**Editor’s Note: “7 Minutes” is a new feature where we ask channel executives from startups — or companies new to the Channel Partners audience — a series of quick questions about their businesses and channel programs.**
In the latest installment of our new series, we check in with Pilar Mejia of Tempered Networks. Seattle-based Tempered coined a new acronym, Identity-Defined Networking, or IDN, to describe its strategy of putting a zero-trust overlay on top of an IP (address-defined) network. Then, customer IT teams or an MSP partner decides what servers, VMs, devices or other hosts get to communicate based on identity, not just IP address. Connections may be controlled across the LAN and WAN as well as cloud-based workloads and mobile devices.
“The fundamental problem is that we must stop using IP addresses as the ‘identity’ of the things being networked,” said Mejia. “It’s a role for which the IP namespace was never intended, yet nearly all networking and security policies are based on. It’s a huge foundational flaw in internetworking architectures because IP addresses can be easily spoofed, they’re both static and dynamic, making policy management costly and enforcement unreliable and vulnerable to human error. Addresses and ports are easily discoverable by hackers, and IP conflicts are increasingly common between on-premises and public cloud resources as well as IoT nodes, which frequently breaks services or prevents organizations from leveraging public cloud. The list goes on.”
Here’s a white paper on how Tempered approaches the problem.
As Mejia discusses, the technology has clear potential to help with IoT security; for example, it could be used by a manufacturing firm to limit the nodes that can communicate with industrial equipment, or by a health care firm to keep attackers out of expensive monitoring systems. It’s also an answer for customers that have concerns over cloud or colocated workloads. The Host Identity Protocol (HIP) Services technology is compatible with most endpoint and network OSes and cloud/colo providers from AWS to Rackspace to Zen.
Channel Partners: Tell us what customers love about your product or service. What’s the secret selling sauce?
Pilar Mejia: One of the coolest things about Tempered Networks is the wide range of benefits our customers achieve depending on how they choose to utilize the solution. From a 25 percent increase in network and security team productivity to a 97 percent reduction in time to provision, besides enjoying streamlined secure networking, our customers are recognizing very real ROI for both their networking and security teams.
CP: Describe your channel program — metal levels, heavy on certifications, open or selective, unique features?
PM: Our current channel program offers…
…two flexible partnership options based on our partners’ business model. Our training is custom-built to address individual partner needs and internal objectives. The Tempered solution is truly innovative and as such we look to partner with the best and brightest organizations with the technical chops to truly maximize the solution’s business potential. We have a unique, customized approach to lead generation that provides partners with the edge needed to get into new markets while allowing them the cycles to grow their existing customer base.
CP: Quick-hit answers: Percentage of sales through the channel, number of partners, average margin. Go.
PM: 100 percent of our sales go through our more than valued channel partners. Margins vary based on partnership status and are always more than enough to keep our partners hunting for more opportunity.
CP: Who are your main competitors, and what makes your offering better?
PM: Our main competition comes from traditional solutions like VPNs, VLANs and switches, but they are not able to address the networking and security problems facing enterprises today. They are very complex, require ongoing change management and continue to get compromised by hackers. These technologies are based on spoofable IP addresses, which is the Achilles heel of networking. On the other hand, our solution uses unbreakable certificate-based machine identities instead of an IP address.
Tempered Networks believes that provable identity is the immediate and long-term future of networking. We believe we must make cryptographic, provable identity native to every connected thing. We have a huge sense of urgency surrounding this, and it drives our overall vision and product strategy. But to put this strategy into context, it’s important to understand the problem space as we see it.
We’re currently in a state of networking everything — IoT elements, microservices, public and private cloud resources, cars, wearables, medical devices, smart buildings and homes, the grid — you name it, it’s being networked. We refer to the current activities of networking everything as “Internet 2.0.” But the cost, complexity and attack vectors continue to increase exponentially with every new connected thing. It’s unsustainable and extremely dangerous.
PM: First of all, our technology road map is all about making it easy and pervasive to deploy our Host Identity Protocol (HIP) Services everywhere — to be able to extend and enforce secure networking policy for nearly every connected thing. This requires our HIPclient and HIPserver software to support as many client and server OSes as practical, like Mac, iOS, Android, Windows and the major distributions of Linux.
It also requires that our virtual appliances support and integrate with all the major hypervisors and cloud platforms such as…
…AWS, Azure, VMware, OpenStack, Zen, Google Cloud, Rackspace. We have most of the client, server, hypervisor and cloud platforms available, but we will continue to drive toward more integration, especially in regards to cloud platforms.
You will also see us working on our embedded OEM strategy over the next three years. Our HIP Services software is incredibly lightweight and can run on something as small as a first-generation Raspberry Pi. And our policy orchestration engine, “The Conductor,” can run in most virtual and cloud environments, as well as on commodity physical appliances. We’ve done this so we can make it easy and cost-effective for manufacturers of medical devices, automotive, aerospace, building automation, industrial control and even consumer manufacturers to embed provable identity in their connected “things,” while continuing to make it super easy and intuitive for users to manage.
The same is true for managed service providers, where we are a great high-value, high-profitability fit and differentiator for any next-generation MSP offering. We’re already well underway with these objectives. However, the most important thing for us over the next three years is to continue our innovation around policy orchestration and management.
Because of how many things we’re now able to unify, network, and protect within a common and extensible IDN architecture spanning any network domain, our clear priority is continuing to enable scale in terms of both manageability and enforcement performance. Expect to see significant milestones in the next 12 months.
CP: How do you expect your channel strategy to evolve over that timeframe?
PM: In addition to adding resources for MSP and OEM partners, our traditional reseller program is poised to evolve into a tiered structure to help ensure the right resources, technical certifications and marketing programs to keep up with our ever-evolving breadth of talented VARs.
CP: What didn’t we ask that partners should know?
PM: One question we often hear is, Where did you guys come from? We have an incredibly talented and seasoned executive team manning the helm. Our CEO, Jeff Hussey, was the founder and former CEO of application delivery leader F5 Networks. Revolutionizing internet architecture is in our DNA, and we have the leadership and engineering talent to bring about a transformation in network security.
Follow editor-in-chief @LornaGarey on Twitter.