What Oracle’s recent acquisitions mean for the industry

* Oracle’s start-up shopping has repercussions

Oracle’s purchase of Thor Technologies and OctetString - along with its previous acquisition of Oblix - puts the company into the top rank of identity management vendors.

Only IBM and Sun can offer the same breadth and depth of solutions as “one-stop shops” for people in search of answers to their identity management needs.

Microsoft still lacks products (some, perhaps, due by the end of next year) or even a comprehensive strategy for enterprise identity management.

Novell, once the leader in this market, has allowed its identity management offerings to twist slowly in the wind while it pursues open source nirvana and while undergoing internecine battles.

CA (formerly Computer Associates), BMC, HP, Siemens and others offer parts of the puzzle but don’t have as comprehensive offerings as the big three do.

The biggest impact of Oracle’s moves, though, is likely to be on those left behind as Thor and OctetString leave the ranks of the independents - RadiantLogic, MaXware and Symlabs in the virtual directory market, and Courion, M-tech and SafeStone Technologies in the provisioning arena.

While I hesitate to predict a negative, I don’t believe that there’s a place for the provisioning vendors to be acquired. Of course, after Oracle acquired Oblix I didn’t think they’d be in the market for another provisioning vendor, either. They’ll need to concentrate on particular vertical markets where expertise in an industry has more value than the breadth of an offering.

The other virtual directory vendors are still ripe for picking, though. The join engine that’s the heart of a virtual directory is a tricky thing to get right, so it would be much cheaper for a company wanting that technology to buy it rather than roll their own. Still, they could follow the model of companies such as Citrix or VMware, which provide services to many vendors while retaining their independence.

I think the next place to look for mergers and acquisitions will be among those vendors active in the role-based access control (RBAC) market. RBAC is almost necessary for regulatory compliance and is symbiotic with provisioning. It’s another technology that’s not easy to create from scratch, so acquisition would seem the way to go. No predictions yet, but I’d expect to see some movement here early next year. Drop me a note and tell me what you think.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.