IDEALX: Opening up trust management
Last week's Open Source Business Forum, sponsored by HassoPlatto Ventures and held in Potsdam, Germany, featured some interesting open source start-ups, who despite not having received a great deal of attention in the western hemisphere, have nonetheless developed some timely, compelling products. One that I am particularly fond of is the French company, IdealX, which is looking to introduce the disruptive benefits of an open source business model to the global IT security market with their OpenTrust platform.
OpenTrust is an open, modular platform for integrating trust into a global infrastructure using a standardized-based approach. Most of the Global 1000 are already hip to the futility of the 'silo' approach to securing business application and services. Plus, the push towards Service Oriented Architecture (SOA) driven methodologies has exposed the need to integrate and expose security functions to a potentially indeterminate number of components. In essence, the next generation of IT architecture will implicitly require better, more flexible and open platforms by default.
Trusted computing, in and of itself, is a beast of a topic that touches a lot of hot button issues surrounding identity fraud, streamlined authentication, etc. Especially, as global organizations have come to understand the necessity of more inclusive, open business processes and approaches they are faced with the Herculean task of ensuring the various levels of trust using multiple and oftentimes redundant security tools. The robust nature of doing so has created a ripe market for open, standards based technology. Closed product suites from vendors which claim to provide everything to everybody, most often prove too inflexible and expensive to scale to enterprise level requirements.
IdealX has recognized this reality and taken some serious steps towards delivering an open source trust management platform. As a solution, OpenTrust looks to meet the needs of access, exchange and applications by enabling members of its IdealX Contributing Customers Club (C3I) to contribute according to their needs. The company does take a different approach to providing access to OpenTrust source code, by restricting access to members of C3I. However, I view this as being akin to the strategy of dual licensing, where open source companies only provide the source code for the enterprise versions to paying customers. It may not be not 'pure open source,' but a balance is struck between protecting company IP and pushing out the value of an open code base to customers.
Thus far, OpenTrust has generated good traction as a choice for organizations that require some fairly large scale security infrastructure. According to the company, it has been deployed by organizations in 50 countries across the world with a total of 70.000 users. However, in order to speed future growth, the company must continue to engage local system integrator communities in addition to streamlining those critical direct & indirect revenue models associated with them. The proficiency with which IdealX does so is going to determine how well the company stacks up in the global market against larger competitors like Verisign and RSA.
IdealX will need to do an extremely efficient job of illustrating how what is currently an umbrella topic, trusted computing, directly affects the bottom line of the modern day enterprise. Their strongest value pitch might just be the value of an offshoot of the '80/20 rule' (open source provides the core 80% of functionality for just 20% percent of the price of proprietary systems). Where the 'missing' 20% is filled in through what IdealX is providing through C3I. Whatever the case, feature focus and clear differentiation needs to stay atop what looks to be a promising product roadmap.
Comments