DEMO continued this afternoon with another spate of vendors, you guessed it, demo'ing their products. The format of DEMO is an interesting one. Each vendor gets six minutes to show off its product, and the time limit is strictly observed. If the product is intended to be used with the Internet, then that's how it's shown. If the vendor runs its program against Amazon and Amazon slows down at that moment, well tough luck. It's a very interesting format, especially for consumer products, but it's another matter for complex enterprise products.
To understand the format, you have to understand who is in the room. Essentially, there's some press, some analysts, a pile of venture capitalists and a few primarily B-to-C companies who could be customers. DEMO presenters are trying their best to get the attention of the VCs, but of course, they won't turn down some coverage from press and analysts along the way. One thing VCs look for is a solid elevator pitch. Essentially, if you can't explain your product over the course of a few floors' elevator journey, you haven't got your product idea dialed in. Or at least so the thinking goes.
Enterprise products are no exception, but of course much more so than is the case for consumer products, the devil is in the details. This was hit home to me by two presentations today. One was SailPoint who makes a product called Compliance IQ and the other was SOASTA whose Concerto product claims to greatly simplify the testing of Web Services and SOA applications.
To make their point, SOASTA showed a PEARL script that might be used for web service testing. There was the script, up on the screen in six point type. You couldn't read the words, but you could see six or seven levels on indentation indicating the rather deep level of nesting and therefore complexity embodied in the script. With the remaining five minutes, the demonstrator went on to graphically create a script that would then be used to test some features of Salesforce.com. He finished the job and ran the test, but I'll be darned if I could tell what the test did or how hard it would be to create in PEARL or any other scripting language.
SailPoint had just as tough a task. It needed to demonstrate that its product could "dramatically streamline and automate identity compliance processes." Imagine doing that in six minutes. Can automation help with compliance auditing? Absolutely. Can you conclusively show it in six minutes? Not even close.
I really can't say whether SOASTA is a good program. Graphical tools are sometimes great and sometimes trivial. Their idea is sound, but then there are plenty of graphical interfaces that will spit out scripts, so it's tough to say whether there's anything novel there. SailPoint seems like an interesting tool. Apparently rules based, it'll look through certain types of logs and spot out behavior that breaks policy. The question then becomes, how flexible is its policy engine and just what logs will it process?