Enterprise products are no exception, but of course much more so than is the case for consumer products, the devil is in the details. This was hit home to me by two presentations today. One was SailPoint who makes a product called Compliance IQ and the other was SOASTA whose Concerto product claims to greatly simplify the testing of Web Services and SOA applications.
To make their point, SOASTA showed a PEARL script that might be used for web service testing. There was the script, up on the screen in six point type. You couldn't read the words, but you could see six or seven levels on indentation indicating the rather deep level of nesting and therefore complexity embodied in the script. With the remaining five minutes, the demonstrator went on to graphically create a script that would then be used to test some features of Salesforce.com. He finished the job and ran the test, but I'll be darned if I could tell what the test did or how hard it would be to create in PEARL or any other scripting language.
SailPoint had just as tough a task. It needed to demonstrate that its product could "dramatically streamline and automate identity compliance processes." Imagine doing that in six minutes. Can automation help with compliance auditing? Absolutely. Can you conclusively show it in six minutes? Not even close.
I really can't say whether SOASTA is a good program. Graphical tools are sometimes great and sometimes trivial. Their idea is sound, but then there are plenty of graphical interfaces that will spit out scripts, so it's tough to say whether there's anything novel there. SailPoint seems like an interesting tool. Apparently rules based, it'll look through certain types of logs and spot out behavior that breaks policy. The question then becomes, how flexible is its policy engine and just what logs will it process?