“We’re confident our IDaaS offerings will redefine the way identity management is consumed….and that it will be a very welcome game change”

This interview was made possible by our friends at DomainNameSales.com:

 

The marketplace for domain names.

Victor Barris is the founder and CEO of Identropy. Victor has been in Information Technology for over eighteen years in various capacities ranging from Business Development, Sales and Marketing. Prior to Identropy, Mr. Barris was Executive VP at CRT Group, where he grew the Security Practice to impressive triple digit YTY growth. Earlier in his career, Victor was in consulting, specializing in enterprise systems architecture and information security, working with firms such as Andersen Consulting, IBM, Baltimore Technologies, JP Morgan and Bear Stearns.

Identropy is a leading provider of Identity and Access Management (IAM) services that enable organizations to derive maximum value from their IAM initiatives in the most cost-effective manner.

MO: Can you explain to our readers how Identropy works?

Victor: We provide the entire end-to-end lifecycle of IAM. We do this by offering three core services. Our Advisory Services help those planning an IAM deployment to understand and navigate all the complex and sensitive people, process and technology issues that are part and parcel of IAM. We provide Implementation Services for those companies that want our help with deployment and systems integration. Our Managed Identity Services, or Identity-as-a-Service (IDaaS) offering is where we are truly innovating. We call our managed services platform SCUID, which stands for Secure, Co-Sourced Unified Identity, and has two flavors. SCUID Operations is a Management platform, a Cloud-based console that enables our customers to gain valuable management, metrics and reporting capabilities for their deployed IAM platform. We launched SCUID Operations in 2011 and exceeded our internal expectations on how many paying customers we would close this year. In 2012, we will be launching SCUID Lifecycle, a full-fledged IAM managed service offering tailored to our customers’ needs. It’s a Cloud-based service but the big “a-ha” is that it can be structured in a variety of ways: we can manage our customers “on premise” or onsite IAM initiatives; they can host it totally with us, or any combination in between.

This is a very compelling value proposition, especially to our target market, which we define as the mid-market – companies in the 1,000-20,000 person range. The reason why ongoing managed services are so critical to that market is because the mid market has made significant IAM investments in the past few years, – think $500K-$1 million per deployment – and will continue to do so. Despite that investment, they don’t have the resources or expertise to provide the ongoing nurturing care and feeding that IAM requires.

When our customers move with us from Advisory to SCUID, they reap the maximum benefit. It’s a true win/win because via our Advisory engagement, we become uniquely familiar with our customers’ IAM challenges. From there and we can either assist with a technology evaluation and implementation, which, if they choose to do that, they almost always have us assist with the deployment. Or, they can have us manage it for them, which once we launch our full fledged IAM service (SCUID Lifecycle) can get their IAM initiative up and running in half the time and at around half the cost.

MO: What are the advantages for a company to have all aspects of their Identity and Access Management services managed by a company like yours?

Victor: On the Advisory and Implementation sides of the business, our expertise helps our customers navigate the technology and business process issues that arise with any IAM deployment. Because we are dealing with digital identity, it touches every single person; you are basically automating who has access to what across the entire company.

In some cases, those entitlements are very granular or complex and require some thought – what does this person really need access to and why? What are the chances of that changing over time? Are we giving too much or too little access? Are we doing it in a way that can be properly audited and in line with any regulatory requirement’ and/or internal best practices?

When you centralize and automate IAM you are linking an IAM system to potentially hundreds of applications. There are always, and I mean ALWAYS unexpected or unanticipated process, network architecture, political and regulatory issues to work through. If you have never done it before half the things that you end up having to deal with you would have never thought about it. Then, you have issues like “dirty data,” connecting to applications that have not been updated or have issues that need to be solved before you can proceed, or other unanticipated tech issues that can cause delays

Having a guide through that keeps people from losing sight of the forest through the trees. The time and cost savings vary from company to company, but being able to identify problems before they occur has saved some of our customers millions of dollars.

And that’s just at the onset – IAM is highly dynamic. In fact, out first managed service, SCUID Operations helps our customers to not only track and manage those changes, but to understand their business implications. As we expand our managed services offerings, we can take on as much or as little of their IAM as they want us to. Given how problematic IAM is for so many clients, we anticipate that they will want us to own it.

MO: Cloud based services are moving from the fringe to the mainstream. Are most of your clients comfortable and up to speed on implementing this new technology with something as significant as their identity management or can there be some resistance?

Victor: Yes, most of our customers have an understanding of what the Cloud is all about. There can definitely be some resistance because people are nervous about storing their sensitive data- including identity data – outside of the enterprise. While there are security and regulatory concerns, we have not found those issues to be an inhibitor. In fact, specific to the way we are running today, there are no concerns there because with SCUID Operations we are not holding any identity data off premise.

As we expand our offerings to include full turnkey Cloud-based services, we can ensure that any data stored in the cloud is secure and complaint, because we can control how the security and compliance posture is structured. With all the attention by the Cloud Security Alliance and others on getting Cloud security right, we have the ability and opportunity to create Cloud environments that are architected for maximum security and don’t have all the issues – such as legacy technology issues or political infighting – that often come into play in enterprise environments.

MO: What’s one site you visit every day that you couldn’t live without?

Victor: If you would have asked me last year, or even a few months ago I might have said security sites like SearchSecurity.com, ISACA, ISSA, CSA (for anyone interested in Cloud Security), and various identity management blogs. Given my recent focus on closing Identropy’s series A, I have been spending a lot of time on sites like, Inc.com, the Funded on Tech Crunch, Marc Suster’s blog and Brad Felds’ blog – Both sides of the table, and other entrepreneurial reads.

MO: What company accomplishment are you most proud of so far?

Victor: The standout accomplishment for this year is that we completely bootstrapped the transition from being a consulting firm to an IAM solutions provider, with 10 paying customers on our managed services platform. The fact that we the launched of our first managed service while carrying a full, booming advisory practice – while seeing double digit year over year growth for the past two years – well, I’m extremely proud of that.

MO: What can we expect next from Identropy?

Victor: By the time the interview is published we will have announced our series A funding, $4 Million from two well known VC firms. We decided to close on funding in order to execute on our vision for Managed Identity Services, a market that we call Identity Management -as-a Service (IDaaS)

In addition to ongoing expansion across all of our current lines of business, people can expect a world-class, robust, “cradle to grave” IAM managed service offering. Few will argue that there is plenty of room for innovation in the world of IAM. We’re confident our IDaaS offerings will redefine the way identity management is consumed. If the response to SCUID Operations is any indication, it will be a very welcome game change.