« Basic Tenents of Network Security Defense | Main | Malware at Epidemic Levels »

Haven't posted anything about SOA Security in a bit, even though SOA Security is becoming one of the determining factors when a company chooses on their SOA solution. Also, next month ebizQ has a round table coming that's going to be all about SOA security, which you can read about/sign up right here.

I came across this fairly old blog posting from all the way back in November 12, 2007, which, in tech time, equals about a year, but the info was all about the difficulty of SOA security, which I thought was still quite relevant, and which is below.

1. SOA is all about opening up and reusing information, which often exposes monolithic and hidden applications. But the more integration points an application has, the more attack points there are.

2. SOA often relies on unsecured technologies, but as implied above, as Alex Maclinovsky puts it, there is no more security through obscurity.

3. By it's very nature, SOA must operate between multiple applications with many different security mechanisms and vulnerabilities in real time, which is sorta like having more than one wife/husband at the same time. Need I say more?

4. SOA and ROI: the most secure way to do things would be do the least important things first, then continually ramp up, most companies demand some ROI for their SOA investment, which essentially means tackling the most difficult parts first.

5. SOA is all about service architecture, which means automation, which means removing human oversight and security controls.

6. A deployed SOA solution expands the number of consumers and the number of access points, adding untold complexity to an often already overwhelmed security perimeter.

7. IAM: SOA makes identity and access management truly earn it's money, as SOA makes it so-a very difficult to figure out who to authenticate and who to authorize, i.e. the doctor for the medical records, the patient, the doctor's assistant, the nurse, the patient's kid, or the insurance company.

A pretty easy analogy would be a car, where, in the old days a car was just a car, a car that drove up and down the highways and byways, but then the SOA car comes which is a car that can splash through water and soar up into the skies, which clearly changes the safety and security profile of said car, and by the way, exactly where are our flying cars?

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3049

Posted by: Josh Fargstein at January 16, 2008 01:08 PM

Posted by: Kelvin Meeks at January 17, 2008 04:19 PM

Posted by: Peter at January 18, 2008 01:12 PM