Web Applications

By Deborah Gage  |  Posted 2007-02-16 Email Print this article Print

It's what you don't know about the security problems of operating systems and web applications that can kill you. Here are five new technologies that may change your relationship with your data.

>>Service-Oriented Architecture

The Technology
Software modules designed to be used by more than one application. Modules encapsulate a customer or a business service—like canceling an order—that automatically triggers other services, such as logging a credit in accounts receivable. The messaging protocol SOAP (Simple Object Access Protocol) is one of the ways applications pass messages so the services are carried out.

Deployment and Use
Still not widely used. However, more than 90% of companies eventually plan to implement SOA, according to Gartner.

The Vulnerability
SOA, like Web applications, can expose sensitive business information. The vendors whose applications are used in SOA infrastructures (Oracle, IBM, BEA, SAP and Microsoft, among others) still don't agree on standard ways to secure those systems, and there are several security challenges—identifying who's coming into your system, tracking files to make sure no copies are created, and encrypting data and communication channels. If, for example, the vendors agreed on how to manage decryption keys, "We could do that centrally and give a lot more teeth to security," says Scott Metzger, CIO of TrueCredit, a subsidiary of TransUnion that offers online credit reports.

What To Do
Before getting too deeply into SOA, Gartner says companies should create a governance committee of both business and technology people to figure out which services to build and how they fit into the business. They should also identify ways to create common security across all enterprise applications. The software modules should be treated, Metzger points out, "like the most sensitive fields in a database."

Senior Writer
Based in Silicon Valley, Debbie was a founding member of Ziff Davis Media's Sm@rt Partner, where she developed investigative projects and wrote a column on start-ups. She has covered the high-tech industry since 1994 and has also worked for Minnesota Public Radio, covering state politics. She has written freelance op-ed pieces on public education for the San Jose Mercury News, and has also won several national awards for her work co-producing a documentary. She has a B.A. from Minnesota State University.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters