IBM, a fan of many open-source projects, has taken a minority stake in EnterpriseDB, an open-source database that competes with Oracle and MySQL.
On Tuesday, EnterpriseDB is scheduled to announce a $10 million round of funding, with IBM taking a minority stake in the company. Existing investors Charles River Ventures, Fidelity Ventures, and Valhalla Partners led the round.
The money will be used to ramp up the company's product development and sales, according to EnterpriseDB CEO Andy Astor. Altogether, the 4-year-old company has raised $37.5 million.
EnterpriseDB makes a version of open-source database PostgreSQL that is compatible with Oracle's flagship database. The company sells it as a cheaper yet still industrial-strength alternative to Oracle and as a more robust offering than MySQL, a popular open-source database. Sun Microsystems bought MySQL for $1 billion earlier this year.
The funding highlights the viability of open-source databases in business--EnterpriseDB now has more than 200 customers and anticipates being profitable within a year, Astor said.
IBM's investment, which is somewhat unusual, signals where it sees competitive pressure.
Faced with open-source competitors to its own DB2 database, IBM in 2006 introduced a free, low-and version of DB2, although it does not publish the code publicly. Among closed-source incumbents, Oracle remains the database market leader.
IBM invested $50 million in Novell in 2003 and has made clear that it wants more than one provider of Linux support to businesses. Big Blue has bought dozens of software companies but nearly all, except open-source application server company Gluecode, are closed-source commercial companies.
Also on Tuesday, EnterpriseDB is expected to announce refreshes to its product lines, an announcement timed with the Open Source Business Conference in San Francisco.
The newly named Postgres Plus is the open-source edition of the company's product which now includes a module specifically tuned for business intelligence applications.
The high-and commercial version, called Postgres Plus Advanced Server, is now on the same code base, which means people can more easily upgrade from Postgres Plus, Astor said.
He said that the main difference between the two versions is the Oracle compatibility included in Postgres Plus Advanced Server.
Microsoft said on Friday that it has pushed back the delivery date of its SQL Server database until the third quarter of this year.
The company is planning to have a launch event, called Heroes Happen Here, on February 27 that will be a public coming-out of Windows Server 2008, Visual Studio 2008, and SQL Server 2008.
Rather than release the final product at that time, Microsoft will have a "feature complete" preview, according to a Microsoft employee blog dedicated to SQL Server.
A release candidate for SQL Server 2008 will come out in second quarter with final general availability in the third quarter, according to the blog's author, Francois Ajenstat, director of marketing for SQL Server.
The blog noted that the timing falls within Microsoft's previously stated goal of getting SQL Server 2008 out two to three years after SQL Server 2005, which itself suffered from a series of significant delays.
Despite the delays with SQL Server 2005, it has been a successful product. Market research indicates that Microsoft's database revenue is growing faster than that of rivals Oracle and IBM. Microsoft's server and tools business is one of the company's largest and fastest-growing divisions.
InfoUSA, which got a boost last year from its Super Bowl ads, is planning to bulk up its marketing database business again, the company said Wednesday.
But this time it's looking to add a little heft to its mass-mailing business with an acquisition of Direct Media, a Connecticut-based direct marketing company. The companies have signed a definitive agreement and expect to close the deal by the end of the month. Terms were not disclosed.
InfoUSA plans to take Direct Media and operate it as a wholly owned subsidiary. And apparently, InfoUSA has run this game plan before. Over the past decade, it has acquired over 40 companies and operated them as wholly owned subsidiaries, said Stormy Dean, InfoUSA's chief financial officer.
The Direct Media acquisition also feeds into InfoUSA's plans to consolidate the direct marketing industry, InfoUSA Chief Executive Vin Gupta said in a statement.
On the heels of yesterday's Steve Jobs keynote at Macworld, Apple may be the tech company that's top of mind for many readers. However, from an enterprise computing perspective, Sun Microsystem's announcement that it is acquiring MySQL is far more pertinent. News.com's Martin LaMonica summarizes the announcement thusly:
Sun Microsystems will pay $1 billion to buy MySQL, the provider of a popular open-source database.
Sun said Wednesday that it will pay about $800 million in cash for MySQL's stock and take on about $200 million worth of options. MySQL CEO Marten Mickos will join Sun's senior executive team after the transaction closes.
The acquisition is a bold move for Sun, which has embraced open-source software and development practices in an effort to garner more revenue from its software business. Until now, it has sold support services for a competing open-source database, PostgreSQL.
MySQL is one of the most successful open-source companies founded in the past five years. It's part of the popular combination of open-source development products referred to as LAMP, for Linux Apache Web server, MySQL, and the PHP development language, which is broadly used on the Internet and within companies.
Here, I wanted to focus in on one specific implication.
MySQL is the clear category leader in open-source databases; it's the "M" in the LAMP stack that also includes Linux, the Apache Web server, and the Python, Perl, and PHP scripting languages. And LAMP underpins a huge portion of the open-source software world. As a result, MySQL--like JBoss before it was acquired by Red Hat--made a nice little business of selling support subscriptions for its software. Indeed, it was one of the more successful of the more-or-less pure standalone open-source companies.
If that sounds like damning with faint praise, it is a bit. Because so few end users tend to buy support contracts relative to the number of people that use the product, pure open source has been a challenging business model for its practitioners. That's not to say that there aren't companies successfully taking such an approach, but there are no pure open-source Oracles, Microsofts, or VMwares raking in the dough.
Small software companies get bought by larger companies all the time of course. Open source or not, enterprise customers often appreciate the sort of global support that large vendors are better prepared to offer. And the ability to put together sets of products that address broad business problems is more appreciated. However, in the case of open source specifically, the fact that a large vendor can leverage open-source products to sell other software and even hardware creates far more revenue opportunities than when the only thing a company can sell is a support contract on a single piece of software.
In the Sun and MySQL case, for example, one can imagine Sun eyeing the vast population of MySQL users not so much for the opportunity to sell MySQL support contracts but as an entree for selling other Sun middleware, Solaris, and Sun hardware. One can imagine a conversation like this repeated many times: "Oh, you need better performance out of MySQL running on Linux? Of course, we're happy to help. But you might think about Solaris because we have this DTrace tool. We also have this ZFS file system. And, oh, have you heard about Thumper?"
It's not so much that there aren't workable business models around open source. But life is so much easier when those models can include pieces that people have to pay for as well.
Got OpenOffice 2.3 or prior versions? Be prepared to download a security patch.
The OpenOffice.org community has issued a patch for a "highly critical" security vulnerability in OpenOffice 2.3 and prior versions, according to a security advisory issued by Secunia on Wednesday.
A security flaw in a third party default database engine module, HSQLDB, shipped with OpenOffice 2.3 and prior versions, could allow malicious attackers to launch arbitrary code. The vulnerabilities could be exploited by manipulating the database documents processing, according to a security advisory issued by OpenOffice.org
OpenOffice.org is asking users to download OpenOffice version 2.3.1. (Download OpenOffice.org 2.3.1 for Windows from CNET Download.com.)
OpenOffice 2.3 was released last September, shortly before security researchers reported vulnerabilities in OpenOffice 2.0.4 and earlier versions. The security flaws could allow attackers to gain control of users' systems via maliciously crafted TIFF files.
The OpenOffice productivity suite is gaining in popularity with its OpenDocument file format as an alternative to Microsoft Office.
In the late 1990s, we all predicted big things around managed services. As we close 2007, we are all predicting big things for Software as a Service (SaaS). What's old is new again but this time we may be right.
Case in point, managed security. A few years ago, enterprise security professionals were too proud and too paranoid to even think about outsourcing security management. As Bob Dylan sang, "the times, they are a changin'." According to a recent ESG Research survey 50 percent of large organizations (i.e. more than 1,000 employees) are either "interested" or "very interested" in outsourcing some portion of their security management tasks.
Why the change of heart? Security is getting too complicated and one mistake could result in hundreds of millions of dollars in damages. Just ask my Massachusetts neighbor TJX. Aside from this, large organizations have grown comfortable with outsourcing operational tasks and business processes. If my organization is in an industry such as retail, financial services, or health care, why on earth should I focus valuable IT resources on security management when outside experts can do this better, faster, and cheaper than I can?
What does user demand for managed security services mean for the industry?
1. Established security management players like CSC, Symantec, and Unisys have an opportunity to really scale the business. Looking forward, ESG believes that managed security services could soon be as important to Symantec as desktop security and backup. This may mean some additional investment in data center space, global expansion, personnel, and training in the short term.
2. Cisco Systems is just getting started with managed services but this is right down Broadway for IBM and Hewlett-Packard. Little wonder why IBM has been actively acquiring security firms like ISS and announcing big risk-management initiatives. IBM and HP can also add managed security to current IT outsourcing contracts.
3. With the right investments in infrastructure, marketing, and sales, managed security presents a lot of global upside for offshore system integrators such as Infosys, Satyam, Tata, and Wipro. Security could help these guys back into other enterprise IT business opportunities.
4. This is exactly why BT bought Counterpane and Verizon Communications gobbled up Cybertrust. Juniper is also working with a number of carriers as well. Again, security services may be a Trojan Horse (pardon the term) to sell more managed network, WAN and hosted services.
5. Product vendors need services air cover. Leaders like ArcSight, CA, and EMC/RSA need to establish their own managed security services, work with third-party carriers, or team up with service specialists like EDS.
All of this impending competition is good news for large organizations as it forces service excellence and price competition. If I were the chief information-security officer at an enterprise company, I'd make a New Year's resolution to begin assessing managed security options and ROI benefits in 2008.
Requirement 3.4 in the Payment Card Industry Data Security Standard mandates that financial service and retail companies, "render Primary Account Number (PAN), at minimum, unreadable anywhere it is stored." While the PCI standard provides a number of ways to do this, most large companies equate the term "unreadable" with encryption.
So here is the rub. PAN data is stored in a bunch of places but everyone stores it in databases. I'm talking about massive databases here--think hundreds of gigabytes to terabytes of data in many cases. Now when your database gets this big, you become very sensitive to performance and latency. Applications and databases are finely tuned and business processes and reporting is based upon extremely high transaction rates. Time is literally money.
There is an absolute technology mismatch here. Encrypting database columns is often done with stored procedures and triggers. Between these database routines and cryptographic processing, you need two things, processing horsepower and time. With applications like credit card processing, these are in very short supply. Oh sure, you can add more memory and processors to a system, but these changes don't come for free and encryption throws a monkey wrench into system tuning and capacity planning.
Something has to give here. Operating systems and databases may have to provide encryption sub-routines delegated to specific cryptographic hardware shipped on every system. Encrypted columns may need to be stored on encrypted disk drives. My point is that the industry needs to look at problems like these collectively across the "IT stack" and not just on their individual domains. If you don't believe me, ask your customers.
Filemaker is betting that its new database software, Bento, will please Mac users seeking a multipurpose personal information manager. The application will ship in January 2008 for $49, or $99 for a family pack. A free test drive is available on the Web site of Filemaker, which is owned by Apple.
Bento can pool together personal and professional contacts, dates, and objects.
(Credit: Filemaker)Like the Japanese lunch box for which it's named, Bento appears to be a tidy organizer. Sorting and searching options look elegant. The software could serve a variety of purposes, such as tracking freelance work gigs, sending party invitations, plotting an exercise regime, cataloging household items, creating libraries of possessions, and even rating stores where you shop or children you might teach.
When you open Bento for the first time, appointments from iCal and contacts from Address Book will flow automatically into the program while also streaming to connected iPhones and .Mac accounts. More than 20 templates and drag-and-drop data fields serve users who don't wish to grapple with the ins and outs of managing a relational database.
Data from Bento can be saved for export as either CSV text, or in the Microsoft Excel or iWork Numbers formats. Judging by a demo with Filemaker several weeks ago, Bento's minimal interface should look familiar to Mac fans.
Macs haven't quite been known as the computer of choice for those looking to wrangle data with spreadsheets and databases. Apple iWork '08 just added the Numbers spreadsheet application, and the package still does not include database software.
For Windows, by contrast, Microsoft Office offers the complex Access database tool. But unlike Access, a heavy-duty research tool, Bento is built to manage the components of your life the way you'd juggle an iTunes library.
Bento's ticket price is $20 less than Filemaker's original plan to charge $69, but I wonder how many users will bite. iLife and iWork, after all, each cost just $79 for three or more applications per bundle. Plus, Leopard is the only operating system friendly to Bento. Still, Bento looked neat to me, and I'll give it a spin to see how well it can organize my sloppy stockpiles of digital data.
Bento enables users to add scores to database items.
(Credit: Filemaker)Over the past few years, the security industry has been a hotbed of M&A activity. The big guys swallow the small guys and independent technologies become part of integrated suites or anchor products. We saw this with identity management, e-mail security, SSL VPNs, security event management, etc.
My prediction is that we will soon see a repeat of this cycle and this time the buyout activity will center on database security tools.
Why database security? To quote the famous bank robber Willie Sutton, "because that's where the money is." Databases contain loads of private, confidential, and regulated data that needs better protection than it has today. What's more, databases are complex pieces of software that are becoming more and more exposed to the Internet through flaky Web applications. Finally, existing security tools look at network connections and database servers but not the database itself. Databases need their own customized security safeguards.
There are a whole bunch of database security companies out there, including Application Security , Guardium, Imperva, IP Locks, Lumigent, etc. These guys do everything from vulnerability scanning to auditing and each is a venture-backed start-up. If you add up all of their cumulative revenue, it is probably less than $100 million--yet these firms are attractive takeover targets. For whom? How about IBM. Armonk has tons of database, security, and compliance tools but nothing for database security and compliance.
The same scenario applies to CA. Old database management experts BMC and Quest Software would also benefit from a database security play. EMC's RSA division has security event management and database encryption products so database security and auditing would round out its offerings rather nicely. You can never count out others like Hewlett-Packard, Microsoft, Oracle or Symantec either.
Before the year ends, I see a lot of buying and selling. Database security adds a lot of value to a lot of existing products and vendors. Remember, you read it here first.
There's no phone number on the PostgreSQL.org open-source database Web site. And for EnterpriseDB CEO Andy Astor, whose company makes money from a Postgres-based product, that's been a problem.
On Tuesday, Astor's company launched a site called the EnterpriseDB Postgres Resource Center, which gives interested parties a phone number to call and, Astor hopes, other useful items.
The site's launch coincides with this week's LinuxWorld conference in San Francisco and includes a package of software tools meant to make it easier for business customers to install the open-source database. The site also offers technical information to developers.
The software package includes the Postgres database, along with a multi-operating system installer, administration tools and a text search add-on. Enterprise DB intends to offer support, training and installation services around the database.
The larger hope in setting up the site and database bundle is to create more critical mass around Postgres, Astor said.
Postgres is an enterprise-class database, but it faces competition from other database alternatives, both open-source and proprietary.
The new Web site "creates a center around which the market can develop and drive adoption of Postgres, which frankly has been slow to develop because there is nobody at the center. This is us trying to create a center," said Astor. "We hope it will become the de facto open-source database distribution."
EnterpriseDB Advanced Server, which is built on top of Postgres, will remain a separate product from the open-source distribution available on the site.
Iselin, N.J.-based EnterpriseDB has signed on about 125 customers that have bought EntepriseDB Advanced Server as a replacement for Oracle. The company has built compatibility with Oracle, the most widely used corporate database, and sells it as a enterprise-grade alternative at a fraction of the cost, according to Astor.
EnterpriseDB on Tuesday also extended its product line with a version of its database tuned specifically for large databases used in business intelligence applications.
Called GridSQL fpr EnterpriseDB Advanced Server, the product is designed for analyzing large amounts of data across several parallel servers.
Another open-source company called Greenplum has also developed a specialized edition of Postgres for high-end business business intelligence applications.
