So, let me get my terms defined:
"A-IdM," or "Application Identity Management": What is traditionally thought of as "identity management"; those systems that abstract the management of identities that live within the application layer; includes things like web-sso, provisioning, password reset, federation, etc.
"N-IdM," or "Network Identity Management": What is traditionally thought of as "network access control," or more properly, "identity-based network access control"; has alternatively been called NAP or NAC (with "admission" not "access"); N-IdM is characterized by offering "post-admission" capabilities, and not simply "device health checks."
Whew! With those terms in mind, its important to note that while A-IdM has been the growth area in identity for the past five years (and is continuing to grow), N-IdM has emerged in the last few years as the new growth kid on the block.
Here's the rub: A-IdM and N-IdM have traditionally been controlled, implemented and adminstered by different functional roles within the enterprise -- with folks responsible for applications being concerned with A-IdM, while the "network guys" worry about "N-Idm." However, "identity" as an organizing paradigm that is spreading through the entire network (both internal and external to the enterprise) doesn't make these kinds of distinctions.
Which, of course, leads us to that all-too-familiar topic of "convergence."
We've been watching for early signs of A-IdM and N-IdM convergence, and when I was recently briefed by Apere, I got my first glimpse.
Apere recently released their "Rapid Connector" framework -- an appliance aimed at getting enterprises up and running (no matter what their applications are) on Apere's IMAG ("Identity Managed Access Gateway") appliance. Now, I don't mean to downplay this product release, but the thing that *really* stood out for me as Apere's CEO took me through the briefing was the fact that their implementations are actually *bridging* the application and network layers. Convergence!
This move is quite significant in the grand scheme of things, as Apere is beginning to discover *where* and *how* this convergence of the application and network layers is valuable. The answer shouldn't be surprising - its at the mid-size enterprise level -- at companies that don't have the need or desire (read: budget) for a full-blown A-IdM system. Accordingly, Apere is quickly building a customer base in the healthcare industry -- a vertical that's ripe for this kind of product.
Will Apere's products spur on changes with the giants in the A-IdM space? After all, folks like BMC and IBM have been targeting the mid-level enterprise for over a year. I'm betting that it will. Mid-size enterprise don't think in terms of the application layer and the network layer, they think in terms of solving a problem quickly and at the right price point.
More broadly, all of this points to how identity is now moving "downstream," as it becomes a standard piece in the architecture of mid-size companies. And that, my friends, tells us that the identity marketplace is maturing and about to hit a really significant growth spurt.
