On March 13th, IBM announced that it has acquired Encentuate, a maker of enterprise single-sign-on software, session management and strong authentication components. Enterprise single-sign-on works at the desktop session and application level, and is typically implemented as a set of modules that are inserted at the operating system level to intercept and manage requests for passwords.

This move by IBM will add Encentuate's E-SSO capabilities to IBM's Tioli branded access management solutions. IBM's Tivoli Access Manager Enterprise Single Sign-On, previously based on Passlogix technology, will now fundamentally change starting in Version 7, announced to be available in the fall os 2008. This release will be based on Encentuate's E-SSO technology. Existing customers will have the continued support for the current product, including the option to continue to use the Passlogix components.

Encentuate also has offers a product called "iTag" that allows enterprises to implement flexible two-factor authentication by harnessing a multitude of personal devices, smart cards and access badges. Other parts of the product line include session management and fast user switching to support user roaming and shared computing resources. In addition, auditing and compliance features collect and help analyse audit trails of access events. The integration of Encentuate's technology is expected to boost IBM's Tivoli Identity and Access product line and strengthen its position in the market.

Founded in 2001, and with offices in California's Silicon Valley and Singapore, Encentuate was backed by several investors and privately held before the acquisition. Its founder, Singaporean entrepreneur Peng T. Ong had previously founded Interwoven, a Web content management software company. Together with the announcement of the acquisition, IBM also announced the formation of the IBM Security Software Laboratory in Singapore that will harness Encentuate's development team based there.

IBM had previously not focused on developing E-SSO features, and instead chose to partner with other companies to add this functionality to its product line. A partnership was established early 2006 with Passlogix, a New York based provider of single-sign on software, and IBM has though an OEM agreement resold Passlogix components with its Tivoli brand. The move by IBM undoubtedly changes this strategy. Very likely IBM had already studied the possibility of taking a stake in Passlogix, but Passlogix is an industry leader and claims to have sold more than 10 million client licenses - which would make an acquisition very expensive. Encentuate was a smaller player and a lesser known company, but provided a similar technology and therefore a better fit for acquisition.

According to KCP's research, enterprise single-sign-on is one of the tactical technologies where customers are most willing to invest within the identity and access management space. Sales cycles for this technology is lower, deployment is faster and enterprises see an immediate and visible benefit.

IBM and others are realising that E-SSO provides a good opportunity to engage customers in a short, visible and successful project - and then to potentially upsell integrated identity and access management "suites" or other modules. CA has to date been the only large vendor that had a comprehensive own E-SSO offering due to previous acquisitions almost a decade ago. Others like Oracle, Novell and BMC harness partner solutions to provide E-SSO to their customers.

The acquisition of Encentuate makes good sense for IBM to decrease dependence on an OEM partner, and to obtain needed technology with a proven track record for integration into its product line. There is quite a possibility for further acquisitions in this space.