Intelligence in the network, and policies-based security measures will grow in importance and technical depth over the next several years. While much has been done at the transactional level to manage security, there are still many pockets of XML traffic that are not being scrutinized for security vulnerabilities.
But the larger threat is not about the technologies, it's about the policies and how security as a discipline is managed and maintained across an organization. You can't just look at XML content security from the network level, you need to look at it acoss all the levels, or the vulnerabilities will be discovered by someone other than those that should.
For example, a security management reference model that examines XML data from a lifecycle perspective can make comprehensive security a forethought, rather than an afterthought. What's needed are approaches to security for trusted infrastructure and proactive security management -- and identity and access management, and governance and so forth -- that reduces the amount of operational risk from top to bottom.
I suggest you find the security professionals in your organization, not just your network or IT department level. The full picture approach, not the bottom up one, is your best bet. Again, SOA will make those who maybe never worked together before, need to work together now.
Dig Deeper on Topics Archive
Related Q&A from Dana Gardner
VIrtualization, although not required for SOA, is becoming one of the most important mega trends in the data center right now. Continue Reading
Dana Gardner explains what "private cloud" datacenters are and why they are created by both large and small providers. Continue Reading
Dana Gardner describes three major business strategies for successful business intelligence. Continue Reading