»

SOA

SOA Advisor

Expert analysis, advice and prognostications about Service Oriented Architecture and distributed computing.

RSS
All Posts | RSS

Our bloggers: Mike Kavis is a veteran Chief Architect with over 23 years of IT experience including distributed computing, SOA, BPM, data warehouse, business intelligence, and enterprise architecture. Former applications developers Rich Levin has been implementing, advising on, and writing about information technology for over 20 years, covered computer technology for CBS Radio and hosts the popular "PC Talk" show. Nicholas Petreley is a former programmer and consultant, has worked for InfoWorld, Computerworld, LinuxWorld and Network Computing World, webzines, and serves as contributing editor for CIO, focusing on SOA as a primary area of coverage.

Tue, September 02, 2008

Are you Insecure about SOA Security?

Keywords: SOA, Security, SOX, HIPAA, PCI, WS-*, Web Services, XML

Service-oriented architecture (SOA) creates tremendous opportunities for companies to integrate across departments, across systems and across enterprises. Integration can help simplify business processes, improve speed to market, allow companies to react quicker to changes in the business, and share data and services. For example, SOA architected correctly can allow an e-commerce site to integrate seamlessly with its suppliers, distributors, credit card companies and consumers. After a customer places an order, a flurry of messages is orchestrated by the system without asking for any of the users or systems to login each time.

SOA also allows companies to rejuvenate their legacy systems by abstracting certain business processes, services, or data points without having to rip out and replace these systems. Companies can leverage their existing investments in their legacy systems while building new systems that seamlessly integrate with them.

To the end users this is nirvana. To the folks in the security department, this is their worst nightmare!

Integration Side Effects

The benefits I mentioned above come with great risks in the area of security, privacy and compliance. For services to integrate easily with other services both behind and outside of the firewall, they must be discoverable and easy to translate. Many SOA implementations use Web services. Web services use WSDL (Web Service Description Language) which describes how to invoke the service. UDDI (Universal Description, Discovery, and Integration) is a standard that is commonly used with Web Services that allow services to be discovered and retrieved. Two other important standards frequently used in an SOA are XML (eXtensible Markup Language) and SOAP (Simple Object Access Protocol). XML is a self describing format that contains information about the messages in clear text while SOAP is a protocol for exchanging XML based messages and provides important information in the clear. While these standards make it easier for companies to integrate services, it also could give the keys to the kingdom away to hackers if the proper security is not in place.

Many legacy systems were never architected to be exposed to other systems, especially systems outside of the firewall. Now with SOA, hackers can get access to systems and data that they couldn't get to before, thanks to the discovery and self-describing nature of SOA.

Loading...
SOA Vendor Matrix

Find out what vendors offer the products you need.

View the Vendor Matrix »
SOA ABCs

Get up to speed on SOA.

Learn More »
Service-Oriented Architecture MarketSpace
With over 30 years' experience as a business partner to leading companies, SAP gives you a jump-start into strategic IT by providing solutions enabled for SOA that can help you transform your existing IT infrastructure into a more flexible business process platform.

 
SPONSORED LINKS
 

Webcast: SOA Brings Backend Systems into the Future, Rapidly & Successfully

Learn how the new Quad-Core AMD Opteron™ processor improves performance

The Future is Fusion. Only from AMD. Learn more

Providing Universal Search for Business

Embedding Architecture into the Organization

Renowned Engineering Institution Chooses AMD Processor-Based Servers

SAS a Leader in Forrester BI report. Click here to see evaluation.

Protect data-HP All-in-One and Disk-Based systems

Microsoft SQL Server 2008. Read Case Studies, Watch Demos, & Download for Free

The 2008 CEO Study: Implications for the CIO

HP LaserJet P4014n printer starting at $799 after $100 IS. www.hp.com

NEW HP Color LaserJet CP3525n printer starting at $699. » SHOP NOW. www.hp.com

Predict the future with HP Insight Power Manager

A new level of interoperability. Make IT Work As One@novell.com

Businesses Transform with VMware Virtualization

IT Service Management: Metrics That Matter

Download the free CIO Starter Kit to access useful resources created by top CIOs

Log onto Hitachi True Stories, films inspired by the next great achievement

Request a Novell/Microsoft deployment workshop

Strong Authentication. Secure USB data storage. One Device

Build up or Tear down? See how UC makes sense with Nortel. Calculate your UC ROI

SOA Educational Library at the TIBCO SOA Resource Center

A fresh look at the impact of customer intimacy.

Learn how to leverage virtualization for a 74% savings in TCO.

Find out how you can affordably consolidate applications with VMware.

Gap Analysis: The Case for Data Services

AMD. The Future is Fusion

Web 2.0 The New Face of the Web

Making Enterprise Architecture Work within the Organization

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Predict the future with HP Insight Power Manager

Drive Business Value with Enterprise Social Computing - whitepaper

See how IBM helped Bharti create a new business model

Read how IBM helped Hughes enhance security

HP LaserJet M3035 MFP series starting at $1,599. » SHOP NOW. www.hp.com

NEW HP Color LaserJet CM3530n MFP starting at $2,499. » SHOP NOW. www.hp.com

Affordable technology-no compromise. HP server solutions

Make IT Work As One@novell.com

Learn about the software-based VoIP solution from Microsoft

CIO Starter Kit includes useful resources created by top CIOs. Free Download>>

Rolling the dice with your security? Take the Self-Assessment Test now

Request a Novell/Microsoft deployment workshop and kit

Request a Novell/Microsoft deployment kit

Compuware.com - See how we make IT rock around the world

Discover PMI's credentials and career path tools

Learn how companies are changing how they reach out to their most profitable customers.

The Right and Wrong Master Data Management Strategies to Start Small and Grow Big

Find out why IDC thinks virtualization is changing operating environments.

Explore the impact virtualization can have on your bottom-line.

 
 
RESOURCE CENTER