One Identity Acquires OneLogin

Cybersecurity Landscape Shifts with One Identity's Acquisition of OneLogin

A new phase of consolidation is occurring within the cybersecurity sector, particularly concerning services designed to aid organizations in managing identity and access controls. One Identity, a provider of tools for implementing “zero trust” access and managing log data alongside other enterprise governance services, has announced the acquisition of OneLogin.

Details of the Acquisition

OneLogin is a competitor to established companies such as Okta and Ping in the realm of secure sign-on solutions for end-users. The acquisition officially finalized on October 1st, though the specific financial terms remain undisclosed at this time.

Currently, One Identity operates as part of Quest Software, which is owned by the private equity firm Francisco Partners. Prior to this, it was a division of Dell. Francisco Partners, in collaboration with Elliott, initially acquired Quest and associated assets from Dell in 2016, a transaction valued at approximately $2 billion.

Customer Base and Identity Management Scale

One Identity currently serves around 7,500 enterprise clients and manages approximately 250 million identities. OneLogin, prior to the acquisition, had a customer base of approximately 5,500, including prominent organizations like Airbus, Stitch Fix, AAA, and Pandora.

Following the integration, the combined entity will oversee roughly 290 million identities, encompassing both user accounts and machine-to-machine (M2M) nodes, as stated by Quest CEO Patrick Nichols.

The Evolving Threat Landscape

This merger occurs against a backdrop of escalating cybersecurity threats, driven by the increasing adoption of cloud services and the expansion of digital business operations. According to data from IBM, the average cost of a data breach is now estimated at $3.86 million, excluding the detrimental impact on an organization’s reputation and user trust.

Identity Management as a Critical Vulnerability

Identity management, or more accurately, its mismanagement, has emerged as a particularly vulnerable area. Malicious actors exploit various techniques, combining advanced technology with human error to compromise systems.

Research from Verizon indicates that approximately 70% of security breaches are directly attributable to inadequate identity management practices. The proliferation of endpoints – often devices rather than individual users – further exacerbates this risk, with Nichols noting that compromised devices are akin to stolen passwords.

Shift Towards Unified Cybersecurity Platforms

Enterprises are increasingly moving away from fragmented, point-solution cybersecurity strategies and towards comprehensive platforms that offer a unified view of system activity and minimize the potential for conflicts between different security tools.

Strategic Rationale for the Acquisition

One Identity views the acquisition as an opportunity to expand its service offerings beyond internal network management, incorporating more end-user-focused tools. Conversely, OneLogin’s customers may benefit from access to a broader, integrated cybersecurity platform.

Nichols emphasizes that organizations are seeking both increased efficiency and compliance with evolving regulations. The complexity of managing numerous cybersecurity components poses a challenge to maintaining system resilience and meeting regulatory requirements.

Statements from Leadership

Brad Brooks, CEO of OneLogin, stated that joining One Identity will accelerate growth and provide enhanced value to customers. The combination of OneLogin’s unified platform for workforce and Customer Identity and Access Management (CIAM) with One Identity’s Privileged Access Management (PAM) solution will create a comprehensive identity security platform.

Future Consolidation in the Cybersecurity Market

Further mergers and acquisitions are anticipated in the cybersecurity space. Okta has been an active acquirer, and several independent companies specializing in various aspects of identity management remain potential targets, such as Jumio.

Comprehensive Service Portfolio

The combined company will offer a wide range of services, including: Privileged Access Management (PAM), Identity Governance and Administration (IGA), Active Directory Management and Security, and Identity & Access Management (IAM).

Bhagwat Swaroop, president and general manager of One Identity, highlighted the growing importance of identity as a security perimeter, particularly with the rise of cloud computing, remote work, and the increasing number of human and machine identities. He stated that integrating OneLogin into their cloud-first Unified Identity Security Platform will enable customers to correlate all identities, verify access requests, and gain real-time visibility into suspicious login activity, ultimately strengthening their cybersecurity posture.