The Decline of Site Minder It’s a safe choice, because Site Minder is currently the clear leader in terms of market share. But is Site Minder really all that great? If you were an enterprise in the early 2000′s, you were smart to deploy Site Minder. In the late 90′s, the Integrity team’s pioneering work on Site Minder offered an epic improvement on home-grown SSO authentication wam software approaches. However, by 2003, the product was not too far from the product used today.
In a past life, I was a “buy side” equity analyst for a Wall Street firm. I followed a number of mergers involving Computer Associates. CA Management made their model clear to investors: buy mature products where customers are locked in and no (or very little) innovation is required. Many of these deals contribute revenue long after their expected expiration date. From that perspective, the Integrity acquisition was brilliant “strategy” (for CA…) However, if you’re a customer of CA Site minder, think back to 2003… There were no iPhones and Android would have to wait another five years to show up on the market. There were no cloud servers. Web Services meant SOAP. And the idea that Linux would replace Solaris in the enterprise seemed wildly over-optimistic. You’d think that an important enterprise security system would need an equally dramatic upgrade. Even when Site Minder was owned by Integrity, enhancements were slow to arrive. If there is a new Site Minder feature you want, or a bug to be fixed, your only recourse is to wait for a patch. Expect to wait a long time. Maybe this is good — stability is good, right? But as everyone knows, it’s hard to stand still in the tech market. Although commercial companies can get to market more quickly, these days it’s inevitable that open source software will follow. Usually it is better than the proprietary software. This is especially true for software that implements open standards, and integrates with open source products like the Apache HTTPD server. As Site Minder stood relatively still for the last decade, open source software has risen to the occasion.
At this point, its Site Minder that needs to do the catching up, as the model for authorization is no longer centralized… its federated. It’s not just one “Policy Server” for a domain that controls security for a website… but websites need to check with many authorization servers. Here is a hypothetical example: a website for the Army might need to check policies for the Army, the Dept of Defense, and other autonomous organizations. I predict Site Minder’s market share has peaked. Of course, organizations don’t want to overpay to be locked into proprietary software once there are any other options. The market for access management has gotten more competitive. Not only are there other enterprise suites (some of which are mentioned in the Forrester report linked above), there are also SaaS identity services and open source alternatives. More and more organizations are adopting central idp shibboleth authentication and authorization systems. With greater demand, prices have fallen dramatically. Lower prices have brought the technology within grasp of exponentially more organizations, thus increasing the total size of the market. Soon enough, many of Site Minder’s customers will look at the current market price for the technology, and realize they are paying far too much. It will be hard for Site Minder to adjust without destroying their current business model. Article resource:-http://www.blogster.com/thegluuserver/the-decline-of-siteminder-1