IBM on Wednesday strengthened its position in the enterprise single sign-on market by acquiring privately held Encentuate, a developer of identity and access management software. The company also announced a new software security lab in Singapore.

The acquisition was driven by a shift in the way enterprises are using single sign-on (SSO) products, Venkat Raghavan, director of storage and security strategy for IBM's Tivoli Software division, told SCMagazineUS.com. We've seen a shift to broader compliance solutions that allow companies to manage, monitor and report on how users are interacting with enterprise systems, he said.

Raghavan said that IBM will integrate Encentuate's IAM (identity and access management) software into its own Tivoli Access Manager product suite. The integration will be complete in the third quarter of the year, when IBM releases version 8.0 of the Tivoli Access Manager (TAM) as an upgrade, he said.

"There's a real need for companies to understand who their users are, what applications they're signing onto, the data they're touching, and how compliant they are with security policies," Raghavan added. Single sign-on products not only allow users to login one time, but give network administrators tools to manage and monitor users' access rights and patterns -- both major requirements of compliance regulations, such as the Health Information Privacy and Portability Act (HIPAA) and the Sarbanes-Oxley Act.

Enterprises are also struggling with managing and monitoring user access to a broad range of systems, Scott Crawford, research director in security and risk management at Enterprise Management Associates (EMA), told SCMagazineUS.com. "Legacy applications don't go away, the mainframe stays and the cost of administration stays high. That all increases compliance and risk management issues in IT," he explained.

And that's where identity management is beginning to play a much larger role, Crawford added, as enterprises strive to prevent user abuses of network and application access rights. These are key compliance-related issues.

Crawford said he suspected that IBM "got a good deal" in the acquisition. Sally Hudson, a research director in the identity management products group at IDC, agreed. "I don't imagine IBM had to pay much for Encentuate, but I don't know what they paid, so this is speculation," she told SCMagazineUS.com.

"This gives IBM more control going forward for its access management product, and it certainly helps Encentuate, which was struggling," Hudson added. The acquisition also gives IBM exclusive ownership of the Encentuate IAM product and safeguards against potential acquisition of Passlogix by a competitor, Crawford said.

The loser in the deal might well be Encentuate competitor Passlogix, which had an OEM agreement to sell its identity and access management product to IBM. Passlogix's product is, in fact, at the foundation of the current version of the Tivoli Access Manager, said Crawford.

"Passlogix, while taking an immediate hit on IBM OEM revenues, should be able to make up some of the initial loss by inheriting a fair percentage of maintenance contracts for existing TAM customers," Hudson said. "Passlogix should be ok in the long term as no single aspect of their product line accounts for more than one-sixth of their overall revenues."

She noted that Passlogix also has OEM agreements with Oracle and RSA, among the leaders in the identity and access management market.

IBM did not reveal what it paid for Encentuate.