IBM has purchased Lighthouse Security Group and plans to combine it with another recent acquisition to build a set of identity management software and services.
Lighthouse Security Group, located in Rhode Island, offers cloud-based identity management services for the enterprise. Two weeks ago, IBM purchased CrossIdeas, a developer of software that controls the applications and cloud services an employee can access.
[ It's time to rethink security. Two former CIOs show you how to rethink your security strategy for today's world. Bonus: Available in PDF and e-book versions. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
"Many of our customers, as they begin to embrace the cloud, and as they embrace bring-your-own-device, are recognizing that traditional approach to managing identity is really hard and expensive," said Kris Lovejoy, IBM general manager for security services. "Lighthouse allows organizations to better manage identity across hybrid environments."
IBM said it will combine the Lighthouse and CrossIdeas technologies to build a full suite of security software and services designed to protect and manage users' identities.
Identity management technology is designed to assure that digital content and computer services are only accessed by those with permission to do so.
Enterprise security is one of the core areas of IT that IBM is concentrating on to generate new business. It has invested more than $1 billion annually in enterprise security-related research, employing 6,000 security researchers and developers in 25 security facilities worldwide. The research and acquisitions are paying off: IBM said it has enjoyed 20 percent growth security-related revenue in the first half of 2014.
Lighthouse's chief product, Lighthouse Gateway, offers identity and access management capabilities as a cloud service, using the IBM Tivoli systems management platform as the base.
The Lighthouse service is designed to offer all the major capabilities typically found in an access management software package meant to be installed internally, including the ability to provision accounts for new users, the capability to drop an account when an employee leaves the firm, and single sign-on so employees only have to log in once to use multiple applications.
By offering identity management as a service, Lighthouse can manage employees who access organizational resources from outside the firewall, or employees who use non-organizational issued computers and devices, a common scenario among organizations that embrace the bring-your-own-device philosophy.
Lighthouse also offers federation services, allowing an organization to share parts of its identity management database with other organizations, and a self-service console for users to register themselves.
Lighthouse Gateway can be used with IBM's own identity and access management suite to provide identity management outside the firewall. In fact, the IBM and Lighthouse technologies have already been deployed together for a number of customers, Lovejoy said.
The service "provides a lot of automation," especially around the process of managing identities and services outside the organization, with customers and business partners, Lovejoy said.
For instance, an automobile manufacturer may have different multiple websites for its customers: one for new car purchases, one for ordering parts and another one for service calls. In this scenario, the Lighthouse "technology allows you to federate identities where customers can get access to you in a single way, and your business partners can get access to your customers in a seamless way," Lovejoy said.
Lighthouse Security Group was a subsidiary of Lighthouse Computer Service, an enterprise system integrator that has been a longtime business partner of IBM.
Terms of the deal were not announced.