Open Source

ForgeRock Welds New Identity Management Links

Scott McNealy co-founded Sun Microsystems and led the company for many years, along the way changing the face of servers, workstations, operating systems, networking, the web and productivity applications. And yet he was fascinated by another quest.

“I always felt that establishing who’s who, what’s what and who gets access to what is the Holy Grail of modern IT, and a way to solve a lot of problems and make a lot of money,” he says in a separate interview. Today, McNealy acts as an advisor to ForgeRock, a single sign-on (SSO), identity and access management company with its roots in Sun.

When Sun agreed a sale to Oracle five years ago, the writing was on the wall for what was an open source stack based on OpenSSO. So four-and-a-half years ago ForgeRock emerged with the plan to build on OpenSSO (under a new name OpenAM), provide a transition path for Sun customers not convinced by Oracle plans, and offer a modern alternative to companies using aging proprietary platforms.

Founded in Norway and now with 170 staff (many of them Sun alumni), ForgeRock is designed to appeal to big companies in markets like telecoms, government and financial services that were Sun’s power bases. It is based in San Francisco but has offices in Oslo as well as Bristol, England and Grenoble, France. Customers include, Thomason Reuters and the Norwegian government and the business model is classic commercial open-source with support, services and training bringing in revenue.

“We’re focused on the external company, not access behind the firewall, and that means scaling to manage millions of identities, says CEO Mike Ellis when we speak by phone. “We’re all about the enterprise’s most valuable asset — the customer.”

ForgeRock’s appeal is to “go beyond single sign-on and some sort of federation and instead address a broad sweep of identity requirements”. That means understanding the many points of context as to how a person or machine might seek to access a system. The full suite includes authorisation, authentication, risk management, policy control and federation and ForgeRock uses the umbrella term, identity relationship management.

Ellis, an enterprise software veteran who has held executive roles at i2, Apple, SAP and Oracle, smells blood and an enterprise appetite for more open, modern approaches to IAM.

“Oracle and CA are our rivals but don’t scale well because they are based on multiple acquisitions and they are not well integrated,” he says. “We can be the Red Hat of identity and access management and the only open platform for identity.”

It’s a complex world and one certain to become yet more complex as the Internet of Things creates an enormous new network, and as more of us consume more services via more devices and platforms.

“Proliferation of identities is the one common element we’re trying to solve,” Ellis says. “Intel, Blue Coat, Palo Alto or whoever have great technology around the firewall, application layer or datacentre but they don’t have great insight into identity.”

The Edward Snowden revelations and subsequent discoveries about snooping have obviously made a huge splash but Ellis sees the challenge being not only to secure access but also to build deeper customer relationships.

“It’s not only NSA and RSA but a lot of the breaches that occurred show companies need to invest and learn to better understand how to interact with their customer bases.”

That environment has put ForgeRock on a fast track, more than doubling in scale every three months and with an eye on an IPO perhaps “24 months down the road”.

“This is a very big inflexion point and disruption,” Ellis says. “It’s coming right now and it’s inevitable.”


Martin Veitch is Editorial Director at IDG Connect


« Crowdsourcing Innovation: Andy Yen, Co-Founder of ProtonMail


CMO Files: Todd Krautkremer, VP Marketing, Pertino »
Martin Veitch

Martin Veitch is Contributing Editor for IDG Connect

  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?