More than half of the respondents (57 per cent) reported that they have deferred or slowed adoption of some SOA and Web services due to security-related issues.

"The fact that respondents are deferring SOA and Web services applications for security reasons indicates a strong collaboration between business and IT security teams. They are truly evaluating risk versus benefit to the business," said Lina Liberti, vice president for CA Security Management.

The survey also revealed that most respondents (93 per cent) believe integrating SOA and Web services security systems with their identity and access management solution is critical. However, just 43 per cent of IT executives have done so.

Similar to situation 10 years ago

"The state of SOA and Web services security is similar to what we saw with Web sites and portals about 10 years ago. As organisations rolled out Web applications, best practice security management approaches had not yet been resolved and security became a significant challenge," said Liberti. "Web services and SOA applications have experienced those same security issues, but we believe the best practice approaches implemented for Web applications apply to these application architectures as well."

The study surveyed nearly 555 IT directors or above about their position on SOA and Web services deployments and security. The respondents came from large and mid-sized enterprises representing companies headquartered in North America, Europe, Asia Pacific, plus Central and South America.