1. Xchel Martínez Galicia
IBM Hybrid Cloud: Technical Connectivity, Integration and SOA IT Specialist
xchel@mx1.ibm.com
César Tort
Integration & Development - Key Accounts
ctort@mx1.ibm.com
March 27th, 2018
IBM DataPower - PCI Solutions
2. 2
“Stores of the future will be more
connected and experience-driven…
Data security will be a major concern”
Planet Retail
4. Confidential – Liverpool and IBM
• About PCI (Payment Card Industry)
• PCI DSS (Data Security Standard)
• Which kind of data should be protected?
• What are WebSphere DataPower Appliances?
• WebSphere DataPower and the PCI DSS “Digital Dozen”
Content
4
6. Confidential
–
Liverpool
and
IBM
6
About PCI (Payment Card Industry)
§ The PCI Security Standards Council (PCI SSC) is a global open body formed to develop, enhance,
disseminate and assist with the understanding of security standards for payment account
security.
§ The Council was founded in 2006, with American Express, Discover Financial Services, Japan Credit
Bureau International, MasterCard and Visa Inc. as founding members.
§ As of 2018, the PCI SSC lists 797 Participating Organizations around the world. IBM is one of
them!
§ Founding members have agreed to incorporate the PCI Data Security Standard (PCI DSS) as part
of the technical requirements for each of their data security compliance programs.
8. Confidential
–
Liverpool
and
IBM
8
§ For whom serves PCI DSS?
Those who work with and are associated with payment
cards. This includes: retail (e-commerce & brick & mortar),
merchants of all sizes, financial institutions, point-of-sale
vendors, and hardware and software developers who create
and operate the global infrastructure for processing
payments.
§ What is the objective to work with PCI DSS?
– Helping merchants and financial institutions understand
and implement standards for security policies,
technologies and ongoing processes that protect their
payment systems from breaches and theft of cardholder
data.
– Helping vendors understand and implement standards
for creating/maintain secure payment solutions.
§ Why is important comply with PCI DSS?
Potential liabilities
• Lost confidence, so customers go to other
merchants
• Diminished sales
• Cost of reissuing new payment cards
• Fraud losses
• Higher subsequent costs of compliance
• Legal costs, settlements and judgments
• Fines and penalties
• Termination of ability to accept payment cards
• Lost jobs (CISO, CIO, CEO and dependent
professional positions)
• Going out of business
PCI DSS (Data Security Standard)
9. Confidential
–
Liverpool
and
IBM
9
But, what is PCI DSS?
§ What is PCI DSS?
PCI DSS provides a baseline of technical and operational requirements designed to protect account
data. It includes 12 requirements, below is a high-level overview
11. Confidential
–
Liverpool
and
IBM
11
Which kind of data should be protected?
§ Where are the crown jewels?
Cardholder data refers to any information contained on a customer’s payment card. The
data is printed on either side of the card and is contained in digital format on the
magnetic stripe embedded in the backside of the card. Some payment cards store data
in chips embedded on the front side.
The front side usually has the primary account number (PAN), cardholder name and
expiration date.
The magnetic stripe or chip holds these plus other sensitive data for authentication and
authorization.
14. Confidential
–
Liverpool
and
IBM
14
What are WebSphere DataPower
Gateway Appliances?
Product Value
“Specialized purpose-built
hardened embedded network
devices that take the “hard parts”
of SOA security and integration
traditionally requiring complex and
costly software systems and
delivers them in a simple “uncrate,
rack, configure and deploy”
platform.”
Powerful and uniquely efficient message
and file oriented configuration-driven
Security and Integration platform with the
extremely low operational TCO of a true
network device.
15. Confidential
–
Liverpool
and
IBM
15
Over to 3,000 worldwide installations and
growing!
§ Used by 95% of top global insurances firms
§ SaaS providers, ASPs, regulators, etc.
§ Agencies and ministries
§ Defense and security organizations
§ Crown corporations
Insurance
Government
Banking
§ Retailers
§ Utilities, Power, Oil and Gas
§ Airlines
§ etc.
Many, many, more
§ 80% of top 100 Banks
§ Numerous regional banks and credit unions
§ SaaS providers, ASPs, regulators, etc.
16. Confidential
–
Liverpool
and
IBM
16
Over 2200
DataPower Appliance clients
§ The largest portfolio of SOA appliances
§ 80% of customers are repeat buyers
§ Appliance Innovator: leading appliance market since
2003
§ 90% of top 100 Financial Institutions are DataPower
installations
§ Broadest support for open standards and programming
models
§ Proven to accelerate time-to-market and lowers total cost
of ownership
“One of the strongest points for IBM comes from its industry-leading
experience with both SOA and appliances. Because IBM has been
in the SOA game for a long time, it has built up extensive and
pervasive SOA skills globally...IBM has developed a solid business
approach to the appliance marketplace, taking into account the
challenges of adding new members to the range, maintaining a
consistent focus and ensuring clients continue to get ongoing
value.”
~ Source: November 2012,
Lustratus Research, Inc:
A Competitive Review of SOA Appliances
Gartner reported that IBM continues to be number one in key areas
including Integration Appliances
- Source: April 2012,
“IBM Named Marketshare Leader in Middleware Software”
http://www-03.ibm.com/press/us/en/pressrelease/37376.wss
IBM DataPower Appliances Lead the Market
The Leader
in SOA Appliances
17. Confidential
–
Liverpool
and
IBM
17
• Data format & language
– JavaScript
‒ JSON
‒ JSON Schema
‒ JSONiq
‒ REST
‒ SOAP 1.1, 1.2
‒ WSDL 1.1
‒ XML 1.0
‒ XML Schema 1.0
‒ XPath 1.0
‒ XPath 2.0 (XQuery only)
‒ XSLT 1.0
‒ XQuery 1.0
• Security policy enforcement
‒ OAuth 2.0
‒ SAML 1.0, 1.1 and 2.0, SAML Token
Profile, SAML queries
‒ XACML 2.0
‒ Kerberos, SPNEGO
‒ RADIUS
‒ LDAP versions 2 and 3
‒ Lightweight Third-Party
Authentication (LTPA)
‒ Microsoft Active Directory
‒ FIPS 140-2 Level 3 (w/ optional
HSM)
‒ SAF & IBM RACF® integration with
z/OS
‒ Internet Content Adaptation Protocol
‒ W3C XML Encryption
‒ W3C XML Signature
‒ S/MIME encryption and digital
signature
‒ WS-Security 1.0, 1.1
‒ WS-I Basic Security Profile 1.0, 1.1
‒ WS-SecurityPolicy
‒ WS-SecureConversation 1.3
Supported
standards
&
protocols
• Transport & connectivity
– HTTP, HTTPS, WebSocket Proxy
– FTP, FTPS, SFTP
– WebSphere MQ
– WebSphere MQ File Transfer Edition
(MQFTE)
– TIBCO EMS
– WebSphere Java Message Service
(JMS)
– IBM IMS Connect, & IMS Callout
– NFS
– AS1, AS2, AS3, ebMS 2.0, CPPA 2.0,
POP, SMTP (XB62)
– DB2, Microsoft SQL Server, Oracle,
Sybase, IMS
• Transport Layer Security
‒ SSL versions 2 and 3
‒ TLS versions 1.0, 1.1, and 1.2
• Public key infrastructure (PKI)
‒ RSA, 3DES, DES, AES, SHA, X.509,
CRLs, OCSP
‒ PKCS#1, PKCS#5, PKCS#7, PKCS#8,
PKCS#10, PKCS#12
‒ XKMS for integration with Tivoli Security
Policy Manager (TSPM)
• Management
‒ Simple Network Management Protocol
(SNMP)
‒ SYSLOG
‒ IPv4, IPv6
• Open File Formats
‒ Distributed Management Task Force
(DMTF) Open Virtualization Format
(OVF)
‒ VMware Virtual Machine Disk Format
(VMDK)
• Web services
– WS-I Basic Profile 1.0, 1.1
– WS-I Simple SOAP Basic Profile
– WS-Policy Framework
– WS-Policy 1.2, 1.5
– WS-Trust 1.3
– WS-Addressing
– WS-Enumeration
– WS-Eventing
– WS-Notification
– Web Services Distributed Management
(WSDM)
– WS-Management
– WS-I Attachments Profile
– SOAP Attachment Feature 1.2
– SOAP with Attachments (SwA)
– Direct Internet Message Encapsulation
(DIME)
– Multipurpose Internet Mail Extensions
(MIME)
– XML-binary Optimized Packaging
(XOP)
– Message Transmission Optimization
Mechanism (MTOM)
– WS-MediationPolicy (IBM standard)
– Universal Description, Discovery, and
Integration (UDDI versions 2 and 3),
UDDI version 3 subscription
– WebSphere Service Registry and
Repository (WSRR)
18. Confidential
–
Liverpool
and
IBM
18
Internet Trusted Domain
Business
Consumer
1 B2B Partner Gateway
2 Secure Gateway
(Web Services,
Web Applications)
3 Intelligent Load
Distribution
Application
Application
System z
DMZ
4 Internal Security
5 Light Weight Integration
6 Web Service Management
7 Legacy Integration
8 Run time SOA Governance
HMC
Mobile
WebSphere DataPower - Use Cases
20. Confidential
–
Liverpool
and
IBM
20
WebSphere DataPower ideal solution for many
requirements:
▪ Build and Maintain a Secure Network
– Requirement 1: Install and maintain a firewall configuration
to protect cardholder data
– Requirement 2: Do not use vendor-supplied defaults for system
passwords and other security parameters
▪ Protect Cardholder Data
– Requirement 3: Protect stored cardholder data
– Requirement 4: Encrypt transmission of cardholder data
across open, public networks
WebSphere DataPower and the PCI DSS
“Digital Dozen” ▪ Maintain a Vulnerability Management Program
– Requirement 5: Use and regularly update anti-virus software
– Requirement 6: Develop and maintain secure systems and applications
▪ Implement Strong Access Control Measures
– Requirement 7: Restrict access to cardholder data by business
need-to-know
– Requirement 8: Assign a unique ID to each person with computer
access
– Requirement 9: Restrict physical access to cardholder data
▪ Regularly Monitor and Test Networks
– Requirement 10: Track and monitor all access to network
resources and cardholder data
– Requirement 11: Regularly test security systems and processes
▪ Maintain an Information Security Policy
– Requirement 12: Maintain a policy that addresses information
security
21. Confidential
–
Liverpool
and
IBM
Req. 12
Req. 10
Req. 7,8,9
Req. 3,4
Req. 1
21
§ Web Services (XML) - Filter on any content, metadata or network variables
§ Web Application Firewall - HTTP Protocol Filtering, Threat Protection, Cookie
Handling
§ Data Validation - Approve incoming/outgoing Web traffic, Web Services, XML at wirespeed
§ Field Level Security - WS-Security, encrypt & sign individual fields, non-repudiation
§ Encryption of transport layer - HTTP, HTTPS, SSL.
§ Anti Virus Protection - messages and attachments checked for viruses; integrates with
corporate virus checking software through ICAP protocol
§ XML Web Services Access Control/AAA - SAML, LDAP,
RADIUS, etc
§ Management & Logging - manage & track services, logging of all activities, audit.
§ Security Policy Management - security policies “universally understood” by
multiple software solutions, eases PCI certification process.
§ Easy Configuration & Management - WebGUI, CLI, IDE and Eclipse
Configuration to address broad organizational needs (Architects, Developers, Network Operations,
Security)
Req. 5
DataPower
-
Key
Functions
for
PCI
Compliance
22. Confidential
–
Liverpool
and
IBM
▪ Build and Maintain a Secure Network
– Requirement 1: Install and maintain a firewall configuration to protect cardholder data
– Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
▪ Protect Cardholder Data
– Requirement 3: Protect stored cardholder data
– Requirement 4: Encrypt transmission of cardholder data across open, public networks
▪ Maintain a Vulnerability Management Program
– Requirement 5: Use and regularly update anti-virus software
– Requirement 6: Develop and maintain secure systems and applications
▪ Implement Strong Access Control Measures
– Requirement 7: Restrict access to cardholder data by business need-to-know
– Requirement 8: Assign a unique ID to each person with computer access
– Requirement 9: Restrict physical access to cardholder data
▪ Regularly Monitor and Test Networks
– Requirement 10: Track and monitor all access to network resources and cardholder data
– Requirement 11: Regularly test security systems and processes
▪ Maintain an Information Security Policy
– Requirement 12: Maintain a policy that addresses information security
22
The PCI DSS consists of 12 requirements:
23. Confidential
–
Liverpool
and
IBM
23
▪ An important – but small – part of the DataPower
▪ Integrated multi-layer filters:
– IP-layer params (e.g., client IP address)
– SSL params (e.g., client certificate)
– Any part of HTTP header
– XPath or XML configuration files for any part of SOAP header
– XPath or XML configuration files on any part of XML payload
– First-level filter select based on service, URL, etc.
▪ Easy “point and click” XPath Filtering
▪ Enable/Disable each SOAP method using WSDL wizard
▪ Can be applied at any point in message processing
XML/SOAP Firewall
24. Confidential
–
Liverpool
and
IBM
24
Web Application Firewall
▪ URL-encoded HTTP application protection in addition to
XML Web Services firewall security
▪ Protection for static or dynamic HTML-based applications
▪ Supports browser-based clients and HTTP/HTTPS
backend servers
▪ Wizard-driven configuration
▪ Cross-site scripting and SQL Injection protection
▪ AAA framework support for web applications
▪ General name-value criteria boundary profiles for:
– Query string and form parameters
– HTTP headers
– Cookies
▪ HTML Input Conversion Maps for form processing and
handling
▪ Cookie watermarking (sign and/or encrypt)
▪ Rate limiting and traffic throttling/shaping
▪ HTTP Header stripping, injection, rewriting and
method filtering
▪ Content-type filtering
▪ Dynamic routing and load balancing
▪ Session handling policies
▪ SSL Acceleration & Termination (Link)
▪ Customizable error handling
25. Confidential
–
Liverpool
and
IBM
▪ Build and Maintain a Secure Network
– Requirement 1: Install and maintain a firewall configuration to protect cardholder data
– Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
▪ Protect Cardholder Data
– Requirement 3: Protect stored cardholder data
– Requirement 4: Encrypt transmission of cardholder data across open, public networks
▪ Maintain a Vulnerability Management Program
– Requirement 5: Use and regularly update anti-virus software
– Requirement 6: Develop and maintain secure systems and applications
▪ Implement Strong Access Control Measures
– Requirement 7: Restrict access to cardholder data by business need-to-know
– Requirement 8: Assign a unique ID to each person with computer access
– Requirement 9: Restrict physical access to cardholder data
▪ Regularly Monitor and Test Networks
– Requirement 10: Track and monitor all access to network resources and cardholder data
– Requirement 11: Regularly test security systems and processes
▪ Maintain an Information Security Policy
– Requirement 12: Maintain a policy that addresses information security
25
The PCI DSS consists of 12 requirements:
26. Confidential
–
Liverpool
and
IBM
26
DataPower: Protecting Cardholder Data
Encrypted & digitally signed Message
<Credit Card>
<Cust>Brian P. Bell</Cust>
<Encrypted CCN>
ws389maz301</Encrypted CCN>
<Credit Type>AMEX</Credit Type>
……………….
</Credit Card>
Key Functions:
Terminate SSL
Defend against XML threats
Validate XML (schema)
Authentication
Authorization
Audit/Transaction Logging
Filter data
Encrypt/Decrypt message
Digitally sign message
Mask back-end resources
Route based on content
Encrypted XML data is
delivered to the
database to the
encrypted credit card
for later use
DB2 9
Client sends credit
card information to be
stored in the database
though an supported
protocol
Response message is
sent confirming the
insertion of the
encrypted credit card
number into the
database
Response message is
received confirming
the insertion of the
encrypted credit card
number into the
database
Protocols: HTTP/s, MQ, Tibco,
JMS, FTPs, NFS, etc
Direct DB Connect
Incoming Message – data not encrypted
<Credit Card>
<Cust>Brian P. Bell</Cust>
<CreditCardNumber>
3732 955939 395500</CreditCardNumber>
<Credit Type>AMEX</Credit Type>
……………….
</Credit Card>
27. Confidential
–
Liverpool
and
IBM
▪ Build and Maintain a Secure Network
– Requirement 1: Install and maintain a firewall configuration to protect cardholder data
– Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
▪ Protect Cardholder Data
– Requirement 3: Protect stored cardholder data
– Requirement 4: Encrypt transmission of cardholder data across open, public networks
▪ Maintain a Vulnerability Management Program
– Requirement 5: Use and regularly update anti-virus software
– Requirement 6: Develop and maintain secure systems and applications
▪ Implement Strong Access Control Measures
– Requirement 7: Restrict access to cardholder data by business need-to-know
– Requirement 8: Assign a unique ID to each person with computer access
– Requirement 9: Restrict physical access to cardholder data
▪ Regularly Monitor and Test Networks
– Requirement 10: Track and monitor all access to network resources and cardholder data
– Requirement 11: Regularly test security systems and processes
▪ Maintain an Information Security Policy
– Requirement 12: Maintain a policy that addresses information security
27
The PCI DSS consists of 12 requirements:
28. Confidential
–
Liverpool
and
IBM
28
Field-level XML Security
▪ Sign, verify, encrypt & decrypt
▪ XML Encryption & XML Digital Signature at:
– Message-level
– Part-of-message or field-level
– Headers, as building block of other security
specs
▪ Field-level security configurable from the
WebGUI
▪ Verify-all option (data-driven verification of all
signatures)
▪ DataPower’s own implementation, listed in
W3C Interop matrix:
– http://www.w3.org/Signature/2001/04/05-
xmldsig-interop.html
– http://www.w3.org/Encryption/2002/02-xenc-
interop.html
– Agility for interoperability or customization
▪ Secure Attachment Processing:
– Supports the full SOAP with Attachments
specification (MIME/DIME)
– WS-Security
▪ Last-mile Security for SOA
29. Confidential
–
Liverpool
and
IBM
▪ Build and Maintain a Secure Network
– Requirement 1: Install and maintain a firewall configuration to protect cardholder data
– Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
▪ Protect Cardholder Data
– Requirement 3: Protect stored cardholder data
– Requirement 4: Encrypt transmission of cardholder data across open, public networks
▪ Maintain a Vulnerability Management Program
– Requirement 5: Use and regularly update anti-virus software
– Requirement 6: Develop and maintain secure systems and applications
▪ Implement Strong Access Control Measures
– Requirement 7: Restrict access to cardholder data by business need-to-know
– Requirement 8: Assign a unique ID to each person with computer access
– Requirement 9: Restrict physical access to cardholder data
▪ Regularly Monitor and Test Networks
– Requirement 10: Track and monitor all access to network resources and cardholder data
– Requirement 11: Regularly test security systems and processes
▪ Maintain an Information Security Policy
– Requirement 12: Maintain a policy that addresses information security
29
The PCI DSS consists of 12 requirements:
30. Confidential
–
Liverpool
and
IBM
30
DataPower Anti-Virus Protection
§ Allows messages and
attachments to be checked
for viruses
§ Integrates with corporate
virus checking software
through the ICAP protocol
§ Anti-Virus Processing Action
eases configuration and use
of
this capability
§ Includes pre-configured Host
Types (CLAM, Symantec,
Trend, Webwasher) as well as
customizability
31. Confidential
–
Liverpool
and
IBM
▪ Build and Maintain a Secure Network
– Requirement 1: Install and maintain a firewall configuration to protect cardholder data
– Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
▪ Protect Cardholder Data
– Requirement 3: Protect stored cardholder data
– Requirement 4: Encrypt transmission of cardholder data across open, public networks
▪ Maintain a Vulnerability Management Program
– Requirement 5: Use and regularly update anti-virus software
– Requirement 6: Develop and maintain secure systems and applications
▪ Implement Strong Access Control Measures
– Requirement 7: Restrict access to cardholder data by business need-to-know
– Requirement 8: Assign a unique ID to each person with computer access
– Requirement 9: Restrict physical access to cardholder data
▪ Regularly Monitor and Test Networks
– Requirement 10: Track and monitor all access to network resources and cardholder data
– Requirement 11: Regularly test security systems and processes
▪ Maintain an Information Security Policy
– Requirement 12: Maintain a policy that addresses information security
31
The PCI DSS consists of 12 requirements:
32. Confidential
–
Liverpool
and
IBM
32
Access Control
Enforce Who can access Which Web service & When
▪ Deploy as a high-speed access policy
enforcement point
▪ Modular authentication/authorization
architecture:
– x = extract-identity()
– z = extract-resource()
– zm = map-resource(z)
– y = authenticate(x); if (y = null) reject
– ym = map-credentials-attributes(y)
– allowed = authorize(ym, zm); if (!allowed) reject
– audit-and-post-processing();
▪ Identity examples include:
- WS-Security user/pass token
- SSL client certificate
- SAML assertion
- HTTP basic-auth
- Proprietary SSO cookie/token
▪ Resource examples:
- URL
- SOAP method
33. Confidential
–
Liverpool
and
IBM
33
Access Control (2)
Leading Standards and Third-party Integration Support
▪ Access control policy:
– On-board: certs, XML file [can start simple]
– Off-board: external access control servers
▪ Standards-based integration:
– LDAP (for CRL, authentication, authorization)
– RADIUS (authentication)
– XKMS (for CRL, authentication)
– SAML (consume, authentication, authorization,
produce)
– WS-Security, WS-Trust, WS-*
– Outbound SOAP or HTTP call
▪ Integration with access
management solutions:
– Tivoli Access Manager
– Tivoli Federated Identity Manager
– RSA ClearTrust
– Microsoft Active Directory
– Sun Identity Server
– Netegrity SiteMinder or TransactionMinder
– Oblix
– CA eTrust
– …others including custom integration with any
customer environment
34. Confidential
–
Liverpool
and
IBM
34
Access Control (3)
AAA Framework Diagram - Authenticate, Authorize, Audit
Extract
Identity
Extract
Resource
Authenticate
Authorize
Audit &
Accounting
SAML
WS -Security
SSL client cert
HTTP Basic -Auth
SAML assertion
Non -repudiation
Monitoring
Web Service URI
SOAP op name
Transfer amount
DataPower AAA Framework
SOAP/
XML
Message
SOAP/
XML
Message
External Access Control Server or
On -Board Policy
Map
Credentials
Map
Resource
35. Confidential
–
Liverpool
and
IBM
▪ Build and Maintain a Secure Network
– Requirement 1: Install and maintain a firewall configuration to protect cardholder data
– Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
▪ Protect Cardholder Data
– Requirement 3: Protect stored cardholder data
– Requirement 4: Encrypt transmission of cardholder data across open, public networks
▪ Maintain a Vulnerability Management Program
– Requirement 5: Use and regularly update anti-virus software
– Requirement 6: Develop and maintain secure systems and applications
▪ Implement Strong Access Control Measures
– Requirement 7: Restrict access to cardholder data by business need-to-know
– Requirement 8: Assign a unique ID to each person with computer access
– Requirement 9: Restrict physical access to cardholder data
▪ Regularly Monitor and Test Networks
– Requirement 10: Track and monitor all access to network resources and cardholder data
– Requirement 11: Regularly test security systems and processes
▪ Maintain an Information Security Policy
– Requirement 12: Maintain a policy that addresses information security
35
The PCI DSS consists of 12 requirements:
36. Confidential
–
Liverpool
and
IBM
36
Compliance = Appliance!
▪ Regulatory Compliance is an ever-growing concern for large enterprise
customers
– e.g. The Financial Services industry alone has recently had to deal with Sarbanes-Oxley, Basel II and PCI DSS
▪ In practice, compliance consists of demonstrating that your company’s
policies meet the regulations, and then “attesting” that you follow your
documented policies
– Attesting is the hard part!
▪ DataPower’s configured processing has always been labeled “policies”
▪ DataPower policies can be exported in human-readable form (XML),
thereby reducing the pain associated with attestation
– It makes an extremely difficult process much easier
▪ DataPower’s certification to a number of industry standards (FIPS 140-
2, CC EAL4 Evaluation) also makes it compliance-friendly
39. Confidential
–
Liverpool
and
IBM
39
Summary: Business Benefits
§ Key Reusable Core IT Functionality: Solves complex SOA IT service integration and
security challenges in a secure, easy to consume and extremely low TCO network device
§ Configuration Driven: All enforced policies and mediations are configuration driven, not
programmed. This significantly simplifies and reduces deployment requirements and cost
§ Flexibility: Secure, integrate, bridge and version applications without application
modification
§ Reduce Complexity: Do work “in the network” as the data flows over the wire instead of
on application servers, reducing infrastructure footprint and freeing up application servers
to run more business logic
§ Reduce Time to Market: Dramatically decrease the “time to deploy” in your environment.
Being a configuration-driven platform, most deployments are “uncrate, rack, configure
and deploy”
§ Reduce Risk: Takes the “grunt work” out of SOA application security and integration
allowing you to focus on building your business logic. “In the network” platform allows
improved security and audit capabilities without application modification
§ Lower TCO: It’s a network device. Customers’ own data has shown that DataPower
appliances can be 7X-8X less expensive to operate in the data center than software
alternatives
§ A New Approach: These are not “software pre-installed on servers”. DataPower applies
sophisticated embedded technology to solve complex IT challenges in new and novel
ways
40. 3
“I’ve been in retail for 30
years. There has been
more change in the last five
years than in the previous
25 years”
40
Andy Clarke