« High Noon for SOA Security | Main | Los Alamos and The Network Forensic Search Engine: A Talk With Packet Analytics »

So I just signed off from ebizQ's SOA Security Roundtable, and while I missed the first 15 minutes tangling with plug-ins, and still couldn't get it to work until I simply switched from Firefox to Explorer, I certainly plan to catch up on it as soon as it becomes available on ebizQ. Altogether, I found it quite enlightening.

One of the bigger questions to come up was, Who is going to do all the work? Who has the expertise to handle both software architecture and SOA security? More often then not, there simply is no one, so the best thing to do is find someone who knows a little bit about both, and someone who wants to learn a lot in a short time, and then grow and train your own. As Gunnar Peterson said, "You really do need these people, but they're not out there."

When it comes to thinking about SOA security, all agreed that you should start thinking about it immediately. And security training should start immediately, as failure to do so means opening yourself up to vulnerabilities. As Fred Etemadieh of the Open Group interjected, The earlier you start on a project implementing security, the less costly it's going to be in the long run.

Also, everyone agreed that SOA security pretty much requires a layered approach. Or, as Andrew Brown from Amberpoint calls it, the First Mile, the Middle Mile, and the Last Mile, with each step requiring specific tools and a specific approach. I think laid out like that really indicates how essential security is to SOA and will continue to be to SOA as long as there is money to be made from worldwide wickedness on the World Wide Web.

I'll certainly have more later, so stay tuned.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3193