Saturday, March 29, 2008

More on this WAM thing

My last post generated more interest than I initially expected. I guess it's one of those dormant issues that people have come to accept because it's just how the large vendors sell their Web Access Management (WAM) products (i.e. software).

I asked a few questions in a couple of sections and P2 Security's CTO, Jeff Gresham has responded by way of a comment. For those of you reading this via the RSS Feed and don't feel like clicking through, I'll repost it here:

"Ian,

We appreciate your interest in our maXecurity product line.

The technology team at P2 Security has been deploying conventional Web Access Management solutions at medium to large enterprises for the better part of a decade. It was our experience with deployment, maintenance and compliance issues that motivated us to develop our appliance-based maXecurity solution.

With maXecurity, we have adopted a "fewer moving parts" philosophy, and have collapsed the conventional three layer architecture (web agents or proxies + policy servers + policy store) to a two layer architecture (proxy appliances + policy store). We see this as a distinct advantage in terms of hardware cost, as well as deployment and maintenance effort, all of which translate to a lower total cost of ownership for our customers. Since a maXecurity solution includes hardware, customers are not required to acquire and deploy any additional hardware or software for a policy server layer. Also, no OS-level system administrators are required to maintain Unix- or Windows-based policy servers. Between hardware and IT staff, we have observed large enterprises (with 100s of thousands of users and hundreds of protected web applications) spending millions of dollars per year on WAM policy servers. By eliminating the policy server layer, these costs can be avoided, with the resulting savings allowing customers to achieve ROI in a matter of months.

With regard to your question: "...how [do] they manage security policies when someone decides to buy more than 1 appliance," maXecurity appliances are grouped into clusters that share the same policy configuration. All policy information is maintained in a centralized LDAP policy store. Policy changes are made from any appliance, written to the policy store, and all other appliances in the same cluster will detect the changes in the policy store and enforce them locally. Any combination of maXecurity Basic (500 users), maXecurity Pro (5000 users) and maXecurity Enterprise (50000 users) appliances can make up a cluster, allowing a maXecurity infrastructure to scale from the smallest to the largest enterprise.

I hope that I've addressed your questions regarding our maXecurity product line.

Jeff Gresham
Chief Technology Officer
P2 Security LLC"

There is some truth to what he says. Of course, it doesn't mean it is any easier to manage from an overall standpoint. I maintain that it is still a point solution for those that have a specific need to address their Web Access Management problems.

No comments: