I’m expecting that 2009 will be full of acquisition news, some of it sad, because it will mean that promising companies have found the economic environment too tough to bear. So, some of it will be fire sale activity and some of it will considered business logic behind it. The acquisition of Orchestria by CA, which was announced on January 5th is of the latter category. In fact my guess is that CA would have sought this acquisition irrespective of the business environment.

Looking from the outside, it seems to me that CA’s trail of acquisitions have been remarkably successful since the acquisition of Netegrity in 2004. CA used to be a place where good products went to die – a kind of elephant’s graveyard for software. In fact, when Computer Associates (as it was once called) acquired a company, you could hear champagne corks popping in the board rooms of all its competitors.

Those days are gone. CA now acquires for market position. It is dominating the Product Portfolio Management market with Clarity to an almost embarrassing degree and it’s acquisition of Wily Technologies has put it in pole position in the web application management market and there are other successful acquisitions too. John Swainson has turned CA into fertile territory for acquired products.

CA and Orchestria

Orchestria describes itself as a provider of data loss prevention (DLP) solutions. That’s not an elegant acronym to my mind, or an elegant description of the technology area, so for the sake of simplicity I’ll describe the problem Orchestria seeks to solve:

In its use within and between systems, including its movement through networks via email or as raw data, information is open to abuse or misuse – in the sense that it can be:

1. Stolen
2. Exposed to the possibility of theft.
3. Deliberately or accidentally changed, in violation of policy.
4. Have its privacy compromised.
5. Be inadvertently misused (e.g. accidentally emailed to the press).
6. Deliberately misused (e.g. deliberately emailed to competitors).

So, Orchestria protects sensitive data against misuse and abuse throughout the network, allowing for definitive policies to be defined in respect of information.

This has been an area of technology that I’ve been watching ever since Sarbanes Oxley spawned a software compiance industry. What amused me about this nascent industry was that, utimately, it is very difficult to properly enforce usage policy on data. So all the products I came across in this area offered a partial service. They protected the data in some contexts sometimes. There were two reasons for this:

• In most computer networks, identity management is not implemented extensively enough to ensure that you know for sure who is doing what to any specific item of data.
• In most computer networks, there is no global scheme for data to be able to self-identify. If you don’t have a data identification scheme, you don’t know which data needs to be protected, never mind whe to protect it. In truth, it wasn’t actually possible to have a data identification scheme at all until the invention of XML. Now it’s possible, but usually it’s missing completely outside of document management systems and databases.

Aside from the fact that CA has expanded its software portfolio slightly, the importance of the Orchestria acquisition is in the fact that it is hugely complementary to CA’s IAM ID Management products, which are themselves market leaders. So the acquisition is synergistic. It should create greater opportunity for IAM  and for Orchestria, and it should be possible to combine them into a broader security platform than is offered by any competitor products.

This is one area of the IT industry that may be recession proof to a degree, since the perceived need for regulation and compliance throughout the economies of the world  has risen up like a tidal wave  following the embarrassing regulatory failures of Wall St and the banking industry. There will be areas of the IT industry that suffer badly in the coming year, but I doubt if DLP will be one of them – even if it does have a goofy acronym.