Startup Combines Identity Management, Access Control

Apere hopes to carve out a place in the midsize enterprise with a unique security appliance that melds identity management with access control.

Startup Apere hopes to carve out a place in the midsize enterprise with a unique security appliance that melds identity management with access control.

The Identity Managed Access Gateway takes the labor out of creating firewall policies by automatically discovering identity management information that already exists in the network and in applications and then creating policies based on that information.

"Were taking into consideration application directory, network rights and application access rights," said Ram Jayam, CEO of the San Jose, Calif., company.

"Were consolidating identities from all those and doing a cleansing process," he said. That process can identify orphaned accounts—accounts that no longer have a user associated with them—and flag the abandoned accounts to be deleted. Jayam believes IMAG is the first product to integrate identity management and access control.

"Like most entrants in that market, it depends on how you interpret both sides of that," said Scott Crawford, senior analyst with Enterprise Management Associates in Boulder, Colo. "[Apere is] doing fairly novel integration of identity provisioning. They have a very strong focus on extending more traditional identity management and making it available in appliance form factor and positioning it for the midmarket."

/zimages/5/28571.gifTo read more about identity management, click here.

While orphaned accounts can represent a big security risk, they are difficult to locate and hard to reconcile across different systems, said beta tester Blake Smith, information security officer at Childrens Hospital and Regional Medical Center in Seattle.

"For us, the biggest benefit is the time reduction. We have thousands of accounts in our systems. To reconcile them manually is an incredibly labor-intensive process. This can do a lot of data manipulation dynamically," he said.

While some industry estimates suggest that about 60 percent of active accounts are orphaned, Smith believes that percentage is closer to 40 percent for his organization.

To ensure that the information IMAG uses to block unauthorized traffic is correct, it performs a cleansing function in which it begins with a "known good list" of identities that is singled out by the customer, Jayam said. Such a list could come from a human resources directory, an ERP (enterprise resource planning) application or an implementation of Microsofts Active Directory.

IMAG, targeted at enterprises with between 500 to 1,000 users, sits between large enterprise management suites such as those from IBMs Tivoli unit or CA, which are targeted at Fortune 500 companies, and point tools for access control. The suites are too costly and difficult for medium-sized enterprises to implement, and the point tools dont address identity management, Jayam said.

IMAG, which operates as a central enforcement point for the reconciled identity management data, also provides a dashboard that allows administrators to add and delete users, make changes, see flagged accounts and create a task list. "We provide organizations with a framework for a comprehensive identity management program," said Jayam.

A library of connectors provides the links into a range of standards-based directories in different applications or systems. The library is available as an optional subscription service. The IMAG appliance and software, priced at $15,000, is due July 25.

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.