July 31, 2014 By Brendan Hannigan 5 min read

The Next Generation of Identity and Access Governance

Today, we are pleased to announce that IBM has acquired CrossIdeas, an innovative provider of identity governance and analytics software.

As regulatory demands increase along with the complexity of infrastructure, new approaches are needed to address proper levels and controls to meet compliance.

CrossIdeas helps organizations to harmoniously manage people and applications access, governing appropriate levels of access across enterprise and cloud deployments. The company’s cutting-edge technology bridges the gap between compliance, business and IT infrastructure to help reduce the risk of fraud, conflicts of interest and human error in business processes. Clients gain a business-driven approach to access governance with a big-data identity warehouse, role and access certification and analytics dashboard.

CrossIdeas will join IBM Security Systems and significantly strengthen our ability to deliver identity analytics and intelligence solutions within IBM’s leading Security Identity Management portfolio.

CrossIdeas’ addition will deliver a next-generation approach to mitigate access risks and segregation of duty violations combined with our extensive existing identity management offering that already delivers enterprise provisioning, access and cloud solutions. CrossIdeas’ solutions are already integrated with IBM’s Identity Manager (IBM SIM).

CrossIdeas provides the ability to connect compliance, business and IT infrastructure points of view by using a “business activity” mapping approach, which significantly simplifies the user access and roles design, review and certification processes for all parties.

As the leader in the identity and access management market, IBM will drive the shift from using identity and access management as an administrative control to an analytics-centric approach that is risk- and behavior-based for better business decision-making.

Immediately on close, IBM will offer CrossIdeas solutions to clients all over the world.

Summary of News

  • Today, IBM announced it has acquired CrossIdeas.
  • CrossIdeas has a unique set of software capabilities for governance and analytics in the identity and access management space.
  • Its capabilities extend our portfolio in this emerging space while business leaders expand their use of on-premise and cloud environments.
  • CrossIdeas specializes in software used to govern users’ access to applications and data.
  • Stringent audit requirements and extensive government regulations designed to control insider threats are driving business leaders to demand that IT and security executives provide increased transparency into risks.
  • A major issue for organizations is the disconnect between the people who manage compliance, business and IT infrastructure for companies — they speak different languages.
  • CrossIdeas seamlessly helps manage people and applications via intuitive dashboards for each of these functions in a company, bringing all their requirements together.
  • A major differentiator for CrossIdeas is its advanced analytics capabilities, which can automatically detect and remediate segregation of duties issues before they become a security risk and audit exposure. We are bringing intelligence to identity management.
  • CrossIdeas extends IBM’s market-share-leading portfolio of identity and access management capabilities.

Overview of IBM Security

  • IBM is well-poised to take advantage of the $28 billion cyber security market opportunity.
  • IBM’s security business has experienced a growth of 20 percent over the first half of 2014. As IBM’s chief financial officer pointed out on IBM’s earnings call, 2Q 2014 was the 11th consecutive quarter of growth in security software.
  • IBM operates one of the world’s broadest security research and development organizations. IBM monitors 15 billion security events per day in more than 130 countries and holds more than 3,000 security patents.
  • IBM has acquired a dozen security software companies, including Trusteer, Guardium, BigFix, Watchfire and Internet Security Systems. In 2011, IBM acquired Q1 Labs, whose deep security analytics capabilities are the foundation of our Security Systems division.
  • In 2012, IBM formed a security services division, IBM Security Services, which manages and monitors security for nearly 4,000 clients around the world. Every day, IBM monitors 15 billion security events for these clients.

CrossIdeas Acquisition Frequently Asked Questions

The purpose of this section is to address particular questions and provide additional insight about IBM’s acquisition of CrossIdeas. To view the full press release, go to: Press Release

1. What are you announcing?

On July 31, 2014, IBM announced that it acquired CrossIdeas.

CrossIdeas helps organizations harmoniously manage people and applications by governing appropriate levels of access across enterprise and cloud deployments. The company’s cutting-edge technology bridges the gap between compliance, business and IT infrastructure to help reduce the risk of fraud, conflicts of duties and human error in business processes.

CrossIdeas advances IBM’s security strategy to offer actionable Identity Intelligence and Analytics.

2. Who is CrossIdeas? What do they do?

Founded in 2011 and based in Rome, Italy, CrossIdeas offers Identity and Access Governance Solutions enabling clients to address complex access risk and compliance requirements with business-driven analytics across enterprise and cloud deployments.

The company has established itself as an innovative vendor in Access Governance with additional support for integrated Dynamic Authorization Management and interfacing with target systems through integrated connectors and through other Identity Provisioning solutions, such as IBM Security Identity Manager.

The key differentiator of CrossIdeas’s solution is the ability to connect compliance, business and IT infrastructure points of view by using “business activity”-based modeling approach which significantly simplifies the user access and roles design, review and certification processes.

3. Why did IBM acquire CrossIdeas?

CrossIdeas’s product portfolio helps clients address key Identity and Access Governance demands and strongly complements and integrates with the IBM Security Systems Identity and Access Management portfolio. In addition, CrossIdeas technology will contribute important functionality to existing IBM security offerings. With CrossIdeas technology, IBM can deliver solutions that span enterprise needs for a business driven approach to Identity Intelligence and Analytics. An integrated solution will help customers to secure access to cloud and mobile applications by strengthening traditional access controls with granular polices across both enterprise and cloud, prioritizing business risks and detecting sophisticated threats with deep identity insights. IBM plans to continue to evolve the CrossIdeas’s capabilities to support worldwide expansion and market needs.

4. How will CrossIdeas fit within the IBM software portfolio?

The CrossIdeas offering will become a strategic part of the Security Systems portfolio within IBM Software Group. Since the IBM Security Systems Division was created in 2011 with the acquisition of Q1 Labs, and as furthered by the acquisition of Trusteer in 2013, we have repeatedly shown our ability to integrate existing or acquired security and mobility products with the broader IBM products portfolio in order to provide better and more competitive solutions for our clients.

CrossIdeas’s addition to IBM’s leading Security Identity Management portfolio will enable us to deliver a next generation approach to mitigate access risks and segregation of duty violations with business-driven governance and end-to-end dynamic user lifecycle management. It will also accelerate the innovation, integration, and expansion of our solutions to address a broader set of IT security requirements than ever before.

CrossIdeas, via the Ready for Security intelligence program, already allows IBM customers to deploy integrated access governance and user lifecycle management using IBM Security Identity Manager (IBM SIM). It also integrates with 3rd party Identity solutions for end to end user lifecycle management.

5. How will CrossIdeas clients benefit?

CrossIdeas clients will benefit from the combined technologies and skills of both companies, including increased investment in security research and development, global reach, and industry expertise. CrossIdeas’s clients will also benefit from IBM’s broad support capabilities and commitment to innovation.

CrossIdeas clients can take advantage of the broader IBM Identity and Access management portfolio, including Analytics, Cloud, Big Data and Mobile solutions, as well as enhanced service options from IBM Global Services and increased international support (people, product localization, etc.).

6. How will the acquisition affect CrossIdeas Business Partners?

For now, CrossIdeas Business Partners will continue to operate under their current agreements.Business Partners should anticipate ongoing communication from CrossIdeas and IBM as we transition to IBM programs, policies, and terms over time. Global System Integrators and regional Business Partners are encouraged to find out more about establishing a deeper relationship with IBM by visiting IBM PartnerWorld.

7. How will the CrossIdeas team fit organizationally within IBM?

CrossIdeas will integrate into the “People” segment within IBM Security Systems Division, led by Brendan Hannigan as a General Manager, reporting into broader IBM Software Group.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today