Oracle acquires Bridgestream
So the worst kept secret in IAM history is officially out. Oracle yesterday issued a long-awaited press release announcing the acquisition of Bridgestream in the Role Management space. Of course, if you have been anywhere near an internet-connected computer, you’d have seen everybody and their mother blog about this. And some of the buzz has been quite interesting, which I will touch on in a later post.
To many, an acquisition in the ERM (Enterprise Role Management) space was inevitable. ERM has gone from cutting-edge darling of the analyst crowd to a must-have IAM solution fairly rapidly. I have myself blogged about the importance of roles in any IAM architecture a number of times. By acquiring Bridgestream, Oracle is adding their SmartRoles and SmartRoles Discoverer products to our industry-leading IdM portfolio.
Relationship-based (aka Contextual) Roles
When it first came out, Bridgestream SmartRoles introduced the interesting notion of relationship-based roles to the market. Providing a solution for the top-down approach to role engineering, the product allows customers to model a myriad of entity relationships (between such diverse entities as people, organizations, processes, projects and business resources) in it, and then express roles as a traversal of the generated relationship graph. Of course, this is not to imply that it doesn’t handle the more mundane roles we are all accustomed to, which are simply containers of people and privileges. But their ability to model roles on real-world relationships that help solve real world use cases is really what sets them apart from the field. SmartRoles also supports a number of other interesting features, including temporal views of the relationship graph that provides a time sensitive answer to the role membership question.
SmartRoles
SmartRoles also supports the much needed separation between Enterprise Roles and Local Roles (or Business Roles and IT Roles, as Bridgestream calls it). This provides a necessary abstraction between the business side of the enterprise and the security focused application side of the enterprise.
These features allow them to support some really interesting RBAC scenarios that relied on complex cross functional project relationships, as well as role-based provisioning that took the location of both people and resources into account and complex approval scenarios. The BSI relationship with Oracle started with the relationship that was initially established between Thor’s Identity Manager product and SmartRoles, providing a powerful role-based provisioning solution to customers.
Role Discovery
Bridgestream has also made a move into the role mining area with the introduction of its SmartRoles Discoverer product. SmartRoles Discoverer
complements SmartRoles top-down approach by offering companies a bottom-up methodology to kick-start their role management implementation. It provides capabilities to mine data sets from diverse sources and discover useful and meaningful roles. But role mining and verification aren’t enough, so SmartRoles Discoverer also uncovers rules and policies to govern these roles. These candidate roles, along with the discovered rules and policies to govern them, can then be exported into SmartRoles for deployment.
SmartRoles Discoverer
Adding this capability to its suite allows Bridgestream to provide a complete end-to-end process-based solution for role lifecycle management to the market.
The Future
Over time, the capabilities of Bridgestream’s advanced role discovery and modeling capabilities will be combined with Oracle Identity Management’s access provisioning and enforcement tools. So while it will still be possible to buy a pure role management product, the real value will come from the SmartRoles product (which will no doubt be renamed following the standard Oracle formula at some point) providing a richer role environment for the OIM and OAM product lines to base their capabilities on, providing customers a comprehensive solution that covers all the bases.
You can get a lot of information about the acquisition and its value (including FAQs and white papers here).
What about pushing SmartRoles beyond just identity management in to human capital management and tradition ERP/HR functions?
I hate to be the one that spoils the party.
My friend Nishant, you are adding allot of “colors” to Bridgestream capabilities, way beyond the reality.
Bridgestream is great tool to manage your roles – if you have them.
As a project manager working in large services company, I investigated some of their customers and watched them in several accounts in Europe, inclosing some major bank in the British island. We found their technology cannot scratch the complexity of role mining. Scalability is another issue.
I suggest that Oracle will use them to for the role provisioning processes, the Oracle solution has big enough holes there and Bridgestream has nice capabilities there.
BK
Ian, you are on the right track. That is exactly where we plan on taking not just the ERM capabilities, but the IdM capabilities in general. A lot of this is part of our plans for fusion architecture, in which IdM becomes an intrinsic part of the ERP environment.
This is actually the topic of a talk I will be giving at OpenWorld. More details then.
I’m going head to head against Oracle/Bridgestream with Sun and another leading Role Management company at a Proof Of Concept soon. It’s going to be very interesting to see who comes out on top since Oracle clearly changed their pitch after the acquisition of Bridgestream. Good luck Oracle , let’s hope you bought the “right” solution for the customers needs 🙂