Quest is pitching the acquisition as a way to provide its customers with a more centralized and nuanced approach for handling authentication in multiple environments: inside the enterprise, including for databases--down to individual rows and columns--and SharePoint installations, as well as for cloud-based applications and Web services.
"This investment will make Quest the first large IAM [identity and access management] vendor to offer organizations the capability to define granular access controls for users based on user attributes, the resource, and the context of the access request," said Nick Nikols, VP and general manager for identity and access management at Quest Software, in a statement.
[ SOX regulations remain one of security's biggest drivers in public companies. Learn 10 Tips For Sarbanes-Oxley Compliance. ]
According to Martin Kuppinger, principal analyst at identity and information security market research firm KuppingerCole, the deal is no surprise, since it enables Windows-centric Quest to offer its customers new dynamic authorization management capabilities. Loosely, that means being able to store identity and access management information in a single location, and then calling it as a service from--theoretically--any enterprise application, database, SharePoint installation, or cloud-based application.
"Dynamic authorization management is about externalizing authorization decisions from single applications and performing them against centralized backend systems, based on centralized rules," said Kuppinger in a blog post. "Instead of hard-coding security into applications, and instead of having to maintain authorization rules in a lot of different applications, dynamic authorization management systems build the backend for such decisions."
Handling authentication in today's diverse application environment is becoming an increasing challenge, said Jackson Shaw, senior director of product management at Quest Software, on his blog. "Back in the mid-90s, Netscape's release of their LDAP directory product heralded the beginning of many companies starting to centralize identity information and authentication," he said. "Over the last few years many companies have started to struggle with all of the applications they have--especially Web-based apps--and how they could possibly externalize their authorization processes."
Accordingly, "Quest has chosen to move forward with Bitkoo as our 'big bet' in the authorization market. We feel that Bitkoo provides the best fit for our customers with their .NET-based architecture, their plug-ins for SharePoint, and their overall capabilities and architecture," said Shaw. "And, with all of our privileged account and other identity management products we have a natural fit for Bitkoo's software."
Kuppinger noted that Quest's acquisition of Bitkoo is just one of a series of identity and access management acquisitions that the company has made in recent years. Others include its acquisition of Volcker Informatik for provisioning and access governance, Symlabs for virtual directory services, Vintela for Linux and Unix authentication and integration, and e-DMZ for privileged user and account management tools.
To date, Bitkoo has competed primarily "against CA, IBM, and Oracle--which, by the way, all have something to offer around dynamic authorization management," said Kuppinger. Independent competitor Axiomatics, meanwhile, now becomes "the most prominent specialized vendor left in the market of dynamic authorization management," making it an obvious acquisition target.
Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)