It's not even turkey day and Cisco Systems has already acquired a dozen companies this year. Some of these get lots of ink while others remain less glamorous and fall through the PR cracks. Case in point, on November 1, Cisco acquired a company named Securent, a company that claims to be, "the leader in entitlements management." Since this news involved Cisco, the announcement was picked up by a number of media outlets but little detail appeared.
ESG believes that this seemingly minor deal may have far more impact than the industry anticipates. Why? Cisco is always looking for ways to "climb the stack" and marry the network with application and business intelligence. This is exactly what Securent provides.
Here's how it works. When you want to access an application you usually type in a username and password. The more applications, the more usernames and passwords. This activity called "authentication" is the part of identity management that the industry has pretty much figured out with technologies like Single Sign On (SSO) and multifactor authentication. Now comes the hard part--once you access an application, what are you allowed to do? This is called "authorization" or "fine-grained access control and no one has a good consolidation or automation story." Since you can't aggregate authorization, users are forced into writing user rules in every application individually. The more applications, the more rules. Obviously, this leads to a lot of redundancy in application development. It also means that there is no central place to monitor, secure, and audit user activity. Did someone say "nightmare?"
Securent's technology is focused on addressing this exact problem. Write a set of role-based rules once and then use them to enforce authorization policies across multiple heterogeneous applications on the back end. Compliance and security management are also centralized using Securent tools.
For Cisco, the Securent acquisition has the potential to move an integral piece of application logic (user authorization) onto the network so it fits neatly into the overall Cisco strategy. What's more, Securent will be most attractive in brand new content-heavy collaboration applications--those that also need fat pipes, security tools, and application acceleration to be successful. Cisco gets bigger deals and application-layer street cred. Get the picture?
In a recent meeting, I asked a Cisco executive why the company was investing in multiple competing technologies. His response was telling, "we can afford to make a lot of bets." Securent may have the sizzle of IronPort, Scientific Atlanta, or WebEx, but once you understand what the company does, it's easy to understand why Cisco is making this bet. Securent could quietly give Cisco a great position in the middle of a slew of next-generation business applications.