Instant Insight

January 22, 2002


IBM and VeriSign Ink Internet Security Alliance


By Charles King

IBM and VeriSign have announced the signing of a technology, services and marketing alliance. Under the multi-year agreement, the two companies plan to collaborate on Web technology, infrastructure and security, integrate key technologies and market new and enhanced services to their customers. As part of the agreement, IBM and VeriSign will:

®       Develop and market a new Entitlements Management Service based on Tivoli Policy Director, IBMís security management and access control software. Implemented with VeriSignís Hosted Services technology, the new service will combine online authentication; digital credentialing and signatures; and signatures, authorization and policy management with dynamic updating of customer and partner information.

®       Leverage IBM Global Services to coordinate consulting and integration services with VeriSign. VeriSignís Consulting Services network of affiliates will cooperate to provide managed services and support for companies implementing public key infrastructure (PKI) solutions.

®       Collaborate to advance key security standards, including SAML and XKMS for enabling dynamic Web services. IBM plans to embed XKMS into and leverage SAML in Tivoli Policy Director.

®       Deploy IBM server and software infrastructure components in VeriSignís IT infrastructure, including IBM eServer pSeries and xSeries systems.

The new alliance is designed to provide customers computer security options ranging from stand-alone software to managed software services delivered as a utility service over the Internet. Tivoli and IBM Global Services will begin offering VeriSignís PKI solutions to their clients immediately.



The jointly developed Entitlements Management Service is scheduled for availability in mid-2002. No pricing for products or services was released



While there is no shortage of publicly announced alliances in the technology sector, this agreement is notable for a number of reasons, the first of which might be called the 600 Pound Gorilla Factor. Given the companyís aggressive development of PKI technologies and associated online authentication and credentialing solutions, and its continuing management of Web domain names, VeriSign has maintained primacy in its areas of expertise, despite the efforts of competitors such as Entrust and Baltimore Technologies. On the basis of sheer size alone, IBM has long been the alpha player in enterprise computing, but over the past two years the company has become scarily efficient at entering new (or sometimes re-entering old) business sectors and seizing turf. Put the two behemoths together with a well-engineered agreement to make sure they play nice, and one can behold an alliance with tectonic potential for the rest of the market.

That said, what does this agreement mean for the principals, their customers, their competitors and the rest of the market? From a purely practical standpoint, VeriSign looks to be the biggest potential winner here, at least over the short term. The alliance provides a measurable method for opening the doors of IBMís reported 20,000+ business clients to VeriSign PKI solutions, and puts those products into the hands of IBMís Global Services sales reps that have seldom (if ever) been accused of being shy or retiring. But IBM should also see real benefits since pairing with VeriSign allows the company to go directly to market with well-known and established security products at a time when the world in general and businesses in particular are feeling especially insecure.

For customers and the market the news should be largely good, though the proof, as they say, is in the pudding. On the surface, the IBM/VeriSign deal would provide IBM customers immediate access to security products whose capabilities are known quantities. VeriSignís clients, especially those who use IBM products, may see some performance enhancements as the companies work together to optimize their solutions. That optimization, of course, is the previously mentioned pudding. The technology realm has witnessed countless proclamations of undying friendship fall silent in unmarked graves. How well the IBM/VeriSign deal will play out remains to be seen, but in the end the best thing about the agreement may be its sheer magnitude. This fact may inspire the principals to do their best to keep the thing alive and kicking since sweeping it under the rug would prove logistically difficult in the extreme.

The news may not be so good for the competition. If the agreement pans out as planned, it puts a few more arrows into IBMís already potent enterprise quiver. Additionally, the part of the deal that makes IBM pSeries and xSeries servers and software part of VeriSignís infrastructure will likely be regarded as a black eye for Sun Microsystems, which was VeriSignís previous server vendor of choice. PKI solution vendors including Entrust and Baltimore Technologies have little to cheer them in the deal, though the alliance may inspire other infrastructure hardware vendors to consider similar deals with security ISVs. There is also the possibility that IBM and VeriSignís willingness to work together might have unintended consequences, especially in the areas of driving standards-based systems and open development. At its heart, this deal is a Web services play, and the Web services arena has been host to some ugly wrangling of late, especially between Sunís Liberty Alliance crowd and Microsoftís .NET. Given the relationships Microsoft maintains with both IBM and VeriSign, and the two companiesí commitment to industry standards and open development, we wonder how the folks in Redmond will respond.

Lastly, let us consider the IBM/VeriSign dealís hosted services angle. As we have said before, we believe in Service Computing, the notion that business computing infrastructures and access devices will soon be able to provide computer applications as Web-based services similar to utilities such as telephone and electricity. This ainít your Grandmaís ASPs, but will instead be highly flexible computing capabilities that can be scaled and adapted to virtually every need. IBM dubs this Commercial Grid Computing, and while we might differ on terms, we agree completely with its assumptions. In its ultimate incarnation, this alliance could provide a rigorous testing ground for delivering applications via the Service or Commercial Grid Computing infrastructure. Ultimately, we believe that this would outweigh whatever financial and business benefits the deal might deliver to IBM and VeriSign in the near term.

The Sageza Group, Inc.

900 Veterans Blvd, Suite 500
Redwood City, CA 94063-1743
3660700†† fax 6506492302
Europe (London) 44∑020∑7900∑2819

Copyright © 2002 The Sageza Group, Inc.
May not be duplicated or retransmitted without written permission