Monday, September 15, 2008
My Latest IdM Crush
At DIDW, I got a chance to sit down and chat with Eric Olden, CEO of Symplified. Symplified brings Web Access Management into the SaaS world. Their approach resonated with me immediately.
A few clients we had just been dealing with over the past weeks had "fires" that needed containing. For one client, after 48 hours of dispatching consultants, phone calls to support, and just hard core technical work, all was well...for the time being. Soon after, another client had a similar situation. Things were going down all over the place, and no one knew why. After significant investigative work, the culprits were found and dealt with. But the real culprit wasn't a person or an inopportune config change. The real underlying problem was a complex (and perhaps antiquated) IdM infrastructure put in place by a team of consultants years ago coupled with an IT team that didn't provide the identity management infrastructure the appropriate level of care and feeding. Unfortunately, this toxic combination is not uncommon in mid market enterprises.
Enter Symplified. Anyone who knows idenity knows that WAM infrastructures are rather complex. Agents, proxy servers, APIs, Policy Servers and a host of other moving parts. Eric walked me through Symplified's approach to "symplifying" (get it? i just did) this complexity. Think of a proxy based WAM architecture. Symplified provides an "identity router", which is an appliance dropped in the client's infrastructure that acts as the proxy. All traffic to protected apps get routed through the identity router, which acts as the policy decision point as well as the policy enforcement point. Identity data can be consumed from your existing identity stores. For example, you could have the router point to AD to pick up users, but policy information is stored in the router itself. So where does the SaaS component fit in? The admin interface is hosted in Symplified's SAS 70 Type II data center and allows access policies to be defined. Once completed, the policies can be pushed down to the identity router in the client environment. Symplified also provides a slick option to deliver the identity router as a virtual appliance. They call it the GTV form factor, and it can run in an existing ESX environment.
The last word: the client has less infrastructure to manage. Compare this to the number of components in your typical agent based WAM solution, and the value Symplified is providing should be pretty obvious.