Newsletter

November 22, 2000

IT Sourcing

NeoIT Brings Technology Buyers, Providers Together via E-Market

If you are in IT management and looking to find a service provider that can help your e-business initiative, you know it is not an easy task. It's extremely difficult to identify the relevant players and get objective information about them that is helpful in making an evaluation. Recognizing this, several companies have stepped forward to offer assistance to IT decision-makers seeking e-services firms. One of them is neoIT of San Ramon, Calif., founded in June 1999 with the original mission of helping to address the issues of scarce IT resources by connecting U.S. companies with developers in India.

As of August 2000, neoIT had 50 employees or "team members," with 21 of them in Bangalore, India, and 14 in the U.S. The company expects to expand to 75 full-time by year-end, and 115 by the summer of 2001, says Atul Vashistha, cofounder and CEO. Since its founding, the company has revised its strategy and is now focusing on matching buyers of technology services to qualified providers, through an online platform.

NeoIT is not a "lead generating" firm like others in this field, Vashistha says. Instead, the company is investing in rating the quality of service providers registered in its system, about 2,500 currently. It does this by researching the certifications obtained by the service provider's staff, as well as by creation of a "virtual report" when a project in its system is completed. "None of our competition is focusing on the quality of services firms," Vashistha says.

The company offers four products: neoMatching, neoSelection, newRFP and neoCollab. NeoIT's business model calls for it to charge 10% of the project's cost and to act as the intermediary between the buyer and provider. NeoIT is privately held, venture-funded, and expects to be profitable in early 2002.

Buying customers include Cardinal Health, Pyxis Corp., Lunsford Capital, Shipserv and Global Commerce Systems. NeoIT had over 400 buyers as of November. "We are not owned or invested in by any of the providers," Vashistha says.

Before founding neoIT, Vashistha was a senior vice president at Cardinal Health, a Fortune 100 company. His brother and neoIT cofounder Avinash Vashistha has over 15 years of experience in software development with companies including AT&T/Lucent, GTE and Nortel.

NeoIT argues that it can match IT buyers to providers in three weeks on average, saving time and money spent on longer searches and evaluations. The firm also maintains that competitive bidding saves buyers money, and through the neoCollab system, projects can be tracked daily through milestones. "Customers come to us to get projects done, not to find a provider," Atul Vashistha says.
www.neoit.com

Connecting: Middleware/Integration

Esker, Inc. Making Play to Tap Documents Within Legacy Systems

Granting Internet access from any device to documents in any format on any system is the mission of Esker, Inc., founded in Lyon, France, with U.S. headquarters in Stillwater, Okla.

The company recently extended its line of legacy access solutions to mobile phones, personal digital assistants, smart phones and other wireless devices using the Wireless Application Protocol (WAP), with its release of the Corridor Wireless product.

Corridor Wireless extends IBM mainframe or AS/400 applications to wireless device users by translating 3270 and 5250 data streams into Wireless Markup Language (WML) for display in wireless devices supporting WAP 1.0. Corridor is set up between the host system and the Web server so that host applications are accessible without having to be modified. Integration to the WAP environment is achieved through a WAP gateway. Corridor also supports the Wireless Transport Layer Security (WTLS) protocol.

The product's builder tool assists developers in specifying the navigation path to the host data, and offers a preview mode that can be seen in an HTML Web browser by means of an on-the-fly WML-to-HTML conversion. A standard development and deployment license for the product is $16,000.

Other products offered by Esker include: Faxgate for electronic document distribution; TunPlus for PC-to-host connectivity; SmarTerm for PC-based host access; and Persona for Web-to-host connectivity. Esker was founded in 1985 and trades on the French Stock Exchange. Revenues in 1999 were equivalent to $29.4 million, a 44% increase over 1998. The company has made several acquisitions to increase its U.S. presence.

The acquisitions included: Tuebner & Associates in 1998, the firm that developed the Faxgate and Corridor products; and Persoft in 1999, which had developed SmarTerm and Persona. In July 2000, Esker reached an agreement to acquire V-Systems, Inc., which has over 30,000 fax servers installed for Unix, Linux and Lotus notes environments. This makes Esker the fourth-largest fax server software vendor worldwide, according to market research firm International Data Corp. (IDC), Framingham, Mass.

"Esker is uniquely positioned. It has combined several acquisitions to add value to an organization that has a lot of legacy systems installed," says Darcey Fowkes, research director for Aberdeen Group, Boston.

In February 2001, Esker is planning to release the Pulse Intelligent Delivery System, a new product to help automate the flow of information from core business applications to any destination. It transforms and delivers electronic documents based on document content and user preferences. Pulse will support formats including PDF, XML or text, and be able recognize, route, transform and deliver electronic documents. The product is expected to be priced between $25,000 and $85,000.
www.esker.com

Protection: Security

Securant, Netegrity Offer Competing Security Standard Proposals

Securant Technologies and Netegrity, Inc., already rivals in the market for authentication and authorization tools, are now competing in the standards arena.

Less than a week apart, each of the companies in November announced efforts to develop an XML-based standard for Web security, intended to provide a standardized way of securing transactions even as they cross multiple Web sites based on different platforms and using different vendors' security tools.

Securant says it worked for months with partners and customers before announcing its proposal, dubbed AuthXML. Among the organizations Securant says have joined the AuthXML working group to help create the standard are: Access360, Authentify, Bowstreet, Brown University, CertCo, Check Point Software Technologies, Citrix, Deloitte and Touche, Entrust, Equifax, Internet 2 Project, McKesson, Novell, PriceWaterhouseCoopers, Royal Bank of Scotland, SAIC, Sandhill Systems, Secure Computing, Silverstream, Thomson Financial and Wave Systems Corp.

Netegrity's entry is called the Security Services Markup Language (S2ML). Netegrity credited a number of companies with helping to create S2ML, including Bowstreet, Commerce One, Jamcracker, Sun Microsystems, VeriSign and webMethods.

Each company says its proposal will allow a user's security data to be passed along as a transaction winds its way across various Web sites, providing for single sign-on and obviating the need for a user to be reauthenticated if a transaction crosses multiple vendor sites. In essence, all of a user's security privileges would travel with himor her through the life of the transaction. Each scheme is intended to work with existing security tools, so users don't need to change out existing infrastructure.

Additionally, both Securant and Netegrity plan to submit their respective proposals to relevant standards bodies, including the World Wide Web Consortium (W3C) and OASIS.

"From a goals and objective standpoint, the difference between these proposals is almost nil," says Pete Lindstrom, senior analyst with the Security Strategies Service at the Hurwitz Group consultancy, based in Framingham, Mass. There are, however, technical differences that will have to be hashed out. "They'll need to come to terms at the table of compromise to get this pushed through."

Key to seeing that happen may be companies like VeriSign and webMethods. In an apparent case of jumping the gun, Securant included both companies on its initial list of AuthXML backers. But they were not on a revised list that came out a few days later. Executives from both companies say that, while they are more familiar with S2ML, they have an interest in AuthXML and would like to see the two specifications come together.

"We want to be involved in AuthXML as well as S2ML and believe the future of this whole process is to move to one standard," says Jeremy Epstein, principal security architect at webMethods.

Warwick Ford, chief technology officer at VeriSign, voiced similar sentiments. "We haven't had the opportunity to really study or contribute to AuthXML yet, but there appears to be some overlap between that and S2ML," he says. "We'd be interested in seeing these two projects merged."

More information on the standards can be found at their respective Web sites: www.securant.com/authxml and www.s2ml.org.

Protection: Security

Open Launches a Security Console

There's another player on the scene offering a security console.

OpenService, Inc. is no startup, it's just new to the security scene. The company was founded in 1992 and operated mainly as a consulting firm, focusing on remote management of Unix and other open systems. In that capacity, Open built some tools that could analyze systems but were flexible enough to be put to other uses, says Christopher Strug, vice president of marketing for the firm, based in Westborough, Mass.

After much hand wringing, Open decided it would do best to focus its efforts on the security arena, given the tremendous need for security in the e-commerce era. The result is the SystemWatch family of security management products, targeted at large enterprises and managed service providers (MSPs). It joins security consoles from the likes of e-Security, Inc., Naples, Fla., and IBM's Tivoli unit.

SystemWatch consists of the SystemWatch Console and a series of SystemWatch Agents. Security Agents pull data from firewalls, intrusion detection systems, virtual private networks, antivirus systems, and Windows NT and Solaris operating systems. The Device Agent monitors smaller security devices, including the emerging crop of security appliances such as firewalls set up between departments in a company. Server Agents run on various types of network servers, including Web, mail and file servers.

Security Agents monitor for meaningful activity and are trained to detect patterns that represent potential security threats. The agents also perform event correlation and log data reduction while keeping an eye on the health of the underlying computer system on which the security application is running, to ensure it is operating properly. Security Agents can also take remedial action, such as shutting down or restarting a firewall as necessary, Strug says.

All agents feed data to the central SystemWatch Console, which displays them via a Web-based interface. Administrators can assign ownership of different alerts to different security personnel, effectively creating multiple views of the network from a security perspective.

The console also correlates alerts coming in from various security devices, detecting patterns of events across devices that indicate security threats. It also allows for automatic alert escalation if problems remain unresolved for too long.

In addition, SystemWatch can export data to trouble ticketing systems and other enterprise management systems, such as Hewlett-Packard's OpenView. "As security grows in importance, security managers are gaining more control over their applications," Strug says. "But security tools still have to coexist with other network and systems management tools."

About 40 to 50 organizations are already using SystemWatch, he says.

A SystemWatch Security Starter Pack, including one management console and five security agents, sells for $13,995. Additional Device Agents cost $995, while Server agents cost $1,295 and the Security Agent costs $1,795.
www.open.com

For more information on this topic in the future, register Here.