CA Acquires Orchestria, Plans IdM/DLP Integration

| Jan 7, 2009 | Enterprise Security | Competitive Intelligence Report

| Analyst: Andrew Braunberg

Current Perspective: Positive
Vendor Importance: High
Market Impact: Moderate

Event Summary

January 5, 2009 – CA has announced it has signed a definitive agreement to acquire New York-based Orchestria Corporation, a leading provider of data loss prevention (DLP) technology. Terms of the acquisition were not disclosed.

Analytical Summary

• Current Perspective: Positive on CA’s acquisition of Orchestria, because the addition of data loss prevention (DLP) technology (both data classification and access enforcement) will be an innovative addition to CA’s identity and access management suite. This is the most aggressive move to date by an identity management (IdM) vendor to move into the DLP market.

• Vendor Importance: High to CA’s IdM business, because this deal furthers the company’s stated goal of building out a robust role-based entitlement’s management capability and centralizing its security policy management capabilities. The ability to discover sensitive data and control access to that data would provide CA with a potent differentiator for its IdM solutions.

• Market Impact: Moderate on the IdM and DLP markets, because most people have not put much thought into the integration of these disciplines. DLP has traditionally been a more tactical response and if integrated into a larger solution, that solution has typically been a threat management suite. CA, which was never a major player in the threat management markets, sees much more opportunity integrating DLP into its IdM suite by marrying data access policy with its role-based access control capabilities.

Recommended Competitor Actions

• IdM suite vendors need to react to this announcement. There is a lot of logic in rolling up DLP into identity and access management suites. The fact that they have traditionally rolled up into threat management suites is primarily a result of the tactical requirements of organizations to address DLP needs quickly. From a strategic perspective it makes more sense to include DLP as a component of broader IdM and GRC solutions.

• Microsoft should try to position this as a me-too announcement that was reactive to its partnership with RSA. CA has actually been hinting that a DLP deal was in the works for a while now, while the Microsoft/RSA announcement seemed rushed, but Microsoft did go public with the DLP announcement first.

• Threat management suite vendors should consider partnering with IdM vendors on integrated offerings. The market for differing approaches to DLP is not likely to disappear any time soon but in the long term, traditional threat vendors need to support the sharing of security policy data with identity and access management solutions or they need to considerably augment their existing capabilities in this regard (most likely as part of NAC or IT GRC initiatives.

• Remaining pure play DLP vendors, such as Code Green Networks, Fidelis Security Systems, Verdasys and Vericept, should look to identity and access management vendors as an alternative set of deep pocketed acquirers. A new set of vendors bidding for this technology could further boost the valuation of what have already been hot commodities.

Recommended End User / Customer Actions

• Existing Orchestria customers should be pleased with this announcement for a couple reasons. CA is a stable, and deep pocketed home for the Orchestria technology and it has publicly committed to continuing product development on the stand alone suite of Orchestria products. Technology investments by existing customers of Orchestria products should therefore be safe.

• Existing CA identity and access management customers should also be pleased with this announcement. CA is a thought leader with regard to bringing together IdM and DLP capabilities and existing CA identity customers should look to CA for more details on exactly how the technologies can complement each other.

• Organizations shopping for DLP technology should continue to evaluate the Orchestria products, which are well regarded, particularly with respect to scalability in large enterprise applications. CA has publicly stated plans to keep the products available stand-alone.

Current Perspective

Competitive Positives and Concerns

Recommeneded Vendor Actions

| Client access - Full report in Enterprise Security | More information

Top

Gain a Competitive Edge

This Competitive Intelligence Highlight ia an excerpt from a longer, more detailed report. Clients with subscriptions can read the full report by following the Client Access links below.

Company Advisors

Enterprise Security
►	CA
►	Microsoft
►	RSA (EMC)

Market Advisors

Enterprise Security
►	Access & Audit
►	Enterprise Firewall & IPSec/Unified Threat Management

Product Advisors

Enterprise Security
►	Firewalls and VPNs
►	Integrated Client Security
►	Intrusion Prevention Appliances
►	Network Access Control
►	Secure Messaging

Free Competitive Intelligence

►	Telecom Infrastructure
►	Enterprise Technology and Software
►	Business Telecom and Wireless
►	European Business Telecom and Wireless
►	Consumer Broadband and Wireless
►	European Consumer Broadband and Wireless

More Free Competitive Intelligence

►	Complimentary Advisory Reports
►	Telebriefing Replays
►	Analyst News Flashes from Industry Shows