Startup Apere Combines Identity Management, Access Control

Apere's new Identity Managed Access Gateway (IMAG) is being sold exclusively through channel partners, executives at the San Jose, Calif.-based company said.

"We're spending a lot of time with each partner to educate, empower and support them," said Ram Jayam, Apere president and CEO.

IMAG is designed to meet the security and compliance needs of midmarket customers, said Jared Hufferd, vice president of business development and sales at Apere. "Companies and IT directors have a big problem to overcome. They need to provision access to applications with sensitive data to many different types of users ... and they have to balance that with security," he said.

Though products from vendors such as CA, IBM/Tivoli and Oracle provide some of the same functionality, they do so at a hefty price tag that's well out of the reach of midsize businesses, according to Hufferd. With IMAG, partners can build solutions to centrally monitor and manage identity information tied to various applications and housed in disparate locations across customer networks, he said.

IMAG automatically locates all of the identity stores and creates a correlated, "clean" list of user identities and access rights. Customers then can use IMAG for centralized provisioning to create new users or shut down inactive users.

"It really answers what some of these directory technologies promised to deliver," said Jerry Ketterling, president of Enterprise Systems Solutions Inc. (ESSI), a security consultancy based in Bellevue, Wash. "You have multiple directories and have never been able to get them into a single directory to control access." With IMAG, customers can monitor and manage multiple directories as one, he said.

ESSI plans to use IMAG as a tool when it provides security audit services, and the solution provider also sees the opportunity to resell the appliance to customers, Ketterling said. "It takes on the role of a consultative sale, as most new technology like this has a reasonably steep learning curve," he said. "It's not that the technology is difficult to use, because it's not. It's just a change to how customers manage their directories."

For instance, customers might be used to watching six to eight different directories, each with its own tools, whereas with IMAG they can go to one place to track everything, Ketterling said.

In terms of access control, IMAG includes an identity-based packet filtering firewall that blocks users from accessing applications they don't have rights to access. IMAG's Adaptive Access Control feature enables the appliance to interact with current network authentication mechanisms without interfering with them, a capability that Ketterling called "the holy grail."

"Customers are skittish about anything that changes their authentication structure because if there's a flaw, it can ripple across the enterprise," he said.

IMAG comes with native adapters for many popular network directories--including LDAP, RADIUS and Samba--and Apere also is offering Connector Factory to provide connectors to applications from vendors such as PeopleSoft, SAP and Siebel (now part of Oracle). In addition, channel partners can use Connector Factory to craft custom connectors for legacy applications.

IMAG is available now starting at $15,000. Connector Factory is available via an annual subscription of $7,500.

Apere is starting with a small group of channel partners--three as of Monday's product launch--and several more poised to sign on this week, Hufferd said. The company plans to add several dozen more partners over the next several months.

Apere's three-tier channel program includes a deal registration element that provides up to 35 percent margins on registered sales opportunities.