Problem solve Get help with specific problems with your technologies, process and projects.

SOA security precautions

Dana Gardner discusses looking at the full picture view of a business when it comes to taking SOA security precautions.

I understand the basics of XML firewalling, but what other SOA security measures can I potentially look to take at the network level?

Intelligence in the network, and policies-based security measures will grow in importance and technical depth over the next several years. While much has been done at the transactional level to manage security, there are still many pockets of XML traffic that are not being scrutinized for security vulnerabilities.

But the larger threat is not about the technologies, it's about the policies and how security as a discipline is managed and maintained across an organization. You can't just look at XML content security from the network level, you need to look at it acoss all the levels, or the vulnerabilities will be discovered by someone other than those that should.

For example, a security management reference model that examines XML data from a lifecycle perspective can make comprehensive security a forethought, rather than an afterthought. What's needed are approaches to security for trusted infrastructure and proactive security management -- and identity and access management, and governance and so forth -- that reduces the amount of operational risk from top to bottom.

I suggest you find the security professionals in your organization, not just your network or IT department level. The full picture approach, not the bottom up one, is your best bet. Again, SOA will make those who maybe never worked together before, need to work together now.

Dig Deeper on Topics Archive

SOA, Web services security gaining priority at large enterprises SAN FRANCISCO -- All enterprises will have to find tools to secure Web services as Web-based languages, such as extensible markup language (XML) will be gradually introduced into system architectures. In a recent interview conducted at the Burton Group Catalyst conference, Chris Haddad, director of technical architecture at Midvale, Utah-based Burton Group discussed the growing use of XML gateway appliances and other tools enterprises are using to secure service interactions. "Developers today have the tools to produce Web services and there are a multitude of unmanaged, unsecured Web services inside an organization's data center and across its application landscape," Haddad said. "Companies are realizing that they have to gain control of this environment." In this Q&A, Haddad talks about the evolution of SOA, the introduction of Web services and how early adopters are choosing to secure the Web-based messages being sent between applications and systems.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.