More than half of the companies participating in a recent security survey said they have yet to deploy Web services beyond the firewall because of security concerns. Also, nearly all of those with Web services projects said they are using multiple standards in building their Web services security architectures.
Results of the survey of 100 senior IT executives, engineers and project managers were released today by the creator of the research, Waltham, Mass.-based identity and access management vendor Netegrity Inc.
More than three-quarters of the survey's participants are planning to use security standards in their Web services deployments, the research found. And about 40% of the respondents plan to use four or more standards, with WS-Security and SAML being the most widespread.
"If companies don't build out a cohesive strategy for Web services security that ties into the overall enterprise security infrastructure, new deployments outside the firewall will open up an entire new area of vulnerability," said Deepak Taneja, Netegrity's CTO.
Other survey findings include:
- 34% of respondents are planning to deploy one to three Web services and 32% are planning to deploy 10 or more Web services in 2004.
- 60% of companies are planning to deploy Web services as a front-end to legacy applications and nearly 50% are planning to deploy Web services to enable business-to-business applications.
- 76% of the survey participants indicated it was important to integrate Web services security with an enterprise Web access management security infrastructure.
- More than half of the respondents are using or are planning to use Microsoft's .NET architecture to build their Web services; 80% of the respondents use or plan to use application server architecture; 25% of the respondents will use three or four different types of architecture.
- Nearly 70% of the respondents plan to use SAML to deploy Web services; 70% plan to use WS-Security.