IBM Fortifies Security with Lighthouse Security, CrossIdeas Acquisitions

In a move that bolsters its already considerable portfolio of security offerings, IBM announced it acquired the business operations of Lighthouse Security Group, LLC, a Lincoln, Rhode Island-based maker of Identity and Access Management (IAM) solutions.

IBM’s purchase of Lighthouse, the security division of longtime IBM Business Partner, Lighthouse Computer Services, comes two weeks after its acquisition of CrossIdeas, a privately held Italian cyber security startup that specializes in Access Governance software to help firms manage user access to applications and data across on-premise and cloud environments. Eric Maass, Chief Technology Officer, Lighthouse Security Group, along with other Lighthouse Security employees will make the transition to IBM.

IBM.png Photo courtesy of ChrisDag

Lighthouse Security sells a cloud-hosted IAM gateway platform, which incorporates a full suite of functionalities based on IBM’s Security Identity and Access Management capabilities. This includes: single sign-on, user provisioning, identity lifecycle governance, enterprise user registry services, federation and user self service.

During a teleconference call with analysts, IBM executives said the integration of technologies from Lighthouse and CrossIdeas into its existing security portfolio will enable it to provide a full suite of security software and services to protect and manage a user’s identity.

“Business models are rapidly evolving as employees conduct more of their work offsite. Protecting this data and who has access to it has become a challenge, costing our clients time and money,” said IBM’s Kris Lovejoy, general manager, IBM Security Services, in a prepared statement.

The IBM and Lighthouse Security executives emphasized that the new IAM solution would help customers achieve “significantly quicker start-up and faster-time to value” through use of automation technologies and elimination of traditional infrastructure deployment. The automated Lighthouse Security IAM solution simplifies administration and obviates the need for enterprises to hire and train additional specialized security professionals. This in turn, reduces both capital and operational expenditures.

IBM and Lighthouse Security executives noted that while identity and access management capabilities are “a key control for cloud and mobile adoption.” Despite this, businesses grapple with how to turn IAM services into a business enabler since they can be challenging to implement and manage and thus be a deployment deterrent to corporate enterprises and their IT administrators.

IBM Bolsters Security Portfolio via Targeted Acquisitions

IBM has made more than a dozen acquisitions in security in the past decade and has more than 6,000 security researchers and developers in its 25 security labs worldwide that work on developing enterprise-class solutions. Lighthouse Security Group builds upon this investment by combining IBM’s leading managed security software and services.


IBM’s acquisition of Lighthouse Security and CrossIdeas are the latest in a series of moves the company has made over the past decade to provide corporate enterprises with comprehensive, cogent, best in class security products and services.

Many enterprises acquire companies to fill a focused, tactical gap in their product portfolios. IBM’s security acquisitions are likewise tactical and practical. But they are also part of the company’s overarching strategic vision to deliver a robust security infrastructure. IBM’s security strategy incorporates best-in-class integrated, products that operate end-to-end across desktops, servers and mobile devices across physical, virtual, public, private and hybrid cloud-based networks.

According to market research firm International Data Corp., (IDC) the IBM security acquisitions have fueled the Security Division’s double-digit revenue growth for six consecutive quarters and propelled IBM to the #4 spot in the security software market in 2013. Additionally, IBM was named a leader along with AT&T, Computer Sciences Corp., Dell SecureWorks, Hewlett-Packard IDC and Verizon in IDC’s 2014 MarketScape Worldwide Managed Security Services Vendor Assessment report.

IBM’s array of security products via acquisition and organic research and development (R&D), patents, partnerships and security focused employees are among the broadest and deepest in the industry.

Consider the following:

Security Patents: IBM holds over 3,000 security patents
• Security Events: IBM monitors 15 billion security events daily in 130 countries
• Security Employees/Researchers: IBM employs over 1,200 security software developers, 2,000 security consultants, and 6,000 security researchers, developers and subject matter experts.
• Security Partnerships: IBM partners with a broad range of vendors, including AT&T.
• Security Acquisitions: Over the past decade IBM has acquired over 15 security companies. They include:
• Q1 Labs: a security intelligence software firm based in Waltham, MA was bought by IBM in 2011 to accelerate efforts to enable customers to intelligently secure their enterprises by applying analytics to correlate information from key security domains and creating security dashboards for their organizations.
Access 360: in 2002 IBM bought is a privately held provider of identity management software based in Irvine, California. This acquisition fortified IBM’s Tivoli software offerings around identity management. .
• Big Fix: In 2010 IBM purchased the Emeryville, CA maker of security configuration, management and vulnerability and security patch management and end point products. IBM integrated BigFix product into its Tivoli Software portfolio and it is now called IBM Endpoint Manager (IEM).
• Consul Risk Management International B.V. : In 2007, IBM acquired this privately held manufacturer of software compliance and audit products, headquartered in Delft, Netherlands, with a principal office in Herndon, Virginia. Consul’s operations were integrated into the IBM Software Group’s Tivoli software brand.
• Dascom, Inc.: This was one of IBM’s earliest security acquisitions. Dascom specialized in Web-based and enterprise security technology. It is now a wholly owned IBM subsidiary.
• DataPower: IBM acquired DataPower a manufacturer of SOA-based software in Cambridge, MA in 2005 to help user improve the performance, security and management of business processes built of reusable, open-standards-based software components.
• Encentuate: IBM acquired the Redwood City, CA based firm maker of identity and access management (IAM) software in 2008. It is part of the IBM Software Group’s Tivoli division and focuses on enterprise single sign-on and integrated authentication.
Guardium: a Database Monitoring, protection, compliance, analytics firm based in Waltham, MA was bought by IBM in 2009.
• Internet Security Systems (ISS): IBM acquired Atlanta-based ISS to bring its X-Force Security Threat Detection, ISS Proventia product line and ISS Managed and Professional Security Services in 2006.
• National Internet Security Company: NISC, in Fairfax, VA, became an IBM company in 2010. It provides security support of national interest and security initiatives for the intelligence community, energy and Federal Health agencies.
• Ounce Labs: IBM bought Ounce, a maker of security and compliance tools for Software Development in Waltham, MA in 2009.
• Princeton SoftTech: The Princeton, NJ company specializes in data privacy and data classification and discovery software.
• Trusteer, Ltd.: In 2013 IBM bought the malware and fraud prevention provider to extend its data security capabilities further into the cloud, mobile and endpoint security space.
• Watchfire: IBM purchased this dynamic security vulnerability testing firm based in Waltham, MA in 2007.

With each of its security acquisitions, IBM sought to align the product with one of its specific business units to fill a gap in the product portfolio and extend the customer value proposition. This systemic and synergistic approach delivers immediate security gains and tangible business value to IBM customers. The security acquisitions themselves have also made IBM more competitive in delivering an end-to-end solution, something enterprises desperately need as they transition to an era of Big Data analytics; cloud computing, mobility and Bring Your Own Device (BYOD).

“[IBM] has wisely kept many of the top executives of the acquired firms and let companies like their corporate culture. This fosters a spirit of cooperation, fuels innovation and helps IBM bring products and services to market in an efficient manner.”

Emerging technologies like the cloud and BYOD are often disruptive and raise the level of enterprise security risks and concerns because there are now many more endpoints representing a potential portal into the network infrastructure.

The slogan and mantra of IBM’s Security division is: “Security Intelligence/Think Integrated.” IBM’s spate of security company acquisitions and the speed, with which it has integrated those firms into the fold, aims to fulfill that vision.

IBM positions itself as a recognized leader in security products and services, a view which was echoed among enterprise respondents in the ITIC 2014-2015 Global Cloud Services Deployment and Technology Trends Survey. The study surveyed 750 businesses worldwide in July/August 2014 ranked IBM as the top security vendor for products and services for physical, virtual and cloud networks.

Lighthouse Security Identity Access Management is First Line of Defense

Security challenges are more daunting in today’s digital world. It is virtually impossible for IT departments to proactively safeguard and monitor the thousands of access points and potential vulnerabilities across the entire infrastructure in the era of BYOD. At the same time, companies must to protect sensitive data files, along with employees’ and customers’ identities, particularly when they are stored in an off-premises public cloud. Businesses must monitor and manage multiple entry points.

Additionally, corporations must verify which individuals and external parties are accessing their systems, data and networks. It’s also necessary to verify and authenticate their identities and permissions from multiple points including remote workers, mobile devices and the cloud. Identity and access management is a crucial component of the corporate enterprise security portfolios and one of the first lines of defense in the ongoing battle to secure the network from internal and external threats.

By integrating the assets of Lighthouse Security Group and CrossIdeas with IBM’s identity and access management offering, the company will offer a full suite of security software and services that protect and manage user identity. The addition of the Lighthouse Security IAM solution provides businesses with a simplified web and mobile experience, via IAM integration with cloud-based social identities. The Lighthouse Security IAM solution gives end users a single login capability which provides a more personalized online experience for goods and services.

Conclusions and Recommendations

IBM’s acquisition of Lighthouse Security’s IAM cloud-based services is a win-win for customers, IBM and its business partners.

IBM’s continuing acquisitions and internal organic R&D around security underscores the company’s commitment to safeguard its customers by providing the necessary robust security needed for IAM cloud-based services.

The burgeoning growth of cloud deployments, coupled with the dramatic increase in remote access, mobility and BYOD usage makes strong security and identity management protection all the more imperative.

The most recent Lighthouse Security and CrossIdeas acquisitions also fortify IBM’s already strong position as a security vendor and security services provider.

IBM has exhibited great agility, adaptability and speed in integrating its acquisitions over the last two years. As part of this effort, the company has wisely kept many of the top executives of the acquired firms and let companies like their corporate culture. This fosters a spirit of cooperation, fuels innovation and helps IBM bring products and services to market in an efficient manner without missing a beat. This type of cooperative M&A activity instills customer confidence.

ITIC recommends that corporate customers perform regular security and compliance audits. They should also review which security products and services most closely align with their business and technology needs. IBM has one of the industry’s strongest and deepest security product portfolios and security services, and should be on everyone’s short list of vendors to consider.