Sun's New Solution Push Requires Channel Play

Playing catchup to rivals such as IBM, Sun last month said it will deliver packaged solutions, product bundles and reference architectures to enable faster deployment of systems that meet requirements of the Sarbanes-Oxley Act (SOX), HIPAA and RFID, for example. The strategy will require broad channel participation as Sun attempts to push beyond its traditional telecom and finance strongholds.

"We learned some lessons and are trying to have a broader portfolio of solutions," said Vijay Sarathy, director of RFID product marketing and strategy at Sun. "We're working more with partners on services and understanding pain points of our customers."

Marc Maselli, CEO of Back Bay Technologies, a solution provider and iForce partner in Boston, said it's a good move for Sun to enlist channel partners for its targeted offerings.

"It's wise that Sun and other vendors look to position their software as a foundation for business solutions," he said. "Without [Sun] purchasing a professional services firm, as IBM did with [PricewaterhouseCoopers], it's critical they partner with firms such as ours that have true vertical orientation—in our case, insurance and financial services. Selling software on technical features only will not work."

So what's new from Sun? The company's entry-level Sun Java System RFID Tag and Ship Solution enables customers and their partners to deal with basic "slap-and-ship" requirements to comply with mandates from Wal-Mart, Target and Albertson's, as well as the U.S. Department of Defense. The solution will be priced between $40,000 and $70,000, within the range of similar offerings, a Sun spokeswoman said.

The Sun Java System Identity Auditor, an add-on to Sun's Identity Manager, helps customers comply with SOX and HIPAA mandates to implement a secure identity audit trail and provide a view of an individual's identity and system-access activities. While Sun's Identity Manager deals with system access, the Auditor enables customers to comply with the "segregation of duty" provision in SOX requiring companies to restrict access according to user roles and employment status. Pricing for the multiplatform solution starts at $250,000.

With it, customers can meet mandates requiring companies to report on and manage who has access to sensitive information, such as medical records or financial applications, said Tamara Rezler, director of product management for identity at Sun. It's also designed to provide historical data on access privileges and secure auditable evidence that these controls are in place.

"Companies have put together manual processes. They're meeting [compliance requirements]—but with duct tape and bailing wire," Rezler said. "They have put new people and processes in place that are expensive, and it's sort of working. But it's not sustainable. This is not like Y2K. These [requirements have] become part of the fabric of every business."

One large systems integrator who plans to deploy Sun's Identity Auditor said the solution will help reduce costs for customers. "The cost challenges are significant as organizations work toward achieving compliance-control objectives," said John Clark, principal of Deloitte and Touche Security Services. "Organizations need a comprehensive identity-management solution to streamline identity auditing and incorporate it in everyday business activity, which can significantly reduce audit and long-term operational costs."

Earlier this month, Sun also unveiled its Compliance and Content Management Solution, designed to help customers meet requirements for storage and archiving of electronic records imposed by SOX, HIPAA, SEC 17a-4 and Gramm-Leach-Bliley. That solution—provided with Sun ISV partner AXS-One—is sold, serviced and supported only by Sun. It combines Solaris 10, a Sun storage and file system, AXS-One software and a Web search screen for locating all electronic records, including e-mail and instant messages.