Interview with Eugene Kuznetsov, Founder, President and CTO of DataPower Technology Inc.

Have you read the latest issue of our digital (IN)SECURE Magazine? If not, do it now.

Eugene Kuznetsov is a technology visionary who has been working to address enterprise XML issues since the late 90s. Kuznetsov founded DataPower Technology, Inc. in 1999 to provide enterprises with an intelligent, XML-aware network infrastructure to support next-generation applications. Prior to starting DataPower, Kuznetsov led the Java JIT Compiler effort for Microsoft Internet Explorer for Macintosh 4.0. He was also part of the team which developed one of the first clean room Java VM’s. This high-speed runtime technology was licensed by some of the industry’s largest technology companies, including Apple Computer. Kuznetsov holds a B.S. in electrical engineering from MIT.

Introduce DataPower. When was the company started? How did it evolve?

DataPower Technologies Inc. was founded in 1999 by myself, Eugene Kuznetsov (founder, president and CTO) and a team of MIT-trained engineers. At that early stage for XML, we had a vision to provide XML-aware networking solutions to address the performance, security and management issues around enterprises building XML-base applications and Web Services.

In 1999 DataPower developed an optimized software interpreter for XML called DGXT and then in 2000 XSLJIT, an optimized software compiler. Later in 2000 DataPower introduced the first XSLT benchmark that is now the de facto standard for measuring XML processing performance.

In 2002, DataPower introduced the worlds fastest XML processing technology called XG3, a highly optimized hardware engine. Based on that technology and in August of 2002 DataPower made available its XA35, the world’s first XML accelerator and most recently our XS40, the first wirespeed XML security gateway.

Which products and services does DataPower offer?

Two:
A) DataPower XA35 XML Accelerator
B) DataPower XS40 XML Security Gateway

DataPower is focused on the XML market. How big is the opportunity and what is the size of your target market?

The difficulty in defining, precisely, the XML Market is not surprising as it can be seen as decomposing into three broad segments: Business to Business (B2B) Integration and Web Services, Enterprise Application Integration (EAI), and Content Management. IDC forecasts that Web services-related solutions will reach more than $1.2 billion in 2003. XML & Web Services security alone, according to leading Analyst firm Zapthink, is projected to reach $4.4 billion (US) by 2006.

Which challenges do you face in the marketplace? What do you see as your advantages?

The biggest challenge is the fact that enterprises require a new approach to XML, one that simultaneously recognizes the emergence of new standards, the value of existing infrastructure investments, the organizational challenges and the performance, security and manageability impact of XML; corporations today are struggling to deal with resource constraints, diverging business goals and the requirement to assimilate new technology. Besides having the leading XML processing technology in our XG3, one of DataPower’s unique advantage is a focus on practical and pragmatic approaches to XML application development and deployments.

Your XS40 XML Security Gateway is presented as the “only available solution able to provide *full* XML Security with the wirespeed performance necessary for real-world applications”. Introduce it’s features.

The XS40 Security Gateway delivers a comprehensive set of security functions that are easy to implement across enterprise applications, including:

  • XML/SOAP Firewall – The XS40 filters traffic at production speed, with criteria based on information from layers 2 through 7 of the protocol stack; from SOAP envelope, payload size or field-level message content to IP address, hostname and port. Filters can be predefined and automatically uploaded to change security policies based on time of day or other triggers.
  • Field Level XML Security – The XS40 performs encryption/decryption and signing/verification of entire messages or of individual XML fields. Conditional security policies are based on a range of data including content, IP address, hostname or other user-defined environment variables.
  • Data Validation – With its unique ability to perform XML Schema validation as well as message validation at wirespeed, the XS40 ensures that incoming XML documents are legitimate and outgoing documents are properly structured to protect against threats such as XML Denial of Service (XDoS) attacks, buffer overflows, or crashes from deliberately or inadvertently malformed XML documents.
  • XML Web Services Access Control – The XS40 supports a variety of access control mechanisms, from XACML (eXtensible Access Control Markup Language) to RADIUS to simple client/URL maps. The XS40 can control access rights by rejecting unsigned messages and verifying signatures within SAML assertions.
  • SSL Acceleration – The XS40 scales transport layer security by accelerating SSL transactions in hardware. The XS40 can be configured with multiple SSL identities functioning as client or server, with SSL policies based on message content or metadata such as port number, HTTP header, etc.
  • Service Virtualization – The XS40 enables companies to link users to application resources without leaking information about their location or configuration. With the combined power of URL rewriting, high-performance XSL transforms and XML/SOAP routing, the XS40 can transparently map a rich set of services to protected back-end resources with the appropriate Quality of Service (QoS).
  • Centralized Policy Management – While a straightforward web-based GUI for simple rule creation allows the XS40 to be deployed securely in minutes, the XS40 uses the power of XSLT to create rules as simple or complex as required. Rules may be used to define common policies for firewalls, routing, access control, data transformation, and transport layer security across an array of applications and application servers without sacrificing performance. Manageable locally or remotely, the XS40 supports SNMP, script-based configuration and remote logging to integrate smoothly with your chosen management software.

How does the XS40 XML Security Gateway work with existing hardware like firewalls and routers?

The XS40 is an appliance and standards-based solution that can “drop into” existing networks with easy integration and interoperability. Using either the standard Command Line Interface or the Web-base GUI, the XS40 can be inserted into existing networks with minimal effort and set-up, often in as little as 2 hours.

In your opinion, what are the critical security issues that affect XML?

XML’s power and flexibility are also what cause new security issue when deploying XML-based applications and Web services. XML Web Services are designed to seamlessly connect resources above the network layer – enabling the concept of “loosely coupled but tightly contracted” applications. By their very design, they enable easy direct access to valuable backend databases and application servers and in turn, require the fine-grained control of new granular security policies above the network layer. Even those enterprises that don’t plan on joining trading networks must take precautions. Because S2S connectivity enables new application sharing inside the enterprise, policy enforcement is as strong a requirement for internal employees as it is for external partners.

Applying these new granular security policies is not trivial. XML, SOAP and other Web Services protocols rely on a human-readable text-based encoding standard that is not only inherently less secure than byte-encoded formats but also more onerous to process. Consequently, XML Web Services security mandates the use of technologies that can parse, filter and transform XML and SOAP packets at wirespeed performance levels to apply security polices down to the element level of an XML document without hindering the application itself; in other words, it can’t be a choice between performance of applications OR securing applications. Companies need both.

XML Security Gateways are one example of the XML-Aware network devices that work with existing security infrastructure to provide the key functions that are required for implementing essential XML Web Services security practices.

Does DataPower have any international growth opportunities?

DataPower first introduced its XML-aware network devices back in August of 2002 with the introduction of its XA35 XML accelerator. Along with that, DataPower announced its first XA35 customer — Hemscott, a European financial information company based in the UK. DataPower sees great opportunities in the UK and mainland Europe for both its XA35 XML accelerator and XS40 XML security gateway. It goes without saying that
XML is a global standard and cuts across all boundaries for its implementations. If a company is using or plans to use XML then chances are DataPower can help that company’s performance, security and management issues around XML.

What developments does DataPower envisage in 2003?

2003 will be a giant step forward for the use of XML and developing XML Web services, both inside and outside corporation’s traditional perimeter. As XML-aware networking continues to mature and companies like DataPower develop products that can solve XML’s inherent performance, security and management problems, then companies are going to rapidly accelerate their use of XML for mission-critical applications and begin to truly realize XML’s benefits and promise.