|By Rizwan Mallal||
|November 2, 2010 05:17 PM EDT||
- Select a Patented Product: Going with non-patented XML Gateway means that customers will have to replace their XML Gateways in the future yet again. Customers tend to select innovative and leading technology providers with defensible Intellectual Property (IP). They prefer to minimize their risk by avoiding trailing "me-too" technologies that continue to copy the leading patented XML Gateways.
- Conclusion: Ask for vendors patents. Forum Sentry is the only XML Gateway Appliance with a published patent (Patent #7,516,333).
- Conclusion: Review vendors' XML Gateway architecture before replacing the Cisco ACE Gateway. Don't make the same mistake twice. Cisco's architecture permitted dropping code on the Gateway that resulted in a poor security model. Other XML Gateway vendors have followed Cisco's XML Gateway architecture that permits adding custom code. IBM DataPower and Forum Sentry are the only products that do not permit arbitrary code to be dropped into their XML Gateways and stay true to the XML Gateway roles.
- Conclusion: Review vendors independent security assessment. FIPS 140-2 is the gold standard for independent security assessment. Demand certification details from vendors. Sticking an HSM crypto card into a hardware appliance and claiming FIPS certification is not sufficient. The ENTIRE XML Gateway, not just the HSM crypto card should be FIPS 104-2 certified. For any other certification, ask for the "boundary" of certification. Most vendors have never subjected their entire XML Gateway Appliance to an independent security evaluation. Forum Sentry is the only product in the industry to have achieved FIP 140-2 security certification across the entire hardware boundary.
- Conclusion: Selecting patented, industry-leading XML Gateway is paramount. This ensures that there are no functional gaps between existing and replacement products. XML Gateway companies that continue to innovate and patent their IP are more sustainable and provide broader features than vendors that follow the leaders.
- Conclusion: Select vendors that can work within your budget and time-lines. Vendors should be flexible in reducing your CapEX expense while working with your planned multi-year support and maintenance budgets. Depending on the complexity of your policies, vendors should be open to helping you with your migration costs. For a duration, you may be required to run both Cisco ACE and your new XML Gateway together while you migrate away from the ACE Gateway. Your selected XML Gateway vendor should provide pricing options to accommodate this transition process.