Oracle is positioning its security business as a key part of Project Fusion, with which it intends to take on IBM for control of Global 2000 companies’ enterprise infrastructure.
Although the supplier has had its own identity management product for some time, it took its first step towards becoming a serious player in the space in May 2004 when it bought federated identity management supplier Phaos.
This was followed 10 months later by the acquisition of extranet access management provider Oblix, and in November 2005 by the purchase of user provisioning supplier Thor Technologies and virtual directory supplier OctetString.
These offerings have since been integrated into a new standalone identity management suite, which is looked after by a dedicated product development, sales and service team and sold predominantly into the Oracle installed base.
In an exclusive interview with Computer Weekly, Prakash Ramamurthy, Oracle’s vice-president of security products, explained the impetus behind the company’s spending spree.
“Oracle is very serious about identity management and security and you’ll see this focus continue because it’s a core piece of the Fusion middleware story,” he says.
This is important because the company is now positioning Fusion as one of the three key elements of its business alongside its database and applications.
Ramamurthy says, “For a middleware platform to be complete, it needs to offer identity as a service. That’s crucial when competing against other middleware suppliers, such as IBM.”
The aim, on the one hand, is to enable customers to integrate component-based identity and asset management code with third party applications as part of a service oriented architecture (SOA) deployment.
“Identity as a service is an area we’ll be focusing on when we provide our next generation identity management product. Whether we’re talking about authentication or authorisation, it will be available as a service so that you can plug it into an SOA,” Ramamurthy explains.
Other services will include business orchestration to manage business policies and portal technology for collaboration purposes.
But the other driver is to remove application-based ‘identity silos’ by introducing a unified infrastructure that will be more integrated and transparent than Oracle’s current suite of products and, therefore, easier to manage.
As a result, Oracle’s next generation of applications, which are to be written on top of the Fusion middleware, will all include functions such as single sign-on and provisioning. Fusion middleware will also be sold to customers so they can write customised applications with standards-based security built in, says Ramamurthy. Such deliverables are expected sometime in 2008.
Ramamurthy says, “If a customer is writing an application with personalised content for a given user group, for example, they need to find out who those users are and to understand their role, and identity management helps them do that. It also keeps the information accurate by storing it in a database or a directory.”
Although he refused to elaborate on how much the supplier had spent so far in adding this piece of the puzzle to the Fusion jigsaw, he did indicate that the move would “take us head-to-head against IBM”.
“We want to control the infrastructure in the same way that IBM does, but the big difference with us is that we want to work with the investment that the customer has made. This means that if there are pieces of Fusion where IBM is working with us, our entire middleware will work with it. It’s not an all or nothing proposition,” says Ramamurthy.
As a result, it will be possible for customers to deploy pieces of Fusion in a piecemeal fashion alongside other suppliers’ offerings in a way that Oracle dubs ‘hot-swappable’.
“So if a customer wants to deploy elements of Fusion, but already has an identity management platform in place, they can leave it as is. That way both Oracle and the customer win,” says Ramamurthy.
But the supplier’s ambition does not necessarily stop there. Although Ramamurthy refuses to provide details, he does indicate that the move into identity management was only a first step, with initiatives to “extend our security footprint” likely to be announced over the next couple of quarters.
“We’ll grow the security business both by acquisition and organically. We’ve now got a complete identity management suite and will continue to invest to provide customers with what they need for the next two to three years. But we’re also looking at other areas of security, and identity management is the first step in creating a broader security solution,” Ramamurthy concludes.