Islandia, N.Y-based CA Inc.’s plan to acquire Orchestria Corp. will allow customers to combine data loss prevention (DLP) technology with its own identity and access management offerings in a way that’s not currently done, a company executive said.
Currently, technologies in the identity management space – identity, role and access management and provisioning – provide “a certain part of the solution” to the problem of data access and what can be potentially done with that data, said Bill Mann, senior vice-president with CA’s security management group.
DLP provides a different set of solutions to this challenge, said Mann, “but at a different level of the infrastructure within the organization.” And, at present, DLP is not tied to identities and roles, he said.
“This acquisition is really motivated by the need for us to really serve the purpose of enterprises that are concerned about protecting confidential data, intellectual property, and so forth,” he said.
Mann said acquiring the New York-based DLP vendor puts CA in “a very, very good position” vis-à-vis other vendors in the DLP space because of customer demand for comprehensive tools that render a single view of compliance and governance, and “that ultimately means tying DLP to an identity management system is something that companies are going to be looking for in the future.”
CA will continue to sell standalone Orchestria products but with an increasingly identity-managed focus.
Other such DLP players like Symantec Corp. and Websense Inc., he said, toil in DLP by virtue of their heritage in the threat management space, where “coarse-grained” policies are applied to large user groups.
According to James Quin, senior research analyst with London, Ont.-based Info-Tech Research Group Ltd., it’s definitely a good time for CA to move into the DLP market considering the technology’s current popularity. “That being said, DLP, to my mind isn’t necessarily something that tightly integrates with identity and access management,” said Quin. “This acquisition gives CA another business area, rather than enhancing the one they already have.”
And, said Quin, CA may be facing an uphill battle given it is not as significant a security vendor as Symantec and RSA. But, CA is a large software provider in its own right, he added, and may be able to gain significant wins with its customer base. “In this still-emerging space, that could be enough to tip the balance in CA’s favour,” he said.
Overall, Quin thinks DLP is a “worthwhile addition” for the company and their existing and potential customers because development in this technology area has been focused primarily on discovering and classifying data ultimately for better control.
Orchestria is the third acquisition by CA in the area of security in the past three months. The company also acquired Israel-based role and identity management technology vendor Eurekify and Palo Alto, Calif.-based IDFocus LLC. Mann wouldn’t comment on whether CA plans to continue this spree of security buys except to say “we are always looking for ways to strengthen that position by looking at areas within identity and access management and associated adjacent markets that are growing but have high levels of synergies with this core strength that we’ve got.”
CA recently said it planned to strengthen its position with software-as-a-service offerings. While Mann wouldn’t share plans about potential on-demand Orchestria products, he said “I hope we will be able to deliver in some of those capabilities in that kind of [on-demand] model but there’s nothing specific I can share at this stage.”
