas brings fine-grained segregation of duties controls for SAP and non-SAP environments, risk-based role mining, attribute based access control, IAM-as-a-service readiness, and compliance reporting based on the way auditors define policies. If properly executed, these functions could enable IBM to take a leading role within the IGA market. Assuming that IBM continues the same level of innovation on the CrossIdeas product, we believe the outlook is positive on the integration within IBM’s IAM stack.

This acquisition bolsters an IAM industry trend of including business-centric IGA and analytics features as a baseline for an IAM vendor product.


IAM Leaders:

  • If you are an IBM ISIM customer and require IGA or analytics features, evaluate the CrossIdeas product and analyze the feature gaps in your current product set.

  • If your organization is governance-centric and you have eliminated the IBM ISIM platform from your vendor shortlist, re-evaluate the new ISIM/CrossIdeas platform.

  • If you are a CrossIdeas customer, watch for pricing and platform support changes and the integration road map between ISIM and the CrossIdeas products.

  • If you seek an IGA solution, evaluate CrossIdeas as a stand-alone solution or as part of a broader IBM IAM portfolio.

Gartner Recommended Reading

© 2014 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more