The Next Generation of Identity and Access Governance

Today, we are pleased to announce that IBM has acquired CrossIdeas, an innovative provider of identity governance and analytics software.

As regulatory demands increase along with the complexity of infrastructure, new approaches are needed to address proper levels and controls to meet compliance.

CrossIdeas helps organizations to harmoniously manage people and applications access, governing appropriate levels of access across enterprise and cloud deployments. The company’s cutting-edge technology bridges the gap between compliance, business and IT infrastructure to help reduce the risk of fraud, conflicts of interest and human error in business processes. Clients gain a business-driven approach to access governance with a big-data identity warehouse, role and access certification and analytics dashboard.

CrossIdeas will join IBM Security Systems and significantly strengthen our ability to deliver identity analytics and intelligence solutions within IBM’s leading Security Identity Management portfolio.

CrossIdeas’ addition will deliver a next-generation approach to mitigate access risks and segregation of duty violations combined with our extensive existing identity management offering that already delivers enterprise provisioning, access and cloud solutions. CrossIdeas’ solutions are already integrated with IBM’s Identity Manager (IBM SIM).

CrossIdeas provides the ability to connect compliance, business and IT infrastructure points of view by using a “business activity” mapping approach, which significantly simplifies the user access and roles design, review and certification processes for all parties.

As the leader in the identity and access management market, IBM will drive the shift from using identity and access management as an administrative control to an analytics-centric approach that is risk- and behavior-based for better business decision-making.

Immediately on close, IBM will offer CrossIdeas solutions to clients all over the world.

Summary of News

  • Today, IBM announced it has acquired CrossIdeas.
  • CrossIdeas has a unique set of software capabilities for governance and analytics in the identity and access management space.
  • Its capabilities extend our portfolio in this emerging space while business leaders expand their use of on-premise and cloud environments.
  • CrossIdeas specializes in software used to govern users’ access to applications and data.
  • Stringent audit requirements and extensive government regulations designed to control insider threats are driving business leaders to demand that IT and security executives provide increased transparency into risks.
  • A major issue for organizations is the disconnect between the people who manage compliance, business and IT infrastructure for companies — they speak different languages.
  • CrossIdeas seamlessly helps manage people and applications via intuitive dashboards for each of these functions in a company, bringing all their requirements together.
  • A major differentiator for CrossIdeas is its advanced analytics capabilities, which can automatically detect and remediate segregation of duties issues before they become a security risk and audit exposure. We are bringing intelligence to identity management.
  • CrossIdeas extends IBM’s market-share-leading portfolio of identity and access management capabilities.

Overview of IBM Security

  • IBM is well-poised to take advantage of the $28 billion cyber security market opportunity.
  • IBM’s security business has experienced a growth of 20 percent over the first half of 2014. As IBM’s chief financial officer pointed out on IBM’s earnings call, 2Q 2014 was the 11th consecutive quarter of growth in security software.
  • IBM operates one of the world’s broadest security research and development organizations. IBM monitors 15 billion security events per day in more than 130 countries and holds more than 3,000 security patents.
  • IBM has acquired a dozen security software companies, including Trusteer, Guardium, BigFix, Watchfire and Internet Security Systems. In 2011, IBM acquired Q1 Labs, whose deep security analytics capabilities are the foundation of our Security Systems division.
  • In 2012, IBM formed a security services division, IBM Security Services, which manages and monitors security for nearly 4,000 clients around the world. Every day, IBM monitors 15 billion security events for these clients.

CrossIdeas Acquisition Frequently Asked Questions

The purpose of this section is to address particular questions and provide additional insight about IBM’s acquisition of CrossIdeas. To view the full press release, go to: Press Release

1. What are you announcing?

On July 31, 2014, IBM announced that it acquired CrossIdeas.

CrossIdeas helps organizations harmoniously manage people and applications by governing appropriate levels of access across enterprise and cloud deployments. The company’s cutting-edge technology bridges the gap between compliance, business and IT infrastructure to help reduce the risk of fraud, conflicts of duties and human error in business processes.

CrossIdeas advances IBM’s security strategy to offer actionable Identity Intelligence and Analytics.

2. Who is CrossIdeas? What do they do?

Founded in 2011 and based in Rome, Italy, CrossIdeas offers Identity and Access Governance Solutions enabling clients to address complex access risk and compliance requirements with business-driven analytics across enterprise and cloud deployments.

The company has established itself as an innovative vendor in Access Governance with additional support for integrated Dynamic Authorization Management and interfacing with target systems through integrated connectors and through other Identity Provisioning solutions, such as IBM Security Identity Manager.

The key differentiator of CrossIdeas’s solution is the ability to connect compliance, business and IT infrastructure points of view by using “business activity”-based modeling approach which significantly simplifies the user access and roles design, review and certification processes.

3. Why did IBM acquire CrossIdeas?

CrossIdeas’s product portfolio helps clients address key Identity and Access Governance demands and strongly complements and integrates with the IBM Security Systems Identity and Access Management portfolio. In addition, CrossIdeas technology will contribute important functionality to existing IBM security offerings. With CrossIdeas technology, IBM can deliver solutions that span enterprise needs for a business driven approach to Identity Intelligence and Analytics. An integrated solution will help customers to secure access to cloud and mobile applications by strengthening traditional access controls with granular polices across both enterprise and cloud, prioritizing business risks and detecting sophisticated threats with deep identity insights. IBM plans to continue to evolve the CrossIdeas’s capabilities to support worldwide expansion and market needs.

4. How will CrossIdeas fit within the IBM software portfolio?

The CrossIdeas offering will become a strategic part of the Security Systems portfolio within IBM Software Group. Since the IBM Security Systems Division was created in 2011 with the acquisition of Q1 Labs, and as furthered by the acquisition of Trusteer in 2013, we have repeatedly shown our ability to integrate existing or acquired security and mobility products with the broader IBM products portfolio in order to provide better and more competitive solutions for our clients.

CrossIdeas’s addition to IBM’s leading Security Identity Management portfolio will enable us to deliver a next generation approach to mitigate access risks and segregation of duty violations with business-driven governance and end-to-end dynamic user lifecycle management. It will also accelerate the innovation, integration, and expansion of our solutions to address a broader set of IT security requirements than ever before.

CrossIdeas, via the Ready for Security intelligence program, already allows IBM customers to deploy integrated access governance and user lifecycle management using IBM Security Identity Manager (IBM SIM). It also integrates with 3rd party Identity solutions for end to end user lifecycle management.

5. How will CrossIdeas clients benefit?

CrossIdeas clients will benefit from the combined technologies and skills of both companies, including increased investment in security research and development, global reach, and industry expertise. CrossIdeas’s clients will also benefit from IBM’s broad support capabilities and commitment to innovation.

CrossIdeas clients can take advantage of the broader IBM Identity and Access management portfolio, including Analytics, Cloud, Big Data and Mobile solutions, as well as enhanced service options from IBM Global Services and increased international support (people, product localization, etc.).

6. How will the acquisition affect CrossIdeas Business Partners?

For now, CrossIdeas Business Partners will continue to operate under their current agreements.Business Partners should anticipate ongoing communication from CrossIdeas and IBM as we transition to IBM programs, policies, and terms over time. Global System Integrators and regional Business Partners are encouraged to find out more about establishing a deeper relationship with IBM by visiting IBM PartnerWorld.

7. How will the CrossIdeas team fit organizationally within IBM?

CrossIdeas will integrate into the “People” segment within IBM Security Systems Division, led by Brendan Hannigan as a General Manager, reporting into broader IBM Software Group.

More from

Security Awareness Training 101: Which Employees Need It?

4 min read - To understand why you need cybersecurity awareness training, you must first understand employees' outsized roles in security breaches. “People remain — by far — the weakest link in an organization’s cybersecurity defenses,” noted Verizon on the release of their 2022 Data Breach Investigations Report (DBIR). They elaborate that 25% of all breaches covered in the report were the result of social engineering attacks, and when you add human errors and misuse of privilege, the human element accounts for 82% of…

4 min read

Beyond Requirements: Tapping the Business Potential of Data Governance and Security

3 min read - Doom and gloom. Fear, uncertainty and doubt. The "stick" versus the "carrot". What do these concepts have in common? They have often provided the primary motivation for organizations’ data governance and security strategies. For the enterprise, this mindset has perpetuated the idea that data governance, data security and data privacy are reactive cost centers existing due to externally imposed requirements or mandates. Yet, what if data governance and security practices could upend the prevailing paradigm and demonstrate direct business value?…

3 min read

Protecting Against Remote Monitoring and Management Phishing

3 min read - You use remote monitoring and management (RMM) software to closely monitor your cyber environment and keep your organization safe. But now cyber criminals are specifically targeting these tools, causing legitimate software to become a vulnerability. This is the latest type of attack in an increase in a recent trend of disruptive software supply chain attacks. The Cybersecurity and Infrastructure Security Agency (CISA) recently released an alert about the malicious use of legitimate remote monitoring and management (RMM) software. Last fall,…

3 min read

Secure-by-Design: Which Comes First, Code or Security?

4 min read - For years, developers and IT security teams have been at loggerheads. While developers feel security slows progress, security teams assert that developers sacrifice security priorities in their quest to accelerate production. This disconnect results in flawed software that is vulnerable to attack. While advocates for speed and security clash, consumers must often pay the price when threat actors strike. 48% of developers admitted they were still shipping code with vulnerabilities in 2022. It’s clearly time for a change. Many believe…

4 min read