Identity 2.0 Validates Users At Packet Level

Most of today&s identity management technology focuses on entry to the network and does little for individual applications. While verifying that individuals have proper access to the whole network is an important service, losing control of the individual application access can still be a significant problem.

Trusted Network Technologies (TNT) has set out to solve that concern. The Alpharetta, Ga.-based company has rolled out its Identity 2.0 platform as a means of validating identity down to the packet level. Identity 2.0 consists of a combination of software and hardware that integrates with an existing user directory structure.

The product focuses on who is doing what, when and where on an IT system, and combines that information with policies to control interactions among users, applications and IT assets. Unlike some other identity management solutions, TNT secures the whole process, soup to nuts.

TNT breaks identity management into a four-stage process: discovery, monitoring, enforcement and auditing. During the discovery phase, the product clearly identifies the topology and data access process. That information then is translated into a graphical representation of what is happening on the network. From there, policies and baselines can be developed.

The monitoring process determines who is doing what and why. That information is used to build a data model of user-to-asset relationships. All network flow, including LDAP, active directory and DHCP events, is monitored. The core data is gathered by installing software-based network sensors on critical data assets. Identity 2.0 then can build an enterprise view of user access.

As the name implies, enforcement is all about controlling access. The enforcement module uses policies to drive access control to the various infrastructure elements. What&s unique about TNT&s approach is that identities are treated as a virtual representation of a user identification badge. That virtual badge is associated with the user and controls where he or she can go on the network, regardless of entry point. That means identity management can be extended to non-corporate PCs, including remote locations, Internet cafs and customer or associated sites, without the need for an external key management system.

The auditing process gives the company the ability to prove compliance by delivering precise reporting on user interaction. Audit reports detail complete user access events, which can be used for proof of compliance for legislative driven businesses. The reporting is based upon the user&s assets access, which gives the administrator a focused view of the user&s activity.

Identity 2.0 comprises three distinct parts: The I-Gateway hardware component is a 2U device that sits behind the firewall and is responsible for all identity processing and logging. An identity driver, which resides on the workstation that&s in use and can be automatically pushed down to a PC when a user logs in, has the unique task of modifying each data packet based upon the user&s identity. This creates an unalterable identity-driven session with the I-Gateway. Finally, the sensor is installed on the managed IT resources and monitors user access to applications. All of these individual elements are built to work together and are combined to drive the I-Manager interface. As a Web-based application, I-Manager leverages graphical interpretations of IT elements and provides a drag-and-drop interface to quickly build relevant policies and reports.

TNT has built redundancy into the I-Gateway hardware, with features such as dual power supplies, optional clusters and hot standby units.

TNT&s unique approach to solving the identity dilemma brings several benefits to the table. First, in many cases, Identity 2.0 could replace a corporate VPN. Second, the powerful reporting can be used in lieu of other third-party auditing tools. And third, the solution can become the backbone for meeting legislative requirements set forth by laws such as Sarbanes-Oxley and HIPAA.

As a channel-centric vendor, TNT offers several advantages to its partners. Its channel program offers three partner levels: Silver, Gold and Platinum. All levels are entitled to a 10 percent standard discount on products, while additional discounts of 15 percent to 30 percent are offered based upon level of commitment and certification status.

TNT generically defines five areas of business with certain requirements that prospective partners will need to meet to be eligible for one of the associated levels: sales capability, marketing expertise, technical focus, proficiency and customer care. Silver partners need to possess the basic sales and technical resources to resell the product line. Certification is not required, and they have access to dedicated Web-based support and sales services.

Gold and Platinum partners are required to have a much higher commitment than Silver partners, with certification, training and support goals to meet. Gold partners are assigned a regional channel manager to help validate and close deals. Platinum partners are promised leads and channel-sales efforts directly from the TNT sales team.

TNT has reported 100 percent retention rate of partners, which bodes well for a company selling a single product line.

Qualified solution providers will find navigating TNT&s channel program straightforward, and those VARs with applicable expertise should be able to obtain one of the levels without too much trouble.

TNT&s combination of a unique technology along with a channel program that is easy to navigate, promises to bring profit and long-term revenue opportunities to those channel partners willing to put some effort behind explaining the technology and implementing Identity 2.0 as a complete identity management solution.