Wednesday, November 14, 2007
How Software Vendors Weaken Enterprise Security: Part Two
- First time I hear about XACML, but it certainly proves again that XML is doing a good job at what it does best, transfer data from one system to another.
But if big companies solve this issue (Microsoft for example) then they would loose an argument on why the customer should use their CMS together with their DMS and/or ERP, because "secure" integration is only possible between packages from the same company. I doubt they will ever do that.
I think I have several thoughts. First, if you were to look at the demographics of the Fortune 500 enterprises, you would see that Microsoft has sold software to every single one of them, Oracle has penetration in less than half and the number goes downhill from there. I guess at some level, if you want to compete with Microsoft, the one competitive advantage you will have over them is in the ability to integrate with other products. If software vendors don't leverage this fact, then they are leaving money on the table.
I can tell you that Craig Randall, Brian Huff, Laurence Hart, John Newton and others understand the importance of integration and that the world isn't just about their products where they are just a component in a larger ecosystem. They are all passionate individuals working towards common goals of eliminating user stores from their applications, supporting native binding to Active Directory and externalizing AuthZ via XACML. In fact, in the next couple of weeks, two players in the ECM space will be announcing their support for this functionality.
I would encourage all of us bloggers to not loose faith that software vendors in the ECM community aren't game to make things better, they simply are playing catch up to the rest of the world and they need our public support.