Novell's acquisition strategy

Back on June 2nd, I told Novell to focus on their growing identity management business. Shortly thereafter, Novell's long-time CEO, Jack Messman, was replaced by Ron Hovsepian. Suddenly, it appears that Novell's new chief may be listening.

In an interview that most of the world missed, Hovsepian stated that "management services" were areas in which he was interested in possible acquisitions -- highlighting "identity management" as one of the key areas. On the off chance that Mr. Hovsepian is reading this blog, I've decided to help Novell out with their acquisition strategy.

Novell's list of identity-related products is already pretty long: eDirectory, Identity Manager (provisioning, delegated administration), iChain (federation), SecureLogin (client-based SSO), and Audit (logging and audit). That list of products puts Novell in the "suite" category - making their competition vendors like Sun, CA, Oracle, Microsoft, HP and IBM. Thus, any identity management purchase should provide either: A) a unique, differentiating functionality; or B) a deepening of an existing capability.

With that criteria in mind, we can begin to look through the possible categories of candidates: virtual directories, federation, provisioning, multi-factor authentication, network access control, enterprise SSO, enterprise rights management, and compliance policy enforcement.

Virtual Directories: Call it a gut reaction, but my sense is that Novell's history (as *the* directory company) will prevent it from buying a virtual directory. They'd build it first.

Federation: Novell's federation capabilities are fairly well developed; I wouldn't consider this a primary target area for acquisition.

Provisioning: I've often wondered aloud who would snap up Courion, and perhaps that would be a possibility for Novell. Courion's customer base and work in the area of role refinement make it an attractive target, but also (most likely) not a cheap one.

Multi-factor authentication: The players are many, the technologies are myriad, the space is only getting harder -- again, my gut says that while Novell will provide APIs that allow for all types of authentication, they won't directly enter the marketplace.

Network Access Control: Call this one the "dark horse" -- an area that's rapidly developing as *the* concern of the identity management customer base, but one that might not seem natural for Novell.

Enterprise SSO: I just don't see the synergies.

Enterprise Rights Management: This one could fit with Novell's larger product set, especially if the "larger" area of "management services" is the new big picture. Would it provide a growth kick to existing identity management products? Probably not as much as some other areas. Would it be a differentiator from Oracle, CA, Sun, etc? Absolutely.

Compliance policy enforcement: The front-runner for acquisition in my mind for a couple of reasons -- 1) It is clearly a major IT concern; 2) It fits with existing Novell products nicely; 3) The whole area is about innovation; and 4) As such, its full of smaller, niche players (Aveska, EpicTide, Prodigen) that could be bought for a relatively low price.

For those of you keeping score at home, the acquisition card reads: 1) compliance policy enforcement; 2) enterprise rights management; 3) provisioning; and 4) Network Access Control (the "dark horse"). Who will Ron buy? Time will tell.