Identity Management: The Next Big Thing

However, it wasn't until I received an eye-opening briefing from identity-appliance vendor Infoblox the other day that I really got turned on to the possibilities of this rapidly emerging area. Infoblox vice president of marketing Richard Kagan, who joined last year from venerable network-security vendor Fortinet, was the first person I've heard who was able to take the discussion beyond the buzzwords and articulate just why this area is so vitally important.

In doing so, he made me realize two things. First, if you're a solution provider involved in security at all, you'd better consider diving into the identity arena before it passes you by. Second, and more subtly, I've come to the conclusion that -- the rapid deployment of virus software, spam blockers and security appliances notwithstanding -- we're still in the early phases of the security market. As such, we're bombarded by hundreds of point solutions in dozens of separate security fiefdoms. There's antivirus software, spam blockers, threat managers that monitor attempts to breach the network, information managers, and access and authentication controllers.

Eventually, these disparate security silos will get corralled into highly integrated solutions. (In a harbinger of this trend, we're already finding "pest" controllers, which combine antivirus and pop-up blockers in a single package. And Computer Associates, which fields a large number of separate security programs, does a nice job of conceptually integrating all of them under the umbrella of its eTrust brand.) But for now, it pays for VARs to develop discrete, identity-management expertise.

Which begs the question, just what is identity management? It's the authentication, authorization and tracking of users on an IP-based network. In technological terms, this plays out as a real-time database problem. Identity-management software has to store information about all the users who have access to the network, along with what level of access they have. At the same time, the software has to be aware of what systems are on the network. This used to be a static problem, but with the immense growth of wireless access, it's no longer an afterthought. As individual users attempt to log on, the identity-control software essentially has to verify they are who they say they are, hook them up with the appropriate level of access and track their activity.

To the technically sophisticated, this involves lots of monkeying around with key network-identity infrastructure services, such as DNS, DHCP, RADIUS and LDAP.

To the socially conscious, it's a sign that the Wild West-like Internet of the 1990s has given way to a post-9/11 mentality where security is king.

Indeed, a big impetus for identity management comes from Washington, which has passed regulations such as Sarbanes-Oxley and HIPAA. These force companies to keep detailed records on when, where and by whom corporate and medical records are accessed.

Most VARs will deliver identity management to their customers via software. Along with Novell and CA, vendors offering packages include CriticalPath, IBM Tivoli, Microsoft, Sun, Netscape, Oracle, Siemens and the open-source community's OpenLDAP effort. (In addition, BMC Software just got into the field, with its acquisition of Calendra.)

For its part, Infoblox, which is beginning to build a channel program, is one of the few vendors that has folded identity management into hardware in the form of a standalone, network-edge appliance. (Start-up Imprivata is another.) More appliances are sure to follow. Whether you deliver identity management in hardware or software isn't of overriding important at this point (as I noted above, eventually they'll get integrated with other security stuff, anyway). What's important is that you get on board the identity-management bandwagon now.

"There's a tremendous opportunity," Kagan tells me.

Ultimately, the industry will move to the dial-tone-like availability of identity services, Kagan believes. So maybe now's the time to pick up the phone and hook up with one of the many vendors with identity-management expertise.