• SPIFs enable pre-integration of standalone third-party security products, eventually enabling enterprises to construct a customized, more effective enterprise security solution architecture.
• SPIFs are nascent, but they will have a growing impact on security product purchasing decisions. Leading-edge enterprises should begin researching SPIF ecosystems.
Enterprises have long been frustrated with the lack of interoperability among their enterprise security point products. The average large enterprise uses dozens of unique commercial security products and services, with few if any of them designed to work together.
Security product integration frameworks (SPIF) have the potential to change the game. SPIFs facilitate the sharing of security-related metadata, help standalone security products and services to interoperate effectively, and ultimately improve the efficacy of enterprises’ unique security architectures.
So what is a SPIF and how can it possibly deliver on such lofty ambitions? At its core, a SPIF is a fancy message bus system, typically augmented with authentication and access control, message encryption, subscription management and limited message store. Its centralized interconnection and messaging architecture enables security products to distribute data to other products and services and receive data from them. Third-party vendors add a SPIF’s pre-built messaging client code into their own products, customizing it as needed, and voila: enterprises using a SPIF can integrate products supporting that SPIF, often in a matter of minutes. Read more of this post