July 31, 2014 By Brendan Hannigan 5 min read

The Next Generation of Identity and Access Governance

Today, we are pleased to announce that IBM has acquired CrossIdeas, an innovative provider of identity governance and analytics software.

As regulatory demands increase along with the complexity of infrastructure, new approaches are needed to address proper levels and controls to meet compliance.

CrossIdeas helps organizations to harmoniously manage people and applications access, governing appropriate levels of access across enterprise and cloud deployments. The company’s cutting-edge technology bridges the gap between compliance, business and IT infrastructure to help reduce the risk of fraud, conflicts of interest and human error in business processes. Clients gain a business-driven approach to access governance with a big-data identity warehouse, role and access certification and analytics dashboard.

CrossIdeas will join IBM Security Systems and significantly strengthen our ability to deliver identity analytics and intelligence solutions within IBM’s leading Security Identity Management portfolio.

CrossIdeas’ addition will deliver a next-generation approach to mitigate access risks and segregation of duty violations combined with our extensive existing identity management offering that already delivers enterprise provisioning, access and cloud solutions. CrossIdeas’ solutions are already integrated with IBM’s Identity Manager (IBM SIM).

CrossIdeas provides the ability to connect compliance, business and IT infrastructure points of view by using a “business activity” mapping approach, which significantly simplifies the user access and roles design, review and certification processes for all parties.

As the leader in the identity and access management market, IBM will drive the shift from using identity and access management as an administrative control to an analytics-centric approach that is risk- and behavior-based for better business decision-making.

Immediately on close, IBM will offer CrossIdeas solutions to clients all over the world.

Summary of News

  • Today, IBM announced it has acquired CrossIdeas.
  • CrossIdeas has a unique set of software capabilities for governance and analytics in the identity and access management space.
  • Its capabilities extend our portfolio in this emerging space while business leaders expand their use of on-premise and cloud environments.
  • CrossIdeas specializes in software used to govern users’ access to applications and data.
  • Stringent audit requirements and extensive government regulations designed to control insider threats are driving business leaders to demand that IT and security executives provide increased transparency into risks.
  • A major issue for organizations is the disconnect between the people who manage compliance, business and IT infrastructure for companies — they speak different languages.
  • CrossIdeas seamlessly helps manage people and applications via intuitive dashboards for each of these functions in a company, bringing all their requirements together.
  • A major differentiator for CrossIdeas is its advanced analytics capabilities, which can automatically detect and remediate segregation of duties issues before they become a security risk and audit exposure. We are bringing intelligence to identity management.
  • CrossIdeas extends IBM’s market-share-leading portfolio of identity and access management capabilities.

Overview of IBM Security

  • IBM is well-poised to take advantage of the $28 billion cyber security market opportunity.
  • IBM’s security business has experienced a growth of 20 percent over the first half of 2014. As IBM’s chief financial officer pointed out on IBM’s earnings call, 2Q 2014 was the 11th consecutive quarter of growth in security software.
  • IBM operates one of the world’s broadest security research and development organizations. IBM monitors 15 billion security events per day in more than 130 countries and holds more than 3,000 security patents.
  • IBM has acquired a dozen security software companies, including Trusteer, Guardium, BigFix, Watchfire and Internet Security Systems. In 2011, IBM acquired Q1 Labs, whose deep security analytics capabilities are the foundation of our Security Systems division.
  • In 2012, IBM formed a security services division, IBM Security Services, which manages and monitors security for nearly 4,000 clients around the world. Every day, IBM monitors 15 billion security events for these clients.

CrossIdeas Acquisition Frequently Asked Questions

The purpose of this section is to address particular questions and provide additional insight about IBM’s acquisition of CrossIdeas. To view the full press release, go to: Press Release

1. What are you announcing?

On July 31, 2014, IBM announced that it acquired CrossIdeas.

CrossIdeas helps organizations harmoniously manage people and applications by governing appropriate levels of access across enterprise and cloud deployments. The company’s cutting-edge technology bridges the gap between compliance, business and IT infrastructure to help reduce the risk of fraud, conflicts of duties and human error in business processes.

CrossIdeas advances IBM’s security strategy to offer actionable Identity Intelligence and Analytics.

2. Who is CrossIdeas? What do they do?

Founded in 2011 and based in Rome, Italy, CrossIdeas offers Identity and Access Governance Solutions enabling clients to address complex access risk and compliance requirements with business-driven analytics across enterprise and cloud deployments.

The company has established itself as an innovative vendor in Access Governance with additional support for integrated Dynamic Authorization Management and interfacing with target systems through integrated connectors and through other Identity Provisioning solutions, such as IBM Security Identity Manager.

The key differentiator of CrossIdeas’s solution is the ability to connect compliance, business and IT infrastructure points of view by using “business activity”-based modeling approach which significantly simplifies the user access and roles design, review and certification processes.

3. Why did IBM acquire CrossIdeas?

CrossIdeas’s product portfolio helps clients address key Identity and Access Governance demands and strongly complements and integrates with the IBM Security Systems Identity and Access Management portfolio. In addition, CrossIdeas technology will contribute important functionality to existing IBM security offerings. With CrossIdeas technology, IBM can deliver solutions that span enterprise needs for a business driven approach to Identity Intelligence and Analytics. An integrated solution will help customers to secure access to cloud and mobile applications by strengthening traditional access controls with granular polices across both enterprise and cloud, prioritizing business risks and detecting sophisticated threats with deep identity insights. IBM plans to continue to evolve the CrossIdeas’s capabilities to support worldwide expansion and market needs.

4. How will CrossIdeas fit within the IBM software portfolio?

The CrossIdeas offering will become a strategic part of the Security Systems portfolio within IBM Software Group. Since the IBM Security Systems Division was created in 2011 with the acquisition of Q1 Labs, and as furthered by the acquisition of Trusteer in 2013, we have repeatedly shown our ability to integrate existing or acquired security and mobility products with the broader IBM products portfolio in order to provide better and more competitive solutions for our clients.

CrossIdeas’s addition to IBM’s leading Security Identity Management portfolio will enable us to deliver a next generation approach to mitigate access risks and segregation of duty violations with business-driven governance and end-to-end dynamic user lifecycle management. It will also accelerate the innovation, integration, and expansion of our solutions to address a broader set of IT security requirements than ever before.

CrossIdeas, via the Ready for Security intelligence program, already allows IBM customers to deploy integrated access governance and user lifecycle management using IBM Security Identity Manager (IBM SIM). It also integrates with 3rd party Identity solutions for end to end user lifecycle management.

5. How will CrossIdeas clients benefit?

CrossIdeas clients will benefit from the combined technologies and skills of both companies, including increased investment in security research and development, global reach, and industry expertise. CrossIdeas’s clients will also benefit from IBM’s broad support capabilities and commitment to innovation.

CrossIdeas clients can take advantage of the broader IBM Identity and Access management portfolio, including Analytics, Cloud, Big Data and Mobile solutions, as well as enhanced service options from IBM Global Services and increased international support (people, product localization, etc.).

6. How will the acquisition affect CrossIdeas Business Partners?

For now, CrossIdeas Business Partners will continue to operate under their current agreements.Business Partners should anticipate ongoing communication from CrossIdeas and IBM as we transition to IBM programs, policies, and terms over time. Global System Integrators and regional Business Partners are encouraged to find out more about establishing a deeper relationship with IBM by visiting IBM PartnerWorld.

7. How will the CrossIdeas team fit organizationally within IBM?

CrossIdeas will integrate into the “People” segment within IBM Security Systems Division, led by Brendan Hannigan as a General Manager, reporting into broader IBM Software Group.

More from

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today