Beginning the N-IdM and A-IdM convergence
by Eric Norlin, Digital ID World
Wed, 2007-03-07 16:44

So, let me get my terms defined:

"A-IdM," or "Application Identity Management": What is traditionally thought of as "identity management"; those systems that abstract the management of identities that live within the application layer; includes things like web-sso, provisioning, password reset, federation, etc.

"N-IdM," or "Network Identity Management": What is traditionally thought of as "network access control," or more properly, "identity-based network access control"; has alternatively been called NAP or NAC (with "admission" not "access"); N-IdM is characterized by offering "post-admission" capabilities, and not simply "device health checks."

Whew! With those terms in mind, its important to note that while A-IdM has been the growth area in identity for the past five years (and is continuing to grow), N-IdM has emerged in the last few years as the new growth kid on the block.

Here's the rub: A-IdM and N-IdM have traditionally been controlled, implemented and adminstered by different functional roles within the enterprise -- with folks responsible for applications being concerned with A-IdM, while the "network guys" worry about "N-Idm." However, "identity" as an organizing paradigm that is spreading through the entire network (both internal and external to the enterprise) doesn't make these kinds of distinctions.

Which, of course, leads us to that all-too-familiar topic of "convergence."

We've been watching for early signs of A-IdM and N-IdM convergence, and when I was recently briefed by Apere, I got my first glimpse.

Apere recently released their "Rapid Connector" framework -- an appliance aimed at getting enterprises up and running (no matter what their applications are) on Apere's IMAG ("Identity Managed Access Gateway") appliance. Now, I don't mean to downplay this product release, but the thing that *really* stood out for me as Apere's CEO took me through the briefing was the fact that their implementations are actually *bridging* the application and network layers. Convergence!

This move is quite significant in the grand scheme of things, as Apere is beginning to discover *where* and *how* this convergence of the application and network layers is valuable. The answer shouldn't be surprising - its at the mid-size enterprise level -- at companies that don't have the need or desire (read: budget) for a full-blown A-IdM system. Accordingly, Apere is quickly building a customer base in the healthcare industry -- a vertical that's ripe for this kind of product.

Will Apere's products spur on changes with the giants in the A-IdM space? After all, folks like BMC and IBM have been targeting the mid-level enterprise for over a year. I'm betting that it will. Mid-size enterprise don't think in terms of the application layer and the network layer, they think in terms of solving a problem quickly and at the right price point.

More broadly, all of this points to how identity is now moving "downstream," as it becomes a standard piece in the architecture of mid-size companies. And that, my friends, tells us that the identity marketplace is maturing and about to hit a really significant growth spurt.

» read more from Eric Norlin | post a comment
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
* Denotes a required field
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast