Build vs. Buy: The Argument Against Developing a Solution for Exit Point Security

Powertech Exit Point Manager for IBM i already understands these details and is backed by a team of development specialists to ensure that it’s up-to-date with the latest developments—including new IBM i exit points.

You can’t just write an application and forget about it— it needs maintenance. Just “staying current” requires the dedication and application of programming resources to maintain the exit programs each time the operating system is upgraded.

Unless you write a user interface for the exit programs (such as the one provided by Exit Point Manager for IBM i) you must manually add names or TCP/IP addresses into a data area, database file, or the program. Entering data such as TCP/IP addresses manually is extremely error-prone and confusing for non-technical operators and administrators.

With so many exit programs on the market, it’s difficult to ensure compatibility across the range. Powertech figures out what’s failing, reports it to IBM, and works with them to find a solution. In the interim, we provide suggestions or a workaround so our customers aren’t adversely affected.

With a solution like Exit Point Manager for IBM i, customers get access control (the ability to control who uses functions such as FTP or ODBC), plus advanced features such as network auditing, message alerts, transaction-level and object-level security, support for supplemental exit programs, and profile switch capabilities.

It’s usually more productive to use an existing application if a viable one is available. The cost is far lower than what it would take to develop, test, and maintain your own application.

• Testing network access is very time-consuming and setting up testing facilities can be complex. Exit Point Manager was designed and developed over many years using the experiences, knowledge, and feedback of customers and configurations around the world.
• Maintenance programming requires special personnel. Leaving the responsibility of keeping software up-to-date (and other issues) to external vendors frees internal resources for more productive activities.
• The cost of maintaining a solution used by over a thousand customers is less than developing one internally. Keeping the in-house solution up-to-date costs far more than 20% of the purchase price typically charged for maintenance (which is low in comparison to internal development).
• Keeping the personnel who developed an application is often cumbersome and expensive. And for what—maintaining code that could be outsourced to a vendor, like Powertech? We often talk to customers who have to scramble to recover from the loss of a key staff member.
• Adopting an outsourced solution achieves the separation of duties required by auditors, guaranteeing higher quality and more reliable security controls.
• Keeping people up to date with the latest security issues is expensive and difficult. It’s hard to achieve the level of knowledge a company such as Powertech has gained through daily experience with thousands of customers in a wide range of environments. But, it’s easy to purchase this collective knowledge in a product that incorporates it.

Most of these arguments also apply to the decision of building a set of auditing tools versus purchasing Powertech’s Compliance Monitor and Authority Broker. Again, why try to keep your set of tools current with each release of IBM i? And, why pore through IBM documentation trying to determine which interfaces you should audit?

We’ve talked to many customers who are considering writing and maintaining their own exit programs. Often, after we talk, they agree to try Powertech Exit Point Manager for IBM i. When you consider all of the costs and hassles of developing new solutions versus the ease of buying existing ones, it’s easy to make the smart choice.