Software designers and developers are being challenged to build efficient
security measures into their project work as computing is increasingly
distributed via Web application services and service-oriented
architecture (SOA). Research recently conducted by the Ponemon
Institute and CipherOptics found that only 12 percent of IT
professionals surveyed believed that cyber-crime threats were lessening
in severity. Among the findings analyzed in their report "Network
Security 2.0," the practice of sending data in clear text over
third-party networks, the increasing presence of organized crime,
growing complexity of networks, devices and applications, and the
desire to enforce and easily manage network encryption were cited as
prevalent threats to network security... Complexity is the biggest
difference, and challenge, to developers when it comes to building
adequate security measures into Web services and an SOA, according to
BEA Systems'Systems Hal Lockhart, who co-chairs the OASIS technical
advisory board and security services technical committees. Lockhart:
"I believe SOA and SaaS 2.0 will usher in a more complex business
environment. Instead of just one organization is the customer, the
other organization is the vendor, there will be a number of
relationships around each interaction. For example, there might be
a customer, a broker, a service provider and a data provider. The
security systems will have to enforce the rules specified by the
business contracts. Building applications composed of many services
means that each service is called in many different ways by many other
services as well as directly by users. Each service will need to
consider the entire context when it is called in order to decide what
should be permitted." The development and adoption of open security
standards plays a big role in enabling organizations and IT
professionals to deal with the increasing complexity of SOA and
distributed Web application services and protect their systems and
data from criminally motivated threats. Identification and
authentication in mash-ups, which draw from a number of Web services,
often from different providers, and the development of SAML
(Security Assertion MarkUp Language) is one example that illustrates
the problems relating to increasing complexity and existing security
measures and how open standards are addressing them. CLICK HERE
No comments:
Post a Comment