Problem solve Get help with specific problems with your technologies, process and projects.

SOA security precautions

Dana Gardner discusses looking at the full picture view of a business when it comes to taking SOA security precautions.

I understand the basics of XML firewalling, but what other SOA security measures can I potentially look to take at the network level?

Intelligence in the network, and policies-based security measures will grow in importance and technical depth over the next several years. While much has been done at the transactional level to manage security, there are still many pockets of XML traffic that are not being scrutinized for security vulnerabilities.

But the larger threat is not about the technologies, it's about the policies and how security as a discipline is managed and maintained across an organization. You can't just look at XML content security from the network level, you need to look at it acoss all the levels, or the vulnerabilities will be discovered by someone other than those that should.

For example, a security management reference model that examines XML data from a lifecycle perspective can make comprehensive security a forethought, rather than an afterthought. What's needed are approaches to security for trusted infrastructure and proactive security management -- and identity and access management, and governance and so forth -- that reduces the amount of operational risk from top to bottom.

I suggest you find the security professionals in your organization, not just your network or IT department level. The full picture approach, not the bottom up one, is your best bet. Again, SOA will make those who maybe never worked together before, need to work together now.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.