Security Firm Gets $12 Million

Red Herring ^ | May 27, 2006

[nickcarraway]

Funding comes as companies look to identity-driven authorization to boost network security.

Applied Identity, a startup specializing in network security controls, announced Friday it raised $12 million in a second round of funding, reflecting the growing demand for tools that help companies track precisely who is accessing what network data at any given time.

The Series B round was led by OVP Venture Partners, based in Portland, Oregon, and Seattle. Previous investors in the company—Bay Partners, Sigma Partners, and Globespan Capital Partners—

also participated. Applied Identity has raised a total of $23 million in venture funding since the company was formed in 2003.

The additional funding will be used to expand sales and marketing efforts and to launch additional products, the company said in a statement.

Applied Identity, a 35-employee operation based in San Francisco, is one of a growing number of companies that offers identity-based security controls. Others include San Jose, California-based Caymas Systems and Trusted Network Technologies, based in Atlanta.

‘It picks up your identity at the gate and then it walks with you through the network, so it’s a much stronger layer of protection.’

-Dave Fachetti,

Globespan Capital Partners

The guiding principle in network security has traditionally been to have a “hard and crunchy exterior with a soft and chewy center,” said CEO Brian Nugent. But with increased security demands, chief information officers and chief security officers are beginning to see that this may not be enough to protect networks.

“You have to make it hard and crunchy all the way through,” he said. “We’re providing the crunchiness in the middle, if you will.”

Hot Market

Until recently, companies used firewalls and switches to build a secure perimeter for their networks. However, virtual private networks and other types of remote access technologies have begun to dissolve the perimeter.

Applied Identity builds a layer of protection onto the existing perimeter by controlling access to data once a user is admitted to the network. Applied Identity uses identity, not IP addresses, to monitor and track user access.

The company’s technology uses security information management (SIM), security event management (SEM), or log management system (LMS) to give administrators detailed information that can be used to track user activity on the network.

“It picks up your identity at the gate and then it walks with you through the network, so it’s a much stronger layer of protection,” said Dave Fachetti, a managing director at Globespan Capital Partners based in Boston.

Applied Identity is part of a trend toward network admission controls and identity access management.

Growing Adoption

Stacey Quandt, research director with Boston-based AberdeenGroup, said she sees growing adoption around identity management, access controls, encryption, and the ability to perform role-based access.

The move is being driven in the United States by government regulations like the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act, and by the need to comply with corporate policies, she said.

“There are 20 different laws in states in the United States, and then obviously in the E.U. and in other countries, so this is a growing issue,” said Ms. Quandt. “The idea of authenticating with a password and a username is not sufficient to protect information.”

Mr. Nugent said that Applied Identity helps companies meet heightened security standards.

“All of the corporate governance that deals with access control pretty much has two common underpinnings: they all require role-based access controls and they all also require identity-based audit trails,” said Mr. Nugent. “That’s precisely what you get with this type of a solution.”