The Next Generation of Identity and Access Governance

Today, we are pleased to announce that IBM has acquired CrossIdeas, an innovative provider of identity governance and analytics software.

As regulatory demands increase along with the complexity of infrastructure, new approaches are needed to address proper levels and controls to meet compliance.

CrossIdeas helps organizations to harmoniously manage people and applications access, governing appropriate levels of access across enterprise and cloud deployments. The company’s cutting-edge technology bridges the gap between compliance, business and IT infrastructure to help reduce the risk of fraud, conflicts of interest and human error in business processes. Clients gain a business-driven approach to access governance with a big-data identity warehouse, role and access certification and analytics dashboard.

CrossIdeas will join IBM Security Systems and significantly strengthen our ability to deliver identity analytics and intelligence solutions within IBM’s leading Security Identity Management portfolio.

CrossIdeas’ addition will deliver a next-generation approach to mitigate access risks and segregation of duty violations combined with our extensive existing identity management offering that already delivers enterprise provisioning, access and cloud solutions. CrossIdeas’ solutions are already integrated with IBM’s Identity Manager (IBM SIM).

CrossIdeas provides the ability to connect compliance, business and IT infrastructure points of view by using a “business activity” mapping approach, which significantly simplifies the user access and roles design, review and certification processes for all parties.

As the leader in the identity and access management market, IBM will drive the shift from using identity and access management as an administrative control to an analytics-centric approach that is risk- and behavior-based for better business decision-making.

Immediately on close, IBM will offer CrossIdeas solutions to clients all over the world.

Summary of News

  • Today, IBM announced it has acquired CrossIdeas.
  • CrossIdeas has a unique set of software capabilities for governance and analytics in the identity and access management space.
  • Its capabilities extend our portfolio in this emerging space while business leaders expand their use of on-premise and cloud environments.
  • CrossIdeas specializes in software used to govern users’ access to applications and data.
  • Stringent audit requirements and extensive government regulations designed to control insider threats are driving business leaders to demand that IT and security executives provide increased transparency into risks.
  • A major issue for organizations is the disconnect between the people who manage compliance, business and IT infrastructure for companies — they speak different languages.
  • CrossIdeas seamlessly helps manage people and applications via intuitive dashboards for each of these functions in a company, bringing all their requirements together.
  • A major differentiator for CrossIdeas is its advanced analytics capabilities, which can automatically detect and remediate segregation of duties issues before they become a security risk and audit exposure. We are bringing intelligence to identity management.
  • CrossIdeas extends IBM’s market-share-leading portfolio of identity and access management capabilities.

Overview of IBM Security

  • IBM is well-poised to take advantage of the $28 billion cyber security market opportunity.
  • IBM’s security business has experienced a growth of 20 percent over the first half of 2014. As IBM’s chief financial officer pointed out on IBM’s earnings call, 2Q 2014 was the 11th consecutive quarter of growth in security software.
  • IBM operates one of the world’s broadest security research and development organizations. IBM monitors 15 billion security events per day in more than 130 countries and holds more than 3,000 security patents.
  • IBM has acquired a dozen security software companies, including Trusteer, Guardium, BigFix, Watchfire and Internet Security Systems. In 2011, IBM acquired Q1 Labs, whose deep security analytics capabilities are the foundation of our Security Systems division.
  • In 2012, IBM formed a security services division, IBM Security Services, which manages and monitors security for nearly 4,000 clients around the world. Every day, IBM monitors 15 billion security events for these clients.

CrossIdeas Acquisition Frequently Asked Questions

The purpose of this section is to address particular questions and provide additional insight about IBM’s acquisition of CrossIdeas. To view the full press release, go to: Press Release

1. What are you announcing?

On July 31, 2014, IBM announced that it acquired CrossIdeas.

CrossIdeas helps organizations harmoniously manage people and applications by governing appropriate levels of access across enterprise and cloud deployments. The company’s cutting-edge technology bridges the gap between compliance, business and IT infrastructure to help reduce the risk of fraud, conflicts of duties and human error in business processes.

CrossIdeas advances IBM’s security strategy to offer actionable Identity Intelligence and Analytics.

2. Who is CrossIdeas? What do they do?

Founded in 2011 and based in Rome, Italy, CrossIdeas offers Identity and Access Governance Solutions enabling clients to address complex access risk and compliance requirements with business-driven analytics across enterprise and cloud deployments.

The company has established itself as an innovative vendor in Access Governance with additional support for integrated Dynamic Authorization Management and interfacing with target systems through integrated connectors and through other Identity Provisioning solutions, such as IBM Security Identity Manager.

The key differentiator of CrossIdeas’s solution is the ability to connect compliance, business and IT infrastructure points of view by using “business activity”-based modeling approach which significantly simplifies the user access and roles design, review and certification processes.

3. Why did IBM acquire CrossIdeas?

CrossIdeas’s product portfolio helps clients address key Identity and Access Governance demands and strongly complements and integrates with the IBM Security Systems Identity and Access Management portfolio. In addition, CrossIdeas technology will contribute important functionality to existing IBM security offerings. With CrossIdeas technology, IBM can deliver solutions that span enterprise needs for a business driven approach to Identity Intelligence and Analytics. An integrated solution will help customers to secure access to cloud and mobile applications by strengthening traditional access controls with granular polices across both enterprise and cloud, prioritizing business risks and detecting sophisticated threats with deep identity insights. IBM plans to continue to evolve the CrossIdeas’s capabilities to support worldwide expansion and market needs.

4. How will CrossIdeas fit within the IBM software portfolio?

The CrossIdeas offering will become a strategic part of the Security Systems portfolio within IBM Software Group. Since the IBM Security Systems Division was created in 2011 with the acquisition of Q1 Labs, and as furthered by the acquisition of Trusteer in 2013, we have repeatedly shown our ability to integrate existing or acquired security and mobility products with the broader IBM products portfolio in order to provide better and more competitive solutions for our clients.

CrossIdeas’s addition to IBM’s leading Security Identity Management portfolio will enable us to deliver a next generation approach to mitigate access risks and segregation of duty violations with business-driven governance and end-to-end dynamic user lifecycle management. It will also accelerate the innovation, integration, and expansion of our solutions to address a broader set of IT security requirements than ever before.

CrossIdeas, via the Ready for Security intelligence program, already allows IBM customers to deploy integrated access governance and user lifecycle management using IBM Security Identity Manager (IBM SIM). It also integrates with 3rd party Identity solutions for end to end user lifecycle management.

5. How will CrossIdeas clients benefit?

CrossIdeas clients will benefit from the combined technologies and skills of both companies, including increased investment in security research and development, global reach, and industry expertise. CrossIdeas’s clients will also benefit from IBM’s broad support capabilities and commitment to innovation.

CrossIdeas clients can take advantage of the broader IBM Identity and Access management portfolio, including Analytics, Cloud, Big Data and Mobile solutions, as well as enhanced service options from IBM Global Services and increased international support (people, product localization, etc.).

6. How will the acquisition affect CrossIdeas Business Partners?

For now, CrossIdeas Business Partners will continue to operate under their current agreements.Business Partners should anticipate ongoing communication from CrossIdeas and IBM as we transition to IBM programs, policies, and terms over time. Global System Integrators and regional Business Partners are encouraged to find out more about establishing a deeper relationship with IBM by visiting IBM PartnerWorld.

7. How will the CrossIdeas team fit organizationally within IBM?

CrossIdeas will integrate into the “People” segment within IBM Security Systems Division, led by Brendan Hannigan as a General Manager, reporting into broader IBM Software Group.

More from

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

What CISOs Should Know About CIRCIA Incident Reporting

In March of 2022, a new federal law was adopted: the Cyber Incident Reporting Critical Infrastructure Act (CIRCIA). This new legislation focuses on reporting requirements related to cybersecurity incidents and ransomware payments. The key takeaway: covered entities in critical infrastructure will now be required to report incidents and payments within specified time frames to the Cybersecurity and Infrastructure Security Agency (CISA). These new requirements will change how CISOs handle cyber incidents for the foreseeable future. As a result, CISOs must…

Will the 2.5M Records Breach Impact Student Loan Relief?

Over 2.5 million student loan accounts were breached in the summer of 2022, according to a recent Maine Attorney General data breach notification. The target of the breach was Nelnet Servicing, a servicing system and web portal provider for the Oklahoma Student Loan Authority (OSLA) and EdFinancial. An investigation determined that intruders accessed student loan account registration information between June and July 2022. The stolen data includes names, addresses, emails, phone numbers and social security numbers for 2,501,324 student loan…

Containers, Security, and Risks within Containerized Environments

Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its floor plan. In older approaches to application development, a developer would have a targeted system or set of systems for which they intend to create an application. This targeted system would be the mall. Then, when building the application, they would…